jakesvdm
CDCloudflare Developers
•Created by jakesvdm on 3/15/2024 in #general-help
MQTT over websocket
Hi,
I'm trying to setup an MQTT broker on my raspberry Pi.
I already have a tunnel setup for a website with my domain.
I also have mosquitto setup for websockets over port 9001.
But I some link in my cloudflare - nginx - mosquitto chain is broken.
cloudflare/config.yml:
tunnel: TUNNEL_MUNX_XYZ
credentials-file: /home/munckypi/.cloudflared/xxxxx>
ingress:
- hostname: munx.xyz
service: https://localhost:443
originRequest:
originServerName: "munx.xyz"
- hostname: www.munx.xyz
service: https://localhost:443
originRequest:
originServerName: "www.munx.xyz"
- hostname: mqtt.munx.xyz
service: ws://localhost:9001
originRequest:
originServerName: "mqtt.munx.xyz"
- service: http_status:404
nginx/sites-enabled/default
server {
server_name mqtt.munx.xyz;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/nginx/ssl/munx_xyz.pem;
ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem;
ssl_verify_client optional;
ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;
access_log /home/munckypi/munx_xyz/logs/access.log;
error_log /home/munckypi/munx_xyz/logs/error.log warn;
location /
{
proxy_pass http://localhost:9001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
mosquitto.conf
listener 1883
protocol mqtt
listener 9001
protocol websockets
allow_anonymous false
connection_messages true
log_timestamp true
password_file /etc/mosquitto/passwd
Should my cloudflared/config.yml point mqtt.munx.xyz to ws://localhost:9001? Or to https://localhost:443, and let nginx redirect it?
On my cloudflare dashboard, I have the subdomain set to DNS only, some post said not to use proxy for websockets.
Anyone spot the issue?2 replies