HiveMQ Edge [2025.13] to HiveMQ Cloud (Free Edition) – Connection Issue

Hi,

I’m running HiveMQ Edge [2025.13] in a Docker container and trying to connect it to a HiveMQ Cloud Free Edition instance on AWS (<cluster_id>.s1.eu.hivemq.cloud). However, I am unable to complete the connection successfully.

My first challenge is that I cannot find any documentation that matches the current UX in [2025.13] exactly — neither in GitHub nor in the HiveMQ Edge Docs.

I have tried multiple configurations for the Client ID field, but regardless of what I enter, the bridge status remains “disconnected”, and I see the following error:

com.hivemq.client.mqtt.exceptions.ConnectionFailedException: io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: connection was closed during handshake
Caused by: io.netty.handler.codec.http.websocketx.WebSocketHandshakeException: connection was closed during handshake
	at com.hivemq.client.internal.mqtt.handler.websocket.MqttWebsocketHandshakeHandler.channelInactive(MqttWebsocketHandshakeHandler.java:115)
	...
	at java.base/java.lang.Thread.run(Unknown Source)

Additional details:

  • Enable Transport Layer Security (TLS) is enabled.

  • Connection type: WebSocket (as required for HiveMQ Cloud).

Do you have any idea what I might be doing wrong?

Hello @gebinger ,

Thank you for the outreach - we would be happy to help!

To start with, most typically this Client ID section is user-defined, and functions as a unique identifier for the MQTT clients that will be utilized by the client and broker to identify this particular client instance.

Based on the error provided, I do not believe this to be related, as the error indicates that the connection was terminated during the handshake event, likely relating this behavior to TLS negotiation on the connect attempt.

To dive in a bit deeper, I’d ask to confirm the current TLS configuration options set for your HiveMQ Edge deployment - if possible, copying the current HiveMQ Edge config.xml file, stored within the conf folder of your installation directory, within this thread would be great and allow us to see the full configuration for additional troubleshooting. Please feel free to obfuscate any potentially sensitive information, such as credentials or URLs.

Additionally, I would recommend ensuring the TLS-SNI is enabled, for which our article here provides some more detailed instructions : https://hivemq.atlassian.net/wiki/x/MgDms.

Best,

Aaron from the HiveMQ Team

Hi Franz, regarding config.xml:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?> 1 1883 0.0.0.0 2442 0.0.0.0 1000 discard true true 2 true 5 4294967296 4294967295 true true 65535 true 268435460 10 false false 30 false false false 23 1 -1 65535 65535 10000 0 false true true true in-memory ${mycloudconnectid} 8883 ${Cluster ID}.s1.eu.hivemq.cloud ${myclientid} true 3600 60 ${myusername}/username> ${mypassword} true /mqtt mqtt true 10 false false 1 true true 8080 0.0.0.0 2048 HiveMQ-Edge HiveMQ-Edge-Api 30 2 false false false true true

regarding ngrok

ERROR: failed to start tunnel: You must add a credit or debit card before you can use TCP endpoints on a free account. We require a valid card as a way to comat abuse and keep the internet a safe place. This card will NOT be charged.
ERROR: Add a card to your account here: ngrok — Log in
ERROR:
ERROR: ERR_NGROK_8013
ERROR: ERR_NGROK_8013 | ngrok documentation
ERROR:

I would like to avoid this :smirking_face:

Which port are you using, 8883 or 8884? WebSocket is 8884 (TLS required as well), 8883 is no WebSocket (TLS required)

Hello @gebinger ,

Thank you for the follow-up!

It looks like you’ve posted the contents of the XML via a web browser, or another application that attempted to parse it. To review this file, you will need to open the config.xml via a text or a code editor, or by attaching the file here.

Best,

Aaron from the HiveMQ Team

Hi, sorry, I was blocked after the post regarding ngrok.
I use Azure IoT Edge as a host and run HiveMQ Edge in a container, because for our use case we also need the Azure Device Update Service. Since port 8883 is already used by Azure IoT Edge, I mapped HiveMQ Edge’s 8883 to 8884, but maybe that wasn’t a good idea. I’ve now changed it to 7883.

