Docker + Mosquitto TLS on Port 8883 - port is already allocated?

saffron_1071 · December 18, 2022, 10:56am

Hello

Traefik works with different docker microservices great.
My mosquitto container runs currently on port 1883 - no tls.

I've tried to implement no TLS but hasn't got any success - also the documentation brings me not any further

FIRST attempt:
First I added a entrypoint on traefik.yml

entryPoints:
  web:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ':443'
 mqtt:
    address: ':8883'

the docker-compose from mosquitto with labels

      - traefik.enable=true
      - traefik.http.routers.node-red.rule=Host(`mqtt.mywebsite.com`)
      - traefik.http.routers.node-red.tls=true
      - traefik.http.routers.node-red.tls.certresolver=lets-encrypt
      - traefik.http.services.node-red.loadbalancer.server.port=8883
     //entry point missing?

SECOND Attempt:
I`ve added the port 8883 on traefik - but then - I cant start the mosquitto because the port is allready allocated

Do you have any suggestion?
Greetings

bluepuma77 · December 19, 2022, 1:31pm

What do you want to achieve? Usually Traefik is used as a reverse proxy for HTTP(S) protocol, it routes requests by domain name or path to matching target HTTP(S) services.

MQTT is not HTTP compatible. So you could just let the mosquitto container listen on the external port. If you still want to proxy the connection through Traefik, you need to define a TCP router and assign the entrypoint (both in the labels).

If you want Taefik to terminate (decrypt) a TLS/SSL connection (not sure if you can just wrap MQTT in TLS/SSL), make sure you have a certResolver defined in traefik.yml for your "lets-encrypt".

certificatesResolvers:
  myresolver: # name of resolver, can be lets-encrypt
    acme:
      email: your-email@example.com
      storage: acme.json
      tlsChallenge: {}

Make sure to use a acme.json with full path and place it on the Docker host or in volume to keep it alive over service re-creation, LetsEncrypt has some usage limits.

Furthermore make sure you got the spacing right in your traefik.yml and note hat the port of loadbalancer.server.port is the internal port of your service.

If you have further issues, please provide full traefik static and dynamic config and all relevant docker-compose.yml.

Topic		Replies	Views
Providing 2 endpoints for MQTT broker Traefik v2 docker , tcp	2	4847	January 9, 2022
MQTT broker cannot be contacted behing Traefik Traefik v2 docker	7	2346	July 26, 2023
Problem setting up an MQTT broker + TLS + LETSENCRYPT certificate Traefik v2 docker , tcp	1	1562	September 13, 2022
Traefik reverse proxy for mosquitto with cert auth Traefik v2 docker , consul-catalog	1	1839	September 23, 2022
Https on additional custom port (8080) Traefik v2 docker	9	7584	May 14, 2021

Docker + Mosquitto TLS on Port 8883 - port is already allocated?

Related topics