Help with creating mqtt.subdomain.conf for MQTT


I have letsencrypt in docker and i have for all my services
eg. radarr / sonarr / etc … It’s all working fine.

If I open and forward port 8883 on my router then I can access mqtt from outside and it’s all working fine. However, I’d like to add a mqtt.subdomain.conf file so I can connect to my mosquitto mqtt server using TLS over port 443 without having to open an additional port (8883).

I have tried the following mqtt.subdomain.conf file

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name mqtt.*;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    # location / {

        # include /config/nginx/proxy.conf;
        # resolver valid=30s;
        # set $upstream_app mqtt;
        # set $upstream_port 8883;
        # set $upstream_proto http;
        # proxy_pass;
    # }

    location /api/websocket {
        resolver valid=30s;
        set $upstream_app mqtt;
        set $upstream_port 8883;
        set $upstream_proto http;
        proxy_set_header Host $host;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

I think the problem is I need to use stream { } ; but when I add I get the error
nginx: [emerg] "stream" directive is not allowed here in /config/nginx/proxy-confs/mqtt.subdomain.conf:39

How can I change the above to use stream for websockets mqtt client.
I actually don’t mind if i use regular mqtt or websockets, but would like to try do without opening the additional ports.

this doesn’t seem to be related to SSL or Certificate Generation?

Try the NGINX forums?

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.