Hi,
I’m running HiveMQ Edge [2025.13] in a Docker container and trying to connect it to a HiveMQ Cloud Free Edition instance on AWS (<cluster_id>.s1.eu.hivemq.cloud). However, I am unable to complete the connection successfully.
My first challenge is that I cannot find any documentation that matches the current UX in [2025.13] exactly — neither in GitHub nor in the HiveMQ Edge Docs.
I have tried multiple configurations for the Client ID field, but regardless of what I enter, the bridge status remains “disconnected”, and I see the following error:
com.hivemq.client.mqtt.exceptions.ConnectionFailedException: io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: connection was closed during handshake
Caused by: io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: connection was closed during handshake
at com.hivemq.client.internal.mqtt.handler.websocket.MqttWebsocketHandshakeHandler.channelInactive(MqttWebsocketHandshakeHandler.java:115)
...
at java.base/java.lang.Thread.run(Unknown Source)
Additional details:
Do you have any idea what I might be doing wrong?
Hello @gebinger ,
Thank you for the outreach - we would be happy to help!
To start with, most typically this Client ID section is user-defined, and functions as a unique identifier for the MQTT clients that will be utilized by the client and broker to identify this particular client instance.
Based on the error provided, I do not believe this to be related, as the error indicates that the connection was terminated during the handshake event, likely relating this behavior to TLS negotiation on the connect attempt.
To dive in a bit deeper, I’d ask to confirm the current TLS configuration options set for your HiveMQ Edge deployment - if possible, copying the current HiveMQ Edge config.xml file, stored within the conf folder of your installation directory, within this thread would be great and allow us to see the full configuration for additional troubleshooting. Please feel free to obfuscate any potentially sensitive information, such as credentials or URLs.
Additionally, I would recommend ensuring the TLS-SNI is enabled, for which our article here provides some more detailed instructions : https://hivemq.atlassian.net/wiki/x/MgDms.
Best,
Aaron from the HiveMQ Team
Hi Franz, regarding config.xml:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
1
1883
0.0.0.0
2442
0.0.0.0
1000
discard
true
true
2
true
5
4294967296
4294967295
true
true
65535
true
268435460
10
false
false
30
false
false
false
23
1
-1
65535
65535
10000
0
false
true
true
true
in-memory
${mycloudconnectid}
8883
${Cluster ID}.s1.eu.hivemq.cloud
${myclientid}
true
3600
60
${myusername}/username>
${mypassword}
true
/mqtt
mqtt
true
10
false
false
1
true
true
8080
0.0.0.0
2048
HiveMQ-Edge
HiveMQ-Edge-Api
30
2
false
false
false
true
true
regarding ngrok
ERROR: failed to start tunnel: You must add a credit or debit card before you can use TCP endpoints on a free account. We require a valid card as a way to comat abuse and keep the internet a safe place. This card will NOT be charged.
ERROR: Add a card to your account here: ngrok — Log in
ERROR:
ERROR: ERR_NGROK_8013
ERROR: ERR_NGROK_8013 | ngrok documentation
ERROR:
I would like to avoid this 
Which port are you using, 8883 or 8884? WebSocket is 8884 (TLS required as well), 8883 is no WebSocket (TLS required)
Hello @gebinger ,
Thank you for the follow-up!
It looks like you’ve posted the contents of the XML via a web browser, or another application that attempted to parse it. To review this file, you will need to open the config.xml via a text or a code editor, or by attaching the file here.
Best,
Aaron from the HiveMQ Team
Hi, sorry, I was blocked after the post regarding ngrok.
I use Azure IoT Edge as a host and run HiveMQ Edge in a container, because for our use case we also need the Azure Device Update Service. Since port 8883 is already used by Azure IoT Edge, I mapped HiveMQ Edge’s 8883 to 8884, but maybe that wasn’t a good idea. I’ve now changed it to 7883.
Sorry, to quick … here in xml format … files I can’t attached here.
