How to secure MQTT traffic over the internet


I’m running HAproxy on pfsense and NanoMQ on docker. I have an esp32 running mqtt client but I can’t use tls on it.
I saw that you can config HA for HTTP authentication but I can’t figure out how to apply this logic with MQTT.
Instead I’m using mqtt client id. What do you think?

see below config

frontend mqtt-id
	bind				WAN:8883 name WAN:8883   
	mode			tcp
	log				global
	timeout client	30000
	acl				id	req.payload(0,0),mqtt_field_value(connect,client_identifier) ESP32-MQTT-Client-123456789abc
	tcp-request content reject  if  !id 
	default_backend mqtt_ipvANY

backend mqtt_ipvANY
	mode				tcp
	timeout connect		30000
	timeout server		30000
	retries				3
	load-server-state-from-file	global
	stick-table type string len 32 size 100k expire 30m
	stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)
	server			mqtt LAN:1883