Hi Everyone,
I am trying to expose a MQTT endpoint to the internet using Traefik. When I expose the service and and try to access it using MQTT explorer, I get a connection refused error. When looking at the service in the Traefik dashboard, I found that my TCP Service is failing to connect to the pod:
To verify that my container is configured correctly, I went to my docker server and was able to telnet into that IP/Port with no issues. I've tried to do a bunch of troubleshooting and I am unable to figure out why this is failing. I've provided the below code to see if I can get a second set of eyes to figure out why this is failing:
Traefik configuration in docker compose
traefik:
image: traefik:v2.4
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- public_facing
ports:
- "80:80"
- "443:443"
- "8883:8883"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${DOCKER}/traefik/acme.json:/acme.json
- ${DOCKER}/traefik/users:/users:ro
command:
- "--api=true"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.endpoint=unix:///var/run/docker.sock"
- "--providers.docker.exposedbydefault=false"
#- "--log.level=DEBUG"
# Entrypoints
- "--entrypoints.http.address=:80"
- "--entrypoints.https.address=:443"
- "--entrypoints.mqtt.address=:8883"
- "--entrypoints.websocket.address=:9001"
# Redirect http to https
- "--entrypoints.http.http.redirections.entrypoint.to=https"
- "--entrypoints.http.http.redirections.entrypoint.scheme=https"
# Let's encrypt configuration
- "--certificatesresolvers.lazyresolver.acme.tlschallenge=true"
- "--certificatesresolvers.lazyresolver.acme.email=fake@email.com"
- "--certificatesresolvers.lazyresolver.acme.storage=/acme.json"
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=https"
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAINNAME}`)"
- "traefik.http.routers.traefik.service=api@internal"
- "traefik.http.middlewares.traefik-auth.basicauth.usersfile=/users"
- "traefik.http.routers.traefik.tls.certresolver=lazyresolver"
Mosquitto configuration in docker compose
mosquitto:
image: eclipse-mosquitto
container_name: mosquitto
restart: unless-stopped
ports:
- 1883:1883
- 8884:8883
- 9001:9001
volumes:
- /etc/localtime:/etc/localtime:ro
- ${DOCKER}/mosquitto/data:/mosquitto/data
- ${DOCKER}/mosquitto/config:/mosquitto/config
- ${DOCKER}/mosquitto/log:/mosquitto/log
environment:
- TZ=${TZ}
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.mqtt.rule=HostSNI(`*`)"
- "traefik.tcp.routers.mqtt.tls.certresolver=lazyresolver"
- "traefik.tcp.services.mqtt.loadbalancer.server.port=8883"
- "traefik.tcp.routers.mqtt.entrypoints=mqtt"
- "traefik.docker.network=public_facing"
I have no clue what I am missing as this seems like it should be straightforward.
Does anyone have ideas?