Serving HTML content with http_dir option results in ERR_EMPTY_RESPONSE in browser #3504
Description
Hi all
I am using official mosquitto 2.1.2 docker image, which has been working fine for a long time. I was developing an application which would pub/sub to the broker but this was put on hold some months ago and I have just come back to it to find that the websocket listener seems to no longer work properly.
I have websocket listeners configured on port 80 (plain) and on port 443 with valid, publicly trusted TLS certificates. I made a python script using paho library to test connection to this and I can connect locally no problem. I also have cloudflare tunnel configured to expose this to the internet which also worked fine. I had option http_dir configured to serve a basic HTML page and I could view this externally via the cloudflare tunnel.
Now however (after I suspect a few automatic updates) this seems somewhat broken. If I try to view the HTML page in browser it just shows:
This page isn’t working
10.21.1.23 didn’t send any data.
ERR_EMPTY_RESPONSE
If I try to view it from outside the network, I get cloudflare 502 Bad Gateway error. I can see in the cloudflare tunnel logs:
2026-02-15T21:09:42Z ERR error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=1 event=1 ingressRule=0 originService=https://mosquitto:443
2026-02-15T21:09:42Z ERR Request failed error="Unable to reach the origin service. The service may be down or it may not be responding to traffic from cloudflared: EOF" connIndex=1 dest=https://mqtt-ws.mydomain.org/ event=0 ip=198.41.192.57 type=http
If I run nmap against the host I can see it is listening on the ports I expect:
Nmap scan report for 10.21.1.23
Host is up (0.0035s latency).
Not shown: 65531 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
443/tcp open https
1883/tcp open mqtt
8883/tcp open secure-mqtt
My config is:
# ======================================================================
# Authentication and Authorization
# ======================================================================
# Disable anonymous access to force username/password authentication
allow_anonymous false
# Specify the path to the password file
plugin /usr/lib/mosquitto_dynamic_security.so
plugin_opt_config_file /mosquitto/config/dynamic-security.json
# ======================================================================
# General configuration
# ======================================================================
# Plain MQTT listener (default port 1883 for standard MQTT connections)
listener 1883
protocol mqtt
# MQTT TLS listener (default port 8883 for MQTT TLS connections)
listener 8883
tls_version tlsv1.2
cafile /mosquitto/config/certs/fullchain.pem
certfile /mosquitto/config/certs/cert.pem
keyfile /mosquitto/config/certs/privkey.pem
# WebSocket listener on port 80
listener 80
protocol websockets
# WebSocket listener with TLS on port 443
listener 443
protocol websockets
tls_version tlsv1.2
cafile /mosquitto/config/certs/fullchain.pem
certfile /mosquitto/config/certs/cert.pem
keyfile /mosquitto/config/certs/privkey.pem
# ======================================================================
# Logging (Optional)
# ======================================================================
# Log all the activity of the broker (useful for troubleshooting)
log_type warning
log_type error
log_type notice
log_type information
connection_messages true
log_timestamp_format %Y-%m-%dT%H:%M:%S%z
log_dest file /mosquitto/log/mosquitto.log
# ======================================================================
# Extra BS
# ======================================================================
# Serve a html page at the websockets domain
http_dir /www
There are no useful items in the mosquitto log whatsoever. Can anyone shed any light please?