CD
Cloudflare Developers3mo ago
jakesvdm

MQTT over websocket

Hi, I'm trying to setup an MQTT broker on my raspberry Pi. I already have a tunnel setup for a website with my domain. I also have mosquitto setup for websockets over port 9001. But I some link in my cloudflare - nginx - mosquitto chain is broken. cloudflare/config.yml: tunnel: TUNNEL_MUNX_XYZ credentials-file: /home/munckypi/.cloudflared/xxxxx> ingress: - hostname: munx.xyz service: https://localhost:443 originRequest: originServerName: "munx.xyz" - hostname: www.munx.xyz service: https://localhost:443 originRequest: originServerName: "www.munx.xyz" - hostname: mqtt.munx.xyz service: ws://localhost:9001 originRequest: originServerName: "mqtt.munx.xyz" - service: http_status:404 nginx/sites-enabled/default server { server_name mqtt.munx.xyz; listen 443 ssl http2; listen [::]:443 ssl http2; ssl_certificate /etc/nginx/ssl/munx_xyz.pem; ssl_certificate_key /etc/nginx/ssl/munx_xyz_key.pem; ssl_verify_client optional; ssl_client_certificate /etc/nginx/ssl/cloudflare.crt; access_log /home/munckypi/munx_xyz/logs/access.log; error_log /home/munckypi/munx_xyz/logs/error.log warn; location / { proxy_pass http://localhost:9001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; } } mosquitto.conf listener 1883 protocol mqtt listener 9001 protocol websockets allow_anonymous false connection_messages true log_timestamp true password_file /etc/mosquitto/passwd Should my cloudflared/config.yml point mqtt.munx.xyz to ws://localhost:9001? Or to https://localhost:443, and let nginx redirect it? On my cloudflare dashboard, I have the subdomain set to DNS only, some post said not to use proxy for websockets. Anyone spot the issue?
1 Reply
Chaika
Chaika3mo ago
That's a lot of layers
On my cloudflare dashboard, I have the subdomain set to DNS only, some post said not to use proxy for websockets.
You need proxy on for tunnels to work at all
service: ws://localhost:9001
afaik you'd want this to be http://, not ws:// and let it upgrade to ws. I would also use 127.0.0.1 instead of localhost because localhost could be IPv6 loopback (::1) and Mosquitto might not be bound on that. Does it work trying to connect over websocket to http://127.0.0.1:9001? If not, get that working first
Want results from more Discord servers?
Add your server
More Posts
Cloudflare DNS 522 error when pointing at Cloudflare PagesHello. I have an issue where when I deploy cloudflare pages, the site loads fine on the .dev page, bWAF Access Rules based on VPNIs it possible to create a WAF access rule for my web app that would prohibit user access via a proxCloud Access Security Broker (CASB) and Cloud Security Posture Management (CSPM) on cloudflare?Are there any solutions on cloudflare for the same? I am looking for these to implement in my organiTLS Issue - Workers to AWS IoT CoreI am trying to communicate to the AWS IoT core HTTPS endpoint through a cloudflare worker (using hon