nginx to load balance on MQTTS

Question

I found some documentation and successfully implemented a Load Balancing for MQTT with nginx.

stream {

    upstream broker {

        server 10.1.0.3:1883 fail_timeout=1s max_fails=1;
        server 10.1.0.5:1883 fail_timeout=1s max_fails=1;


    }

    server {

#       access_log /var/log/nginx/access.log;
#        error_log /var/log/nginx/error.log;

        listen 1883;
        listen 8883;

        proxy_pass broker ;

        proxy_connect_timeout 1s;

    }

}

Now, I am trying to make mqtts work. I have a domain, with functional SSL and the site properly handles load balancing for the web.

As you can see the settings for the mqtt, and these work great. Now, I should add the cert.

I started by adding these lines (which were in the web setup)

ssl_certificate /etc/nginx/ssl/domain/server.crt;
    ssl_certificate_key /etc/nginx/ssl/domain/server.key;

    ssl_protocols TLSv1.2;

But sadly, thats about the extent of my server side knowledge.

Will I need to: copy the cert info to the machines on local network and tell the load balancer to forward to mqtts on those?

I did notice the "location" area in the web listener has quite a few proxy_header commands, maybe some of those needed here?

Again, I have little to no experience here, so I am kinda taking stabs in the dark.

https://youtu.be/lUoQgx_eZWo?t=215 for anyone else interested, initial conf here — TDawg, Jan 13 '21 at 10:17
https://youtu.be/lUoQgx_eZWo?t=1525 It may have been solved in same video, I apologize for wasting peoples time. I am testing this simple change in my config, will report back — TDawg, Jan 13 '21 at 10:25

score 1 · Answer 1 · answered Jan 13 '21 at 10:29

Yes, it worked. It was simply missing the ssl at the end of the listen string. Now it successully load balances using the SSL cert and passes to local mqtt on network. Once again, I am sorry for posting such a trivial question... hopefully someone else sees my mistake and benefits from it

stream {

    upstream broker {

        server 10.1.0.3:1883 fail_timeout=1s max_fails=1;
        server 10.1.0.5:1883 fail_timeout=1s max_fails=1;


    }

    server {

#       access_log /var/log/nginx/access.log;
#        error_log /var/log/nginx/error.log;
ssl_certificate /etc/nginx/ssl/domain/server.crt;
    ssl_certificate_key /etc/nginx/ssl/domain/server.key;

    ssl_protocols TLSv1.2;


        listen 1883;
        listen domain.com:8883 ssl;

        proxy_pass broker;

        proxy_connect_timeout 1s;
    }

}

nginx to load balance on MQTTS

1 Answers1