How to Configure Mosquitto with Nginx Reverse Proxy

Introduction

Mosquitto is an open-source MQTT broker that is widely used for IoT applications. In this tutorial, we will show you how to configure a Mosquitto container behind Nginx. We will use Nginx as a reverse proxy, which will allow us to access Mosquitto over HTTPS.

Prerequisites

Before proceeding, you will need the following:

  • Docker and Docker Compose installed on your machine.
  • A domain name with a valid SSL certificate. You can use Let’s Encrypt to generate a free SSL certificate.
  • A basic understanding of Docker and Nginx.

How-To Guide to Configure a Mosquitto Container Behind Nginx configured as Reverse Proxy

The steps below describes how to set up and configure a Mosquitto MQTT broker behind an Nginx reverse proxy.

Step 1: Create a directory for your project and create a docker-compose.yaml file.

$ mkdir mosquitto-nginx; cd mosquitto-nginx; touch docker-compose.yaml

Step 2: Populating the docker-compose.yaml file.

Open the docker-compose.yaml  in your favorite text editor and paste the following code:

version: "3"
services:
  mosquitto:
    image: eclipse-mosquitto:latest
    restart: always
    ports:
      - 1883:1883
      - 9001:9001
    volumes:
      - ./mosquitto/config:/mosquitto/config
      - ./mosquitto/data:/mosquitto/data
      - ./mosquitto/log:/mosquitto/log
    networks:
      - mosquitto-net
  nginx:
    image: nginx:latest
    restart: always
    ports:
      - 80:80
      - 443:443
    volumes:
      - ./nginx/conf.d:/etc/nginx/conf.d
      - ./nginx/certs:/etc/nginx/certs
    networks:
      - mosquitto-net
networks:
  mosquitto-net:

In this code, we are defining two services: Mosquitto and Nginx. The Mosquitto service uses the latest version of the Eclipse Mosquitto image. We are exposing ports 1883 and 9001, which are the default ports for MQTT and WebSockets. We are also mounting three volumes to persist data across container restarts. The Nginx service uses the latest version of the Nginx image. We are exposing ports 80 and 443 for HTTP and HTTPS traffic. We are also mounting two volumes for the Nginx configuration files and SSL certificates. Finally, we are creating a network called mosquitto-net for both services to communicate with each other.

Step 3: Create the necessary directories for Mosquitto and Nginx configurations.

$ mkdir -p mosquitto/config mosquitto/data mosquitto/log nginx/conf.d nginx/certs

This command creates the required directories for Mosquitto and Nginx configurations.

Step 4: Create an Nginx configuration file.

Create a file called mosquitto.conf in the nginx/conf.d directory and paste the following code:

server {
  listen 443 ssl;
  server_name example.com;

  ssl_certificate /etc/nginx/certs/fullchain.pem;
  ssl_certificate_key /etc/nginx/certs/privkey.pem;

  location /mqtt/ {
    proxy_pass http://mosquitto:9001/;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $host;
  }
}

In this configuration, we are defining an Nginx server block to listen on port 443 for HTTPS traffic. We are also specifying the domain name and SSL certificate files. Finally, we are defining a location block for /mqtt/ to forward all requests to the Mosquitto container on port 9001.

Step 5: Generate SSL certificates.

If you do not have SSL certificates for your domain name, you can generate them using Let’s Encrypt. You can use Certbot to generate and manage your SSL certificates. Follow the instructions on the Certbot website to install and configure it for your web server.

Once you have generated your SSL certificates, copy the fullchain.pem and privkey.pem files to the nginx/certs directory.

Step 6: Start the containers

To start the containers, run the following command in the project directory:

$ docker-compose up -d

This command will start the Mosquitto and Nginx containers in detached mode.

Step 7: Test the setup

You can now test your setup by accessing the Mosquitto broker over HTTPS using the URL https://example.com/mqtt/. You can use any MQTT client to connect to the broker.

Conclusion

In this tutorial, we have shown you how to configure a Mosquitto container behind Nginx. We used Nginx as a reverse proxy to allow access to Mosquitto over HTTPS. We also provided a complete docker-compose.yaml file and explained everything in detail. By following these steps, you should be able to set up your own Mosquitto broker with Nginx as a reverse proxy.

Further reading

These resources will provide you with more in-depth information on the topics covered in this tutorial, and will help you to expand your knowledge and skills in these areas.