Reputation: 883
nginx to load balance on MQTTS
I found some documentation and successfully implemented a Load Balancing for MQTT with nginx.
stream {
upstream broker {
server 10.1.0.3:1883 fail_timeout=1s max_fails=1;
server 10.1.0.5:1883 fail_timeout=1s max_fails=1;
}
server {
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log;
listen 1883;
listen 8883;
proxy_pass broker ;
proxy_connect_timeout 1s;
}
}
Now, I am trying to make mqtts work. I have a domain, with functional SSL and the site properly handles load balancing for the web.
As you can see the settings for the mqtt, and these work great. Now, I should add the cert.
I started by adding these lines (which were in the web setup)
ssl_certificate /etc/nginx/ssl/domain/server.crt;
ssl_certificate_key /etc/nginx/ssl/domain/server.key;
ssl_protocols TLSv1.2;
But sadly, thats about the extent of my server side knowledge.
Will I need to: copy the cert info to the machines on local network and tell the load balancer to forward to mqtts on those?
I did notice the "location" area in the web listener has quite a few proxy_header commands, maybe some of those needed here?
Again, I have little to no experience here, so I am kinda taking stabs in the dark.
Upvotes: 2
Views: 2213
Answers (1)
Reputation: 883
Yes, it worked. It was simply missing the ssl at the end of the listen string. Now it successully load balances using the SSL cert and passes to local mqtt on network. Once again, I am sorry for posting such a trivial question... hopefully someone else sees my mistake and benefits from it
stream {
upstream broker {
server 10.1.0.3:1883 fail_timeout=1s max_fails=1;
server 10.1.0.5:1883 fail_timeout=1s max_fails=1;
}
server {
# access_log /var/log/nginx/access.log;
# error_log /var/log/nginx/error.log;
ssl_certificate /etc/nginx/ssl/domain/server.crt;
ssl_certificate_key /etc/nginx/ssl/domain/server.key;
ssl_protocols TLSv1.2;
listen 1883;
listen domain.com:8883 ssl;
proxy_pass broker;
proxy_connect_timeout 1s;
}
}
Upvotes: 3