What I want to do is to run eclipse-mosquitto as an MQTT broker behind an Apache reverse proxy with SSL.
I have written the following docker-compose file:
version: "3.9"
services:
mosquitto:
image: eclipse-mosquitto:2
container_name: mosquitto
ports:
- "9100:9100"
restart: always
volumes:
- mosquitto_data:/mosquitto/data
- mosquitto_log:/mosquitto/log
- ./mosquitto.conf:/mosquitto/config/mosquitto.conf
volumes:
mosquitto_data: {}
mosquitto_log: {}
And the following mosquitto.conf:
persistence true
persistence_location /mosquitto/data/
log_dest file /mosquitto/log/mosquitto.log
log_dest stdout
port 1883
listener 9108
protocol websockets
Now, I want to add the Apache reverse proxy to add SSL to my broker. I usually use subdomains to keep the services I'm running on my server separate.
This is what I have written:
<VirtualHost *:443>
ServerName mosquitto.example.com
# SSL settings (mostly generated by Webmin)
SSLEngine on
SSLCertificateFile /home/example/ssl.cert
SSLCertificateKeyFile /home/example/ssl.key
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCACertificateFile /home/example/ssl.ca
# Proxy stuff
ProxyPass / ws://localhost:9100/
ProxyPassReverse / ws://localhost:9100/
</VirtualHost>
Now, on a client, mosquitto_pub gives me this:
.\mosquitto_pub -h mosquitto.example.com -p 443 -u admin -p admin1234 -t 'test/topic' -m 'helloWorld'
Unable to connect (This feature is not supported.).
The credentials were created with mosquitto_passwd.
What am I doing wrong?
Bonus question:
How can I make it so I don't need the -p 443?
The
mosquitto_pubandmosquitto_subcommands do not support connecting to a broker with MQTT over Websockets.You can use the nodejs based tools that come with the mqtt package
https://www.npmjs.com/package/mqtt#cli