Sorry, to quick … here in xml format … files I can’t attached here.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<hivemq xsi:schemaLocation="config.xsd" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <config-version>1</config-version>
    <mqtt-listeners>
        <tcp-listener>
            <port>1883</port>
            <bind-address>0.0.0.0</bind-address>
        </tcp-listener>
    </mqtt-listeners>
    <mqtt-sn-listeners>
        <udp-listener>
            <port>2442</port>
            <bind-address>0.0.0.0</bind-address>
        </udp-listener>
    </mqtt-sn-listeners>
    <mqtt>
        <queued-messages>
            <max-queue-size>1000</max-queue-size>
            <strategy>discard</strategy>
        </queued-messages>
        <retained-messages>
            <enabled>true</enabled>
        </retained-messages>
        <wildcard-subscriptions>
            <enabled>true</enabled>
        </wildcard-subscriptions>
        <quality-of-service>
            <max-qos>2</max-qos>
        </quality-of-service>
        <topic-alias>
            <enabled>true</enabled>
            <max-per-client>5</max-per-client>
        </topic-alias>
        <message-expiry>
            <max-interval>4294967296</max-interval>
        </message-expiry>
        <session-expiry>
            <max-interval>4294967295</max-interval>
        </session-expiry>
        <subscription-identifier>
            <enabled>true</enabled>
        </subscription-identifier>
        <shared-subscriptions>
            <enabled>true</enabled>
        </shared-subscriptions>
        <keep-alive>
            <max-keep-alive>65535</max-keep-alive>
            <allow-unlimited>true</allow-unlimited>
        </keep-alive>
        <packets>
            <max-packet-size>268435460</max-packet-size>
        </packets>
        <receive-maximum>
            <server-receive-maximum>10</server-receive-maximum>
        </receive-maximum>
    </mqtt>
    <mqtt-sn>
        <predefined-topics/>
        <allow-empty-client-identifier>
            <enabled>false</enabled>
        </allow-empty-client-identifier>
        <discovery>
            <enabled>false</enabled>
            <broadcast-addresses/>
            <discovery-interval-seconds>30</discovery-interval-seconds>
        </discovery>
        <allow-anonymous-publish-minus-one>
            <enabled>false</enabled>
        </allow-anonymous-publish-minus-one>
        <allow-waking-ping-session-hijack>
            <enabled>false</enabled>
        </allow-waking-ping-session-hijack>
        <topic-registrations-held-during-sleep>
            <enabled>false</enabled>
        </topic-registrations-held-during-sleep>
        <max-client-identifier-length>23</max-client-identifier-length>
        <gateway-id>1</gateway-id>
    </mqtt-sn>
    <restrictions>
        <max-connections>-1</max-connections>
        <max-client-id-length>65535</max-client-id-length>
        <max-topic-length>65535</max-topic-length>
        <no-connect-idle-timeout>10000</no-connect-idle-timeout>
        <incoming-bandwidth-throttling>0</incoming-bandwidth-throttling>
    </restrictions>
    <security>
        <payload-format-validation>
            <enabled>false</enabled>
        </payload-format-validation>
        <utf8-validation>
            <enabled>true</enabled>
        </utf8-validation>
        <allow-empty-client-id>
            <enabled>true</enabled>
        </allow-empty-client-id>
        <allow-request-problem-information>
            <enabled>true</enabled>
        </allow-request-problem-information>
    </security>
    <persistence>
        <mode>in-memory</mode>
    </persistence>
    <mqtt-bridges>
        <mqtt-bridge>
            <id>FME-Cloud-Connect</id>
            <remote-broker>
                <port>8883</port>
                <host>${myclusterid}.s1.eu.hivemq.cloud</host>
                <mqtt>
                    <client-id>${myclientid}</client-id>
                    <clean-start>true</clean-start>
                    <session-expiry>3600</session-expiry>
                    <keep-alive>60</keep-alive>
                </mqtt>
                <authentication>
                    <mqtt-simple-authentication>
                        <username>${myusername}ername>
                        <password>${mypassword}</password>
                    </mqtt-simple-authentication>
                </authentication>
                <websocket>
                    <enabled>true</enabled>
                    <server-path>/mqtt</server-path>
                    <subprotocol>mqtt</subprotocol>
                </websocket>
                <tls>
                    <enabled>true</enabled>
                    <protocols/>
                    <cipher-suites/>
                    <handshake-timeout>10</handshake-timeout>
                    <verify-hostname>false</verify-hostname>
                </tls>
            </remote-broker>
            <remote-subscriptions/>
            <forwarded-topics/>
            <loop-prevention>
                <enabled>false</enabled>
                <hop-count-limit>1</hop-count-limit>
            </loop-prevention>
            <persist>true</persist>
        </mqtt-bridge>
    </mqtt-bridges>
    <admin-api>
        <enabled>true</enabled>
        <listeners>
            <http-listener>
                <port>8080</port>
                <bind-address>0.0.0.0</bind-address>
            </http-listener>
        </listeners>
        <generated-tokens>
            <keySize>2048</keySize>
            <issuer>HiveMQ-Edge</issuer>
            <audience>HiveMQ-Edge-Api</audience>
            <expiryTimeMinutes>30</expiryTimeMinutes>
            <tokenEarlyEpochThresholdMinutes>2</tokenEarlyEpochThresholdMinutes>
        </generated-tokens>
        <users/>
    </admin-api>
    <uns>
        <isa95>
            <enabled>false</enabled>
            <prefix-all-topics>false</prefix-all-topics>
        </isa95>
    </uns>
    <dynamic-configuration>
        <allow-configuration-export>false</allow-configuration-export>
        <allow-mutable-configuration>true</allow-mutable-configuration>
    </dynamic-configuration>
    <usage-tracking>
        <enabled>true</enabled>
    </usage-tracking>
    <protocol-adapters/>
    <data-combiners/>
    <modules/>
    <internal/>
</hivemq>

Hello @gebinger ,

Thank you for the follow-up!

For the Bridge Extension, you are connecting to a remote broker (cloud) using port 8883 with Websocket enabled. It is worth noting that HiveMQ Cloud deployments utilize port 8884 as a websocket listener, and this should be used instead.

Let us know if you are able to make this configuration update, and encounter any further issues!

Best,

Aaron from the HiveMQ Team

Hi, sorry for the late reply. In the meantime, I was able to fix the problem — “Enable Transport Layer Security (TLS)” was turned off. :face_with_peeking_eye:

Hello @gebinger ,

Thank you for the follow-up - I am glad to hear you were able to get this sorted!

As always, please feel free to let us know if you have any further questions - we are always happy to help!

Best,

Aaron from the HiveMQ Team