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<hivemq xsi:schemaLocation="config.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<config-version>1</config-version>
<mqtt-listeners>
<tcp-listener>
<port>1883</port>
<bind-address>0.0.0.0</bind-address>
</tcp-listener>
</mqtt-listeners>
<mqtt-sn-listeners>
<udp-listener>
<port>2442</port>
<bind-address>0.0.0.0</bind-address>
</udp-listener>
</mqtt-sn-listeners>
<mqtt>
<queued-messages>
<max-queue-size>1000</max-queue-size>
<strategy>discard</strategy>
</queued-messages>
<retained-messages>
<enabled>true</enabled>
</retained-messages>
<wildcard-subscriptions>
<enabled>true</enabled>
</wildcard-subscriptions>
<quality-of-service>
<max-qos>2</max-qos>
</quality-of-service>
<topic-alias>
<enabled>true</enabled>
<max-per-client>5</max-per-client>
</topic-alias>
<message-expiry>
<max-interval>4294967296</max-interval>
</message-expiry>
<session-expiry>
<max-interval>4294967295</max-interval>
</session-expiry>
<subscription-identifier>
<enabled>true</enabled>
</subscription-identifier>
<shared-subscriptions>
<enabled>true</enabled>
</shared-subscriptions>
<keep-alive>
<max-keep-alive>65535</max-keep-alive>
<allow-unlimited>true</allow-unlimited>
</keep-alive>
<packets>
<max-packet-size>268435460</max-packet-size>
</packets>
<receive-maximum>
<server-receive-maximum>10</server-receive-maximum>
</receive-maximum>
</mqtt>
<mqtt-sn>
<predefined-topics/>
<allow-empty-client-identifier>
<enabled>false</enabled>
</allow-empty-client-identifier>
<discovery>
<enabled>false</enabled>
<broadcast-addresses/>
<discovery-interval-seconds>30</discovery-interval-seconds>
</discovery>
<allow-anonymous-publish-minus-one>
<enabled>false</enabled>
</allow-anonymous-publish-minus-one>
<allow-waking-ping-session-hijack>
<enabled>false</enabled>
</allow-waking-ping-session-hijack>
<topic-registrations-held-during-sleep>
<enabled>false</enabled>
</topic-registrations-held-during-sleep>
<max-client-identifier-length>23</max-client-identifier-length>
<gateway-id>1</gateway-id>
</mqtt-sn>
<restrictions>
<max-connections>-1</max-connections>
<max-client-id-length>65535</max-client-id-length>
<max-topic-length>65535</max-topic-length>
<no-connect-idle-timeout>10000</no-connect-idle-timeout>
<incoming-bandwidth-throttling>0</incoming-bandwidth-throttling>
</restrictions>
<security>
<payload-format-validation>
<enabled>false</enabled>
</payload-format-validation>
<utf8-validation>
<enabled>true</enabled>
</utf8-validation>
<allow-empty-client-id>
<enabled>true</enabled>
</allow-empty-client-id>
<allow-request-problem-information>
<enabled>true</enabled>
</allow-request-problem-information>
</security>
<persistence>
<mode>in-memory</mode>
</persistence>
<mqtt-bridges>
<mqtt-bridge>
<id>FME-Cloud-Connect</id>
<remote-broker>
<port>8883</port>
<host>${myclusterid}.s1.eu.hivemq.cloud</host>
<mqtt>
<client-id>${myclientid}</client-id>
<clean-start>true</clean-start>
<session-expiry>3600</session-expiry>
<keep-alive>60</keep-alive>
</mqtt>
<authentication>
<mqtt-simple-authentication>
<username>${myusername}ername>
<password>${mypassword}</password>
</mqtt-simple-authentication>
</authentication>
<websocket>
<enabled>true</enabled>
<server-path>/mqtt</server-path>
<subprotocol>mqtt</subprotocol>
</websocket>
<tls>
<enabled>true</enabled>
<protocols/>
<cipher-suites/>
<handshake-timeout>10</handshake-timeout>
<verify-hostname>false</verify-hostname>
</tls>
</remote-broker>
<remote-subscriptions/>
<forwarded-topics/>
<loop-prevention>
<enabled>false</enabled>
<hop-count-limit>1</hop-count-limit>
</loop-prevention>
<persist>true</persist>
</mqtt-bridge>
</mqtt-bridges>
<admin-api>
<enabled>true</enabled>
<listeners>
<http-listener>
<port>8080</port>
<bind-address>0.0.0.0</bind-address>
</http-listener>
</listeners>
<generated-tokens>
<keySize>2048</keySize>
<issuer>HiveMQ-Edge</issuer>
<audience>HiveMQ-Edge-Api</audience>
<expiryTimeMinutes>30</expiryTimeMinutes>
<tokenEarlyEpochThresholdMinutes>2</tokenEarlyEpochThresholdMinutes>
</generated-tokens>
<users/>
</admin-api>
<uns>
<isa95>
<enabled>false</enabled>
<prefix-all-topics>false</prefix-all-topics>
</isa95>
</uns>
<dynamic-configuration>
<allow-configuration-export>false</allow-configuration-export>
<allow-mutable-configuration>true</allow-mutable-configuration>
</dynamic-configuration>
<usage-tracking>
<enabled>true</enabled>
</usage-tracking>
<protocol-adapters/>
<data-combiners/>
<modules/>
<internal/>
</hivemq>
Hello @gebinger ,
Thank you for the follow-up!
For the Bridge Extension, you are connecting to a remote broker (cloud) using port 8883 with Websocket enabled. It is worth noting that HiveMQ Cloud deployments utilize port 8884 as a websocket listener, and this should be used instead.
Let us know if you are able to make this configuration update, and encounter any further issues!
Best,
Aaron from the HiveMQ Team
Hi, sorry for the late reply. In the meantime, I was able to fix the problem — “Enable Transport Layer Security (TLS)” was turned off. 
Hello @gebinger ,
Thank you for the follow-up - I am glad to hear you were able to get this sorted!
As always, please feel free to let us know if you have any further questions - we are always happy to help!
Best,
Aaron from the HiveMQ Team