Docker + Mosquitto TLS on Port 8883 - port is already allocated?

Hello

Traefik works with different docker microservices great.
My mosquitto container runs currently on port 1883 - no tls.

I've tried to implement no TLS but hasn't got any success - also the documentation brings me not any further

FIRST attempt:
First I added a entrypoint on traefik.yml

entryPoints:
  web:
    address: ':80'
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ':443'
 mqtt:
    address: ':8883'

the docker-compose from mosquitto with labels

      - traefik.enable=true
      - traefik.http.routers.node-red.rule=Host(`mqtt.mywebsite.com`)
      - traefik.http.routers.node-red.tls=true
      - traefik.http.routers.node-red.tls.certresolver=lets-encrypt
      - traefik.http.services.node-red.loadbalancer.server.port=8883
     //entry point missing?

SECOND Attempt:
I`ve added the port 8883 on traefik - but then - I cant start the mosquitto because the port is allready allocated

Do you have any suggestion?
Greetings

What do you want to achieve? Usually Traefik is used as a reverse proxy for HTTP(S) protocol, it routes requests by domain name or path to matching target HTTP(S) services.

MQTT is not HTTP compatible. So you could just let the mosquitto container listen on the external port. If you still want to proxy the connection through Traefik, you need to define a TCP router and assign the entrypoint (both in the labels).

If you want Taefik to terminate (decrypt) a TLS/SSL connection (not sure if you can just wrap MQTT in TLS/SSL), make sure you have a certResolver defined in traefik.yml for your "lets-encrypt".

certificatesResolvers:
  myresolver: # name of resolver, can be lets-encrypt
    acme:
      email: your-email@example.com
      storage: acme.json
      tlsChallenge: {}

Make sure to use a acme.json with full path and place it on the Docker host or in volume to keep it alive over service re-creation, LetsEncrypt has some usage limits.

Furthermore make sure you got the spacing right in your traefik.yml and note hat the port of loadbalancer.server.port is the internal port of your service.

If you have further issues, please provide full traefik static and dynamic config and all relevant docker-compose.yml.

1 Like