How to secure MQTT traffic over the internet

lp.descamps · March 27, 2023, 7:17pm

Hi,

I’m running HAproxy on pfsense and NanoMQ on docker. I have an esp32 running mqtt client but I can’t use tls on it.
I saw that you can config HA for HTTP authentication but I can’t figure out how to apply this logic with MQTT.
Instead I’m using mqtt client id. What do you think?

see below config

frontend mqtt-id
	bind				WAN:8883 name WