[Bug]: Websockets upgrade request: HTTP 431: Request Header Fields Too Large with big cookies

[DomasM]

Environment

• VerneMQ Version: vernemq/vernemq:latest
• OS: docker debian:11-slim
• Erlang/OTP version (if building from source):
• Cluster size/standalone: standalone

Current Behavior

I am trying to connect to verne broker from the browser via websocket using mqtt.js. Cookies are added to the Upgrade request by the browser, and these cookies are large. Connection attempt is refused with HTTP error 431. Once I delete the cookies via browser dev tools, connection succeeds.

Expected behaviour

• Connection succeeds regardless of the cookie size, OR
• Behavior and limit configuration is documented here

Configuration, logs, error output, etc.

verne config:

services:
  vernemq:
    image: vernemq/vernemq
    container_name: vernemq
    environment:
      - DOCKER_VERNEMQ_ACCEPT_EULA=yes
      - DOCKER_VERNEMQ_ALLOW_ANONYMOUS=on
    ports:
      - "1883:1883"
      - "8080:8080"
    restart: unless-stopped



request:

curl "ws://localhost:8080/mqtt" -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:123.0) Gecko/20100101 Firefox/123.0" -H "Accept: */*" -H "Accept-Language: en-US,en;q=0.5" -H "Accept-Encoding: gzip, deflate, br" -H "Sec-WebSocket-Version: 13" -H "Origin: http://localhost:5173" -H "Sec-WebSocket-Protocol: mqtt" -H "Sec-WebSocket-Extensions: permessage-deflate" -H "Sec-WebSocket-Key: sVLbEJyDhg7SuzDBjLWksQ==" -H "Connection: keep-alive, Upgrade" -H "Cookie: .AspNetCore.Cookies=chunks-2; .AspNetCore.CookiesC1=CfDJ8GvEDUoW6SJBqGmcn6iBgKXnzqDL03AnFNEfL7kbI_zuDmOi_0QTknU3zqBmN4wFoWFhoFS2T9SvqdSBlkgLLZaCVHPeqvu_aTjZORkuRNV79wb2jOGw0E3Cdj9xEzN_lrkqzQFuywX1rKxgdW7YAJyxqjqZ1IX1Ugn53z2NeB9C4nnsFSGSHQ-_s7eqtoJ7uZIL4bNJZu87DKg9ul5wNPGGbWXjOWM2TI8A0QC31bobmySUcRDFuvBiLCJ4VjjEQ5s5AB2L_Kg7nHbXNpjz1ArTEmarC6HcuZWNVVWWqks9flHKYTIxOOVr10BsLCRUaRVF5qyu9XZyeKgNffsu0X89nR1hHqbBEP-yKkbI61n-H4oB5LZko_juWOpz0npwE51s1IOpLRzTjdXHByoi3pRBcTAmOdh8Macb-mYQbNLPzF6cW_upl6QU07MhowBbJ5VmbRPK9W5Qp23M8af0_js9yK1oMaATMFFL-6TIWeqO0ewi0Wc9lW2mmJEY31bvov9XyD9lX3YZgBNARnwf1N4RH7nkD52aJ_Va7XSXq1751rX0cFQPzSh2ejMBq_3