Skip to content

Somewhere to keep notes on my projects

Android Apps
About
- Curriculum Vitae

Search for:

Recent Posts

Home MicroK8s Cluster
Building a Kubernetes Test Environment
New Daily Driver
Pimoroni Keybow Upgrade
D11 Label Printer

Recent Comments

Setting up Wireguard VPN with IPv6 | Frederik Himpe on Setting up WireGuard IPv6
What are the general disadvantages of having your own ‘DoH’/’DoT’ server? - Boot Panic on DNS-Over-HTTPS
hardillb on Setting up WireGuard IPv6
8 blocks on Setting up WireGuard IPv6
Linux on iPad without a network. Raspberry Pi Zero 2W or Pi4. VNC Direct. - Raspberry Pi Projects on Pi4 USB-C Gadget

Archives

Categories

Android
Clock
Cycling
Exercise
Food
Hacks
MythTV
Node-RED
Projects
SMS/MMS
Tech
Uncategorised
Work

Meta

Log in
Entries feed
Comments feed
WordPress.org

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

More MQTT VirtualHost Proxying

A really quick follow up to the earlier post about using TLS SNI to host multiple MQTT brokers on a single IP address.

In the previous post I used nginx to do the routing, but I have also worked out that the required input to Traefik would be.

The static config file looks like this

global:
  checkNewVersion: false
  sendAnonymousUsage: false
entryPoints:
  mqtts:
    address: ":1883"
api:
  dashboard: true
  insecure: true
providers:
  file:
    filename: config.yml
    directory: /config
    watch: true

And the dynamic config like this

tcp:
  services:
    test1:
      loadBalancer:
        servers:
          - address: "192.168.1.1:1883"
    test2:
      loadBalancer:
        servers:
          - address: "192.168.1.2:1883"
  routers:
    test1:
      entryPoints:
        - "mqtts"
      rule: "HostSNI(`test1.example.com`)"
      service: test1
      tls: {}
    test2:
      entryPoints:
        - "mqtts"
      rule: "HostSNI(`test2.example.com`)"
      service: test2
      tls: {}

tls:
  certificates:
    - certFile: /certs/test1-chain.crt
      keyFile: /certs/test1.key
    - certFile: /certs/test2-chain.crt
      keyFile: /certs/test2.key

Of course all the dynamic stuff can be generated via any of the Traefik providers.

Share this:

Click to print (Opens in new window)
Click to email a link to a friend (Opens in new window)
Click to share on Twitter (Opens in new window)
Click to share on Reddit (Opens in new window)
Click to share on Pinterest (Opens in new window)
More

Click to share on Facebook (Opens in new window)
Click to share on LinkedIn (Opens in new window)

Related

Posted on 17th October 202024th January 2022Author Ben HardillCategories Hacks, TechTags MQTT, TLS, traefik

Leave a Reply Cancel reply

Your email address will not be published.

Comment

Name

Email

Website

Notify me of follow-up comments by email.

Notify me of new posts by email.

Δ

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Post navigation

Previous Previous post: Proxying for Mulitple Node-RED instances

Next Next post: Managing Multi Tenant Node-RED Instances

Privacy Policy Proudly powered by WordPress