Reverse Proxy MQTT Through NGINX

I just encountered this posting about using nginx to do load balancing of MQTT connections and my first thought was “I didn’t know you could do that” followed by “Lots of OH users have MQTT and nginx.” So I ended up going down a rabbit hole and research.

First, let me state I’ve not actually done this myself. I’ve just switched over to using a pfsense firewall and managed to break all the things (actually the things were already broken because DD-WRT wasn’t doing static DHCP leases right and I hacked some settings on a couple of my RPis which worked until I changed my internal subnet). I’m posting this info here in case someone wants to run with this before I’ll get a chance to.

Here are a set of links that appear to be useful in setting this up. @binderth, you might find something useful for your cottage project.

Please post if you give it a try.

3 Likes

I know I’m replying to an old post. Hopefully this is helpful to someone.

I just started using OpenHAB and MQTT. One way I found to proxy MQTT through nginx is to use websockets instead of MQTT. This works with OwnTracks (after configuring OwnTracks to use websockets instead of MQTT). I don’t have any IoT devices that use MQTT so I don’t know if it’s possible to make this work for those devices.

In mosquitto.conf, add the following to use websockets instead of MQTT

listener 9002
protocol websockets

Restart mosquitto to confirm this works.

Then update your nginx site to reverse proxy websockets connections (you could also do this without SSL, but this should make it ready to expose to the internet).

server {
   listen                          443 ssl;
   server_name                     <server name>;
   add_header                      Strict-Transport-Security "max-age=31536000; includeSubDomains";
   ssl_certificate                 <SSL cert location>;
   ssl_certificate_key             <SSL key location>;

   location / {
      proxy_http_version                        1.1;
      proxy_set_header          Upgrade         $http_upgrade;
      proxy_set_header          Connection      "upgrade";
      proxy_pass                                http://localhost:9002/;
    }
}

Restart nginx and you should be able to access MQTT through nginx.

1 Like