qEbb4zYyysebuoylx-9EhLpywRiyqMa88fcKE4P4s5ODlNpwekGov_CGsNmLHZTE2eZc4NGtaaj2aZsuzLEM62oaHFIFTdj2t4aop5fzJellwJW7yZh2QcRyUthCSARdpjjxk7wgvPcF0IPihZ3kbFs74-AWOzFdRL-Qb2agifDCsy0fcdFoLFwWjre8aYxVgCdgitwIdFf4wYxbC2mMqOEhDYYY57dizckdYV3wZ06xv1fRgX1qpdgWXctuPbFZpy3wmpeGNDIQqYxlOxyWb3vJfIAp2T4Buz0kIfeblsVI7p7zyBaWarkLxyPhEYfFgUyG0Dc_YT7yUW5N-ZKrg46wcSsdfyt2npAMfPv0aL2Go4Ds9eGOlyvaw-ERtrk8Kphs4RPaOAgNCh-kHa_fpTDk5SBuFMIczh5MIB8r5kYspXdtocLhrfEFCRbTToaRIWiJ4JaSOsZsjAMMAEnIh6Ixc3o6JhBNt4yxkuAFlHs0h-ShFfOe7Fhs3NHeoL5w8htev6MsC5ogMFBak-zoErlFh7WohQF2HCrQJvgFoD7V1_qXPAlvoZ5jDmXAdvMjMoA59Mn-J7ijcsK06EpdEewwUEp9G0g3xpqD5YTpZGWzqnNYJ9SLehznKSmhBWdTnbbSHTIrwobVN3IcEPRQYGIRJY9w-BtfPPhag6_nqHc6mzamdacbHhD7vk-DLFvWNRMZkoyu3TM06YoME3zIzka8qX5kHRtZ35jpLaqsOGvPlw3VLVV5vqTm6AyLb1fHKC09Y5-E03GEIHtx1TnBIw3CkANLNrymxqIjuP50RiMEFDLppOMsga0Jk_SOufrz493HoFRQ6-keAgC32NvvrevQmeSbos2rK4zi7z-8gNDyABEV9yXWo-TDyZp-wq7p-8aJjAKAViDtE3inD2hEBeneCUA42rMiBYeEKWH5a7wQRS99oJRzxShXPwN6zhlwL6b6UboJbnlqSlRVbd2WutSA3jgfwjfOdrHvLuA7lh7F3XrlT9phcLJPXjEgMdwmC7a23UvZfXohPPc8mrENc5mZw94g49XdtV8EL4rd5IjQTCJ88tA7B_stkAM2_apN5xcjcxHgUIZvsQt8l0qjoG9cBmeqiKrjoeRwVpk0jLrP0kbkuuypr59z9sIneTrX6oWlLfyJPh_e0haXFvCqJNjr7BAuKRH1Gje3pfP71jQb2HqIeT8zB8DufXFPUofWGq1_G2pkcVuVrSRiNNolzkeHkSGsohv_jJCqdelJ0H7UFl5KcFmsoddblMDA4sflYdqwMw64GavnywxCiE8-X1FMyPV_R8hSr6Bfl1VCHOhVaiHp4mJbvmixofjRSYyRA8OcW73BlCszJ6HxEj_NOqtU-eOhW98SwFm8XE1-BZYHQZIekNl3omlX_NvxCYiotqYPiclFsJenpkBBD3ibqNf_yUOlGSV6dqGCS6D2ml0yC8xk6P6nQ9_UmBvRoGlyiZUpVL13pyVNIIS-uerw9Mq4Kj63gcOFTwzCqBrOsX-SaYhDUtkj-v9Fp8h3oFMGmYa0F9GtcKrkuD5yGEGMQIcHKl9EtK8uiOAojAG1g-bSGfWoyyL1SLdfomVhQHXEcmf2zRiTOoTCSHrInPj3ijHDFqhX_5oXkZj42--pd4TxpwEtsupmLPBLaf3xsiUDWgdZgjm74FvYCQhN2zA39bWxBeO468ST8lk8f0xPoxOX9KjnNMs44wpByPWlHqvPjGGGpxiW33tA3hPr13LXQsGEPeUa0-fqYLxmIfMguEAXQQVmzxlPq-GxuRmzZDc6_IqR0_T-5nhx6vqRveY5STJmfMdDZcgwzKuAnvk6be2Uz4T-Olq-GdVZ9FLatHg_8EuM3PIjKvu1JC3aEH9bUhWp8qjicwlODdK__SeWl4YGqW3VtA05ST64ZdJjdh8oHH719pBzoWCOLPvnZPN1DrTWdax6_4UCddAJAEoL_8BKkuE5V1RFJ8TZmAPu6zophtg9KGs4Js_gl6rxjd9PG-mdPqjENikfdISCY3RdguagTgQIUvgb2kDAmw8p0l815Qd073wwltDa4sQD_0ihr02mOY3RXdX0wFCiOFyCHqeMhXIUIOwTvgvc1_kOcVAjX-IbF8UG_Gxed9uiJsV5i3kGPQNF0eKDrBj0Oys_czXP1GNwT-Px6KIquCM6BIE85Q_Q8Z0t6WcUZ4gw6lYsTccrwX0YG8fw8JsFV-9ajYPUWo5L3gkU6HHs6CzTXTXQJFkZj594VOr0NKN7S4apCMwcups4lLIvbaWddxcws-zqZwVK3CHbB7GFwif8bvrRD6SGvDe5yh3_KFxf8sly1JlFI43fcy8xVwfnMDuKhZKDD5ns_iZsP-n_6kPK2aEnQzNa0qWtSOovSH4wQU3pakEB4bo5U6vsk-B7wqynN9WFO-KA5x6jDAxmjvcoVYWKC2dg8vhomrryUy_FfnEz15ZkLGFILeR3WxkRKuGBGd3p2Ho3mA7xNpqSb9U0INP1qoNXFwngGqUumrD4bXp9nR3W3wTT7Bre4YyuNZzbExE5gTMt9Ip2osOiQ38ACfpakA45ZrPtsPUfMDT0EnaaNMdeky69v6OaUqrCBzZAn289mG3gXt4rQiIJkm5mxTqG8-uO3GdqjWGRxG21nUDHWMKCWFgGutG2eLD3XyuqyjE1M2BpA4GgAe8VWYVAQsuwdi13w535TClw6fq5hjkBFYVBAPrpT7HZb2l-06UN_8PzJwhA_muqb99zr5EpPcMxQzQftQ5I83VHXHl3pTSogaRoxjNKS0V-ob-usRyf9E0uE7oxa8-SqMFw3nvB4PzQskr0LcnDct3zVg9Qjd0tfUeoGTEQBKUA9wtsFjaaQSsbY9fTB1ZNV7wXwB2R0wAplGLt67y31e3atJpCDmfUp9IFakXhCgXEd4W7cUXcXGtOjhGhzH67U2W9YrmUff5SSLQpkXIxcC3z4oBjdQlnWToDgf5oDsKIxHlE0LTRj5qdXHyfBQbjMSZwGjXttmLK9JJsaNOuvZV67DNAqQcsrf2iq9S0NavnfpyBd3cyBLsw4oaOPOck8LHoiKGGpnZN23Koiu-br7oKDUue5tWh6wN5gEYavWhH6Gn5XgiCDiRytQzd-8HyD541umUsxw-dt73TqrbrmKx9fcZ9dmMN9Ae5AAuM3Z2SV0m033IttNw_rDBXdtMGc7IQhoFlKNgRJv8UBV5SMDGPJUQtxRTV5Fl2RaBqjIVxOoe6ufL2BJGMzzvDl56rwxf1M5eNfMcac60N8QlGgFk0M-gtxdAJ8we3Zi6EeuvTVGs7LQxee3_s9baF1Gtap8mEvw-PfhRbX8nOOxGVRDzVcq-mTtsxySdZnk4r5fK1nwdoexOHIIxb5yi4TxIP7dKLy7l86y_om1XpyqTA2qhlFOrr; .AspNetCore.CookiesC2=8v8Xq1izSq4MftPulKW7f_y1pQfsh01YXl3FyIqgrlM_ltwr4PrW5u9Fg81En7nlRJBNHJQ7q6IDQUDLJI0Cme7pM3SyKkZhuBs2K2SKXwqCyILhmfrInOnbxcRTSW-yc668iNE4IHdJPsJRpH8lViCr70JRMiPwlWT3UuxMp2Yh-ksHmfmxLXV86r-Rrp0865O3ms8OlrZe62Z9A8B1DunPXPQEvxd1Wp9g3fzJic3WK3PTFQUKPeG-3u3LEckgEbeaRXBzRrRRzx-mZhWMhxScJwqrc92HtSuXGXTvbG6NkWvngn0T0DKUWv16DSSrjwJDbwxoNVaP3-r17qa5OeziSsOGSCmB-F4h1ekROf9B6gRcpa_GhhU4ypRCzQupESDMr17M-pGQjIg06iVYS5RE1ccC_DRQhyxUGZ2Ydsz4uSsgSOui_Xc13XrleC8tbfEv8knEG54LbBivf6ZKZSD1ejdfsGYiYbwXUH4GP4af4WtwEUUpTpvOvckquoWLAIDOx6fKQfD4DHOpULvDSPrVv7zHtvxzUF18Et4XzdO01BDHXHudlexZbGU9AbvpJsXp7XKGuoRIPXUub_Be70do9EFw0Rqw1l7xVweSraMdU3YBqEanWwsG1kHKjgY4R0062qs26k9NFgbFB8XDzlZwS5XP-EE98JhL5qcWVdCofZJ1F11vsz1INVdQm1GQfWhWC7MBpUr3atKwhsnHcJtQkTn422_Ms3Ta4zbmzUVTxd5sgMqtyk0eC4zBcXI76VPzVIDx4uW-BY7NOloAdN9iWWfMheodWmovzs3ta9mihRw4hwwUNGseIUNMfQbH-CahPAaZgfM7DoZjAhSyEnAmZ6ztyDy8rbrmnhT30exzyAyUMSMiaHqy28CWmpbLUFD8vDmp8geztPY0LJ3g0CjKp8hij7Nzw-UVvfnoByfsQX29r8h4Wn9kExRzzwsUZ3rvVpW728nAyfQvnExcz5QuHAg505b7RTVx5E7GuO94NTIHv0os8aYZMDuj1i0G8lvNIo6fuHjYUZWJJ_ub7woam4-eDtUv_gxuKM_EV_UN5sAj5FUuHOcsglC44rRT959-mYsmWHtrZ65XvIai3CBX86kx7ZVqlxDIM9Puer4zzUOA0r7bDBhGcuMQ_JbLnXh4b2Jt14QDqeKhj3tljx0cE0rTW_uHZNtdNmLGBJ5IknKAV9X-urguH9CKN7cvOiPNz3gswx5a0YX0Mj9AxXyFwE-1n6q7iEQHDgjG0rhzGhfxCtVQtzY3ogRFoKoOTHZhjqOgmkcHONpSTMDijVU3ZcMWh8BWwT_KNd1DcOww0RmPK5cFwyIjQ4rwhlPd4hnEpZmfACyPjFCNnsc-2U0fINMjfEnAtXmZ_pYU7G_6XKpfqhy_ozrda7ovCFP4upZ0n2_azttAZVggsqd5dOcCOn4VcNpLUnjI9NQKBLo2oXDh9ZelNa-reSXBgAy7VJJBvfFQECO-rIAD28F3D21ZkyEbj2-eq6WQaQjf8ZRYJNWimsJl-PS5VwiHHeyfDm5CcZCzCKiEo8lUyngU1DKUzbuj0F347CYtfk0bD73f-9BQBLxb018Sx2fjVkrKi3Ytn3sQDKV7pMpshHp6XIeknCAvjOj4XGRCihee-jFXz-a12YfEL9lvGjf0ZXLYdrpZhTt8OncOrHGMukVWgDDXH6b7rbiSyQ6GZPYCJyz8wuJ0JKoYkHq7Rn4gZysV9-cZMXkwphSuoCHXjl5huXQFBJZA4iI8Yy6vilmZkC0DKBe9MG6RbOXS5OcltfPUXvEU1ZQF02d9ZEiNkJO3ZHhZENYQpOuFgZc6l7xiJcQsoI6LBWN7jLYuIVtzdddIoEk8m7avQqSpP24YvYa7ClHF9nzYTXj6ha2sjrfMkmgcohYXHPmf18mMVBsiOaVEM8VJsvA440lTj_dHPNnY4WpdAIMnKlyKkPss_E5m07xhsmrdo7APR996el1GBLYeufgSiITfWgM7gOTLxhKeqewboFFnwmxUy7qSmDo98ozZQ1ZW-ZDEDGhWyAYxlHf8zj8aYPUACiqimjaU1TiSvav084u5_Pbf-G4f5RRDHJR_3ja9ZV_4sOTTbcjjQUB9YKMiptynm2fIjqEETgq_tGKg36J8w--Op3IePMIGJ_-znMuhiFu_O2RvPR1LxZ_oPSbXfn0ZY6sahNjfhVZrLG8mEt1jOc6oTuy7s7KQfdHh0F0pARJDd2wcCwffe34rxcLrh97_NnzGpWC7vUu0vZxask9gJgagFsLAiJWfvaDDNtDZka58gAT2ZMay1j0opwnViM98UfbYtdCxTK3mkMkajmywip47WZzUzH4chqAj1Kgj2ze7RneXXnICt63hfOjsLI-v18E_jDQRAPnvuZYlMSZaAbUhl_MYLfIGdiItFiiEL9egxQoCSVqzfba5wLaJXaW5DmmUWV-ETxx5oSYOd2gQ9lhRZJRdo9grOIq0kpGk8T23V1l4vjmIWgv-qX2fnHbh5zB_oP43v1P2zW2ZY4ugsdc3Fpct0CJ1KWi5DNawmQuAVrKdACtGWzoOzQ_zDZq_OivMspvUtyA5xfwMau5MpGoM2s6zoHgZDWOE31Xi2lxnD4vDTxGVpbGyLdZravqQHzYewjYmLkWoWJp6bS3wpqfyL3TcLJuesXR9mEilLCv0dtpV_rkS_-WPVStVUuALeuS71JnMbRZZWuPtTYL4I27syLcZv48Jwyi16keWlfvQfS1g5ePLxhm2aI-Wi5FWK9yp2HMab2B8b5uExQ3Omr1vDPatEY0aUQZKaRhrQYg" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: websocket" -H "Sec-Fetch-Site: same-site" -H "Pragma: no-cache" -H "Cache-Control: no-cache" -H "Upgrade: websocket"


