How to secure MQTT traffic over the internet

lp.descamps · March 27, 2023, 7:17pm

Hi,

I’m running HAproxy on pfsense and NanoMQ on docker. I have an esp32 running mqtt client but I can’t use tls on it.
I saw that you can config HA for HTTP authentication but I can’t figure out how to apply this logic with MQTT.
Instead I’m using mqtt client id. What do you think?

see below config

frontend mqtt-id
	bind				WAN:8883 name WAN:8883   
	mode			tcp
	log				global
	timeout client	30000
	acl				id	req.payload(0,0),mqtt_field_value(connect,client_identifier) ESP32-MQTT-Client-123456789abc
	tcp-request content reject  if  !id 
	default_backend mqtt_ipvANY

backend mqtt_ipvANY
	mode				tcp
	timeout connect		30000
	timeout server		30000
	retries				3
	load-server-state-from-file	global
	stick-table type string len 32 size 100k expire 30m
	stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)
	server			mqtt LAN:1883

Topic		Replies	Views
MQTTs - TLS verification issues Help!	3	59	September 10, 2024
Extracting and Validating MQTT Connection Parameters from CONNECT Packet in HAProxy WebSocket Setup Help!	0	308	August 17, 2023
Client_ip in tcp mode in HAPROXY v1.7 Help!	0	561	September 8, 2020
HAProxy Integration for JWT Token-Based MQTT Authentication in IoT Scenario Help!	0	473	August 19, 2023
Tcp Proxy tls Handshake after 12 hours Help!	1	363	February 23, 2022

How to secure MQTT traffic over the internet

Related topics