MQTT over websocket

Hi,
I'm trying to setup an MQTT broker on my raspberry Pi.
I already have a tunnel setup for a website with my domain.
I also have mosquitto setup for websockets over port 9001.
But I some link in my cloudflare - nginx - mosquitto chain is broken.

cloudflare/config.yml:

tunnel: TUNNEL_MUNX_XYZ
credentials-file: /home/munckypi/.cloudflared/xxxxx>

ingress:
- hostname: munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "munx.xyz"
- hostname: www.munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "www.munx.xyz"
- hostname: mqtt.munx.xyz
  service: ws://localhost:9001
  originRequest:
    originServerName: "mqtt.munx.xyz"
- service: http_status:404

tunnel: TUNNEL_MUNX_XYZ
credentials-file: /home/munckypi/.cloudflared/xxxxx>

ingress:
- hostname: munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "munx.xyz"
- hostname: www.munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "www.munx.xyz"
- hostname: mqtt.munx.xyz
  service: ws://localhost:9001
  originRequest:
    originServerName: "mqtt.munx.xyz"
- service: http_status:404

tunnel: TUNNEL_MUNX_XYZ
credentials-file: /home/munckypi/.cloudflared/xxxxx>

ingress:
- hostname: munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "munx.xyz"
- hostname: www.munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "www.munx.xyz"
- hostname: mqtt.munx.xyz
  service: ws://localhost:9001
  originRequest:
    originServerName: "mqtt.munx.xyz"
- service: http_status:404

tunnel: TUNNEL_MUNX_XYZ
credentials-file: /home/munckypi/.cloudflared/xxxxx>

ingress:
- hostname: munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "munx.xyz"
- hostname: www.munx.xyz
  service: https://localhost:443
  originRequest:
    originServerName: "www.munx.xyz"
- hostname: mqtt.munx.xyz
  service: ws://localhost:9001
  originRequest:
    originServerName: "mqtt.munx.xyz"
- service: http_status:404

nginx/sites-enabled/default

server {
   server_name mqtt.munx.xyz;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

        ssl_certificate /etc/nginx/ssl/munx_xyz.pem;
        ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem;
        ssl_verify_client optional;
        ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;

        access_log /home/munckypi/munx_xyz/logs/access.log;
        error_log /home/munckypi/munx_xyz/logs/error.log warn;

   location /
   {
      proxy_pass http://localhost:9001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
  }
}

server {
   server_name mqtt.munx.xyz;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

        ssl_certificate /etc/nginx/ssl/munx_xyz.pem;
        ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem;
        ssl_verify_client optional;
        ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;

        access_log /home/munckypi/munx_xyz/logs/access.log;
        error_log /home/munckypi/munx_xyz/logs/error.log warn;

   location /
   {
      proxy_pass http://localhost:9001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
  }
}

server {
   server_name mqtt.munx.xyz;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

        ssl_certificate /etc/nginx/ssl/munx_xyz.pem;
        ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem;
        ssl_verify_client optional;
        ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;

        access_log /home/munckypi/munx_xyz/logs/access.log;
        error_log /home/munckypi/munx_xyz/logs/error.log warn;

   location /
   {
      proxy_pass http://localhost:9001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
  }
}

server {
   server_name mqtt.munx.xyz;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

        ssl_certificate /etc/nginx/ssl/munx_xyz.pem;
        ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem;
        ssl_verify_client optional;
        ssl_client_certificate /etc/nginx/ssl/cloudflare.crt;

        access_log /home/munckypi/munx_xyz/logs/access.log;
        error_log /home/munckypi/munx_xyz/logs/error.log warn;

   location /
   {
      proxy_pass http://localhost:9001;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
  }
}

mosquitto.conf

listener 1883
protocol mqtt
listener 9001
protocol websockets
allow_anonymous false
connection_messages true
log_timestamp true
password_file /etc/mosquitto/passwd

listener 1883
protocol mqtt
listener 9001
protocol websockets
allow_anonymous false
connection_messages true
log_timestamp true
password_file /etc/mosquitto/passwd

listener 1883
protocol mqtt
listener 9001
protocol websockets
allow_anonymous false
connection_messages true
log_timestamp true
password_file /etc/mosquitto/passwd

listener 1883
protocol mqtt
listener 9001
protocol websockets
allow_anonymous false
connection_messages true
log_timestamp true
password_file /etc/mosquitto/passwd

Should my cloudflared/config.yml point mqtt.munx.xyz to ws://localhost:9001? Or to https://localhost:443, and let nginx redirect it?
On my cloudflare dashboard, I have the subdomain set to DNS only, some post said not to use proxy for websockets.
Anyone spot the issue?

MQTT over websocket

Similar Threads

Similar Threads

Similar Threads