response:

HTTP/1.1 431 Request Header Fields Too Large
connection: close
content-length: 0

Code of Conduct

• I agree to follow the VerneMQ's Code of Conduct

[ioolkos]

@DomasM Thanks. Can you try setting max_request_line_length in vernemq.conf?

listener.tcp.default.max_request_line_length=16500 (whatever length you might seem to need)
Set this for your named listener where you'll need it. (adapt default to your listener name)

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

[DomasM]

@ioolkos Thank you for help. I'm not sure what's my listener name, but anyway vernemq would not start with such setting, saying that it does not exist and suggesting listener.http.default.max_request_line_length, which I tried but it seems that did not change anything in actual behaviour, i.e. still 431.

vernemq  | 2024-03-15T11:42:36.795012+00:00 [error] You've tried to set listener.tcp.default.max_request_line_length, but there is no setting with that name.
vernemq  | 2024-03-15T11:42:36.795098+00:00 [error] Did you mean one of these?
vernemq  | 2024-03-15T11:42:36.891103+00:00 [error] listener.http.$name.max_request_line_length
vernemq  | 2024-03-15T11:42:36.891199+00:00 [error] listener.https.$name.max_request_line_length
vernemq  | 2024-03-15T11:42:36.891270+00:00 [error] listener.tcp.$name.max_connection_lifetime
vernemq  | 2024-03-15T11:42:36.893026+00:00 [error] Error generating configuration in phase transform_datatypes
vernemq  | 2024-03-15T11:42:36.893124+00:00 [error] Conf file attempted to set unknown variable: listener.tcp.default.max_request_line_length
vernemq exited with code 0

[ioolkos]

@DomasM Thanks a lot for testing!
The config is obviously only for HTTP listeners, sorry about that.
There's additional options for Cowboy/Ranch connections:
https://github.com/ninenines/cowboy/blob/3ea8395eb8f53a57acb5d3c00b99c70296e7cdbd/doc/src/manual/cowboy_http.asciidoc#L31
Those are currently not exposed in the vernemq.conf file like max_request_line_length.

A workaround is to update the max_header_value_length option dynamically in a VerneMQ shell. (sudo vernemq attach, when done detach with ctrl+g and then at the user switch q).
Example for a HTTP listener running on 127.0.0.1:8888. The listener does not have to be restarted, it is updated live:

Opts = ranch:get_protocol_options({{127,0,0,1}, 8888}).
NewOpts = maps:put(max_header_value_length, 8192, Opts).
ranch:set_protocol_options({{127,0,0,1}, 8888}, NewOpts).

You could at least use this to test whether this really is about that specific setting. The default value for max_header_value_length is 4096.

