This gist is to configure a Mosquitto MQTT Broker behind a Traefik reverse-proxy, both in a docker container. Mosquitto will be configuread as a TCP Service.
This is a simple configuration used on the same single server. Probably to be adapted for other cases. Having mosquitto behind a reverse proxy enables you to configure TLS on Traefik (likely you already do that for other applications as well) and to load balance different MQTT instances, but that goes beyond this gist.
As noted in Traefik docs, in the router you must use the rule HostSNI(`*`) when using non-TLS routers like in this example. Ref. https://docs.traefik.io/routing/routers/#rule_1
docker-compose.yml
networks:
mqtt:
driver: bridge
services:
reverse-proxy:
image: traefik:latest
container_name: "traefik"
# Enables the web UI
command:
- "--log.level=DEBUG"
- "--providers.docker=true"
- "--providers.docker.exposedByDefault=false"
- "--entrypoints.mqtt.address=:1883"
- "--entrypoints.websocket.address=:9001"
ports:
# Mosquitto
- "1883:1883"
- "9001:9001"
volumes:
# So that Traefix can listen to the Docker events
- /var/run/docker.sock:/var/run/docker.sock
networks:
- mqtt
mqtt:
container_name: mqtt
image: eclipse-mosquitto
networks:
- mqtt
restart: always
expose:
- 1883
- 9001
volumes:
- "mqtt:/mosquitto/"
labels:
- "traefik.enable=true"
- "traefik.docker.network=mqtt"
- "traefik.tcp.services.mqtt.loadbalancer.server.port=1883"
- "traefik.tcp.services.mqtt_websocket.loadbalancer.server.port=9001"
- "traefik.tcp.routers.tcpr_mqtt.entrypoints=mqtt"
- "traefik.tcp.routers.tcpr_mqtt.rule=HostSNI(`*`)"
- "traefik.tcp.routers.tcpr_mqtt.service=mqtt"
- "traefik.tcp.routers.tcpr_mqtt_websocket.entrypoints=websocket"
- "traefik.tcp.routers.tcpr_mqtt_websocket.rule=HostSNI(`*`)"
- "traefik.tcp.routers.tcpr_mqtt_websocket.service=mqtt_websocket"
version: "3.4"
volumes:
mqtt: ~