Url rewrite for mqtt


#41

Port 53 should be ok. (DNS I believe?) I’ve port forwarded port 53 from my firewall to my reverse proxy docker, and added that to my docker.

the nginx log file shows the same errors:

194.80.20.10 - - [11/Dec/2018:20:28:57 +0000] "\x10^\x00\x04MQTT\x04\xEE\x00" 400 173 "-" "-"


#42

Longshot…
nginx version?


#43

i figured that one out. lol

nginx version: nginx/1.14.1


#44

Can you upgrade it easily?
I think they are on 1.16 now


#45

its inside the lets encrypt docker, so i’m not sure. let me see what i can figure out. lol


#46

How about another “test” container?
Maybe try Apache Kafka on it as well.


#47

I’m happy to setup a test container, or even another docker, allow letsencrypt deal with the ssl offloading, then pass that offto another apache container, or something, as i’d still like to find a way of setting up wordpress.


#48

Confluent has a mixed (free/commercial) version free MQTT Proxy for 30 days thereafter commercial features are disabled: https://www.confluent.io/download/


#49

Here is another one:


#50

Thanks Again for all of your help rg305. As I had to use a different port number in the end, I just used NAT on my firewall and redirected an open port to 1883.

This is working as expected. Ideally I didn’t want to open more holes if possible. Never mind.

Thanks.

A Quick side question about internal proxying, and Naming conventions if you are able to answer?

PFSense has two internal networks, one for LAN and one setup as a DMZ, and connects to a managed HP layer three switch.

My family devices (laptops, phones, tablets, PC’s) all reside on the LAN, I’m hosting some services on my unraid server, (which resides on my LAN, but has a tagged vlan for the dockers) nextcloud, homeassistant, appdaemon, etc and other than the unifi controller they are all on the DMZ vlan.
Incoming traffic, all comes in on port 80, and is directed to the letsencrypt docker handles SSL offloading, and rewrite the URL to services in the DMZ, and my media server on my LAN.

Each docker resides on a separate ip address, and generally on thier propritary ports (i.e nextcloud runs on port 443, home assistant on 8123 etc.)
My url rewrite rules direct traffic to the correct places and includes the port info;
ha.domain.co.uk: 192.168.12.202:8123
nextcloud.domain.co.uk: 192.168.12.200:443

My internal network is called similardomain.local.

I was using a separate vlan for my smart tech, but moved it to the DMZ, all of the smart tech is connected to it’s own wifi, so that if there is a problem I can just take that wifi offline.

So to the question:
I want to be able to continue to use the URL’s rather than ip addresses, and port numbers, as some of the services my wife, children and some family members use.
Do i need to setup NATreflection, or do i need to add some special DNS entries?

Any help is appreciated.

LAN: 192.168.10.0/24
DMZ: 192.168.12.0/24

and should I have my home network name as a subdomain as my external name?
i.e. http://internal.domain.co.uk/, or should I keep it as similardomain.local

I Really appreciate you time!


#51

DNS handles that.
However, using Internet DNS systems requires Internet resolvable FQDNs (.local will fail that test).
So, you would be are forced to change the name(s) or use your own DNS.
Or only access the devices while on the home network/WiFi (where you can control the DNS).
And while on the Internet, the destination IPs would have to be Internet reachable (192.168/16 network would fail to route).
So, since you only have one external IP, you would have to stack all the device access onto that on IP by giving each system/service its’ own port - this may be difficult to manage and even harder to reach from other Internet connected “private networks”.

Once you have a working DNS resolver, you may need to add rules to pfSense to allow them access, but it should not require much more than that (for the home LAN users).
You can then use name(s):port(s) [even in shortcuts] to reach all the “local” devices/services.


#52

Thanks, I’ll rename the internal network, hopefully i should be able to work everthing out from there. lol


#53

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.