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

[DomasM]

@ioolkos Thank you again. I tried as suggested and while setting cowboy options seems to work, further requests still end with 431.
Additionally, as you can see initial max_header_value_length is 8192, while my cookie size is about 6700, so it should still pass?
https://github.com/ninenines/cowboy/blob/3ea8395eb8f53a57acb5d3c00b99c70296e7cdbd/src/cowboy_http.erl#L677

Opts = ranch:get_protocol_options({{127,0,0,1}, 8888}).
#{connection_type => supervisor,
  env =>
      #{dispatch =>
            [{'_',[],
                  [{[<<"metrics">>],[],vmq_metrics_http,[]},
                   {[<<"api">>,<<"v1">>,'...'],[],vmq_http_mgmt_api,[]},
                   {[<<"status.json">>],[],vmq_status_http,[]},
                   {[<<"status">>],
                    [],cowboy_static,
                    {priv_file,vmq_server,"static/index.html"}},
                   {[<<"status">>,'...'],
                    [],cowboy_static,
                    {priv_dir,vmq_server,"static"}},
                   {[<<"health">>],[],vmq_health_http,[]},
                   {[<<"api">>,<<"v2">>,command],[],vmq_http_v2_api,[]},
                   {[<<"restmqtt">>,<<"api">>,<<"v1">>,<<"publish">>],
                    [],vmq_http_pub,
                    [{publish_fun,#Fun<vmq_reg.17.40855500>}]}]}]},
  max_header_value_length => 8192,
  opts =>
      [{max_connections,10000},
       {nr_of_acceptors,10},
       {config_mod,vmq_http_config},
       {config_fun,config},
       {max_request_line_length,63000},
       {http_modules,"[]"},
       {listener_name,"default"},
       {proxy_protocol,false}]}
(VerneMQ@192.168.16.2)2> NewOpts = maps:put(max_header_value_length, 62999, Opts).
#{connection_type => supervisor,
  env =>
      #{dispatch =>
            [{'_',[],
                  [{[<<"metrics">>],[],vmq_metrics_http,[]},
                   {[<<"api">>,<<"v1">>,'...'],[],vmq_http_mgmt_api,[]},
                   {[<<"status.json">>],[],vmq_status_http,[]},
                   {[<<"status">>],
                    [],cowboy_static,
                    {priv_file,vmq_server,"static/index.html"}},
                   {[<<"status">>,'...'],
                    [],cowboy_static,
                    {priv_dir,vmq_server,"static"}},
                   {[<<"health">>],[],vmq_health_http,[]},
                   {[<<"api">>,<<"v2">>,command],[],vmq_http_v2_api,[]},
                   {[<<"restmqtt">>,<<"api">>,<<"v1">>,<<"publish">>],
                    [],vmq_http_pub,
                    [{publish_fun,#Fun<vmq_reg.17.40855500>}]}]}]},
  max_header_value_length => 62999,
  opts =>
      [{max_connections,10000},
       {nr_of_acceptors,10},
       {config_mod,vmq_http_config},
       {config_fun,config},
       {max_request_line_length,63000},
       {http_modules,"[]"},
       {listener_name,"default"},
       {proxy_protocol,false}]}
(VerneMQ@192.168.16.2)3> ranch:set_protocol_options({{127,0,0,1}, 8888}, NewOpts).
ok
Opts2 = ranch:get_protocol_options({{127,0,0,1}, 8888}).
#{connection_type => supervisor,
  env =>
      #{dispatch =>
            [{'_',[],
                  [{[<<"metrics">>],[],vmq_metrics_http,[]},
                   {[<<"api">>,<<"v1">>,'...'],[],vmq_http_mgmt_api,[]},
                   {[<<"status.json">>],[],vmq_status_http,[]},
                   {[<<"status">>],
                    [],cowboy_static,
                    {priv_file,vmq_server,"static/index.html"}},
                   {[<<"status">>,'...'],
                    [],cowboy_static,
                    {priv_dir,vmq_server,"static"}},
                   {[<<"health">>],[],vmq_health_http,[]},
                   {[<<"api">>,<<"v2">>,command],[],vmq_http_v2_api,[]},
                   {[<<"restmqtt">>,<<"api">>,<<"v1">>,<<"publish">>],
                    [],vmq_http_pub,
                    [{publish_fun,#Fun<vmq_reg.17.40855500>}]}]}]},
  max_header_value_length => 62999,
  opts =>
      [{max_connections,10000},
       {nr_of_acceptors,10},
       {config_mod,vmq_http_config},
       {config_fun,config},
       {max_request_line_length,63000},
       {http_modules,"[]"},
       {listener_name,"default"},
       {proxy_protocol,false}]}

[ioolkos]

Hm, okay. What listeners do you have running (vmq-admin listener show), and is port 8888 really where you have that listener running?

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

[DomasM]

I suppose. Tried setting cowboy options for 8080, but it complained.

Opts = ranch:get_protocol_options({{127,0,0,1}, 8080}).
** exception error: bad argument
     in function  ets:lookup_element/3
        called as ets:lookup_element(ranch_server,{proto_opts,{{127,0,0,1},8080}},2)
        *** argument 2: not a key that exists in the table
     in call from ranch_server:get_protocol_options/1 (/opt/vernemq/_build/default/lib/ranch/src/ranch_server.erl, line 168)

$ vmq-admin listener show
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| type   | status  | address      | port  | mountpoint | max_conns | active_conns | all_conns |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| http   | running | 127.0.0.1    | 8888  |            | 10000     | 0            | 0         |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| mqtt   | running | 192.168.16.2 | 1883  |            | 10000     | 4            | 4         |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| mqttws | running | 192.168.16.2 | 8080  |            | 10000     | 0            | 0         |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| http   | running | 192.168.16.2 | 8888  |            | 10000     | 0            | 0         |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+
| vmq    | running | 192.168.16.2 | 44053 |            | 10000     | 0            | 0         |
+--------+---------+--------------+-------+------------+-----------+--------------+-----------+

[ioolkos]

You don't have a listener {{127,0,0,1}, 8080}, you have {{192,168,16,2}, 8080}.

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

[ioolkos]

@DomasM were you able to make this work?

Do you think we should expose the max_header_value_length in vernemq.conf? or to re-word the question: do you think the cookie size you used here should be within a "normal" size window?

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

[DomasM]

Hi, I will be back to work tomorrow. Good catch regarding ip, I saw that setting from vernrmq.conf has been applied to cowboy, so didn't check any further. Rrgarding header size - I think this propery should be exposed, and possibly different default vale used, as there is very little value added by broker by limiting cookie size. Cookie might easily come from quite a different part of the application than mqqt connection initialization, and cookie size might differ from one user to another, or as time passes, thus causing seemingly unrelated issues for connection via websocket.

…

On Mon, Mar 18, 2024, 15:28 ioolkos ***@***.***> wrote: @DomasM <https://github.com/DomasM> were you able to make this work? Do you think we should expose the max_header_value_length in vernemq.conf? or to re-word the question: do you think the cookie size you used here should be within a "normal" size window? ------------------------------ 👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq 👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription. — Reply to this email directly, view it on GitHub <#2267 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADG3FPVOIZUBN32G7XYGHNDYY3TX5AVCNFSM6AAAAABEWSFNFOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDAMBTHEYDKNJXHE> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[DomasM]

@ioolkos I finally got it working by setting max_header_value_length for the correct listener. IP address of the listener changes from run to run, so the steps current solution is:

1. Modify vernemq.conf file with listener.http.default.max_request_line_length=63000
2. Run vernemq
3. Run vmq-admin listener show and notice which ip address and port is used for mqttws listener
4. Set options for cowboy/ranch with these IP address and port values.

Address = {192,168,32,2}.
Port = 8080.
Opts = ranch:get_protocol_options({Address, Port}).
NewOpts = maps:put(max_header_value_length, 62999, Opts).
ranch:set_protocol_options({Address, Port}, NewOpts).

To have this working more properly maybe some copy-paste from #2161 would be enough to map max_header_value_length property too?

[ioolkos]

@DomasM yes, same approach. In addition, we'd likely need to grab and apply the setting in vmq_ranch_config module where we set the protocol_opts.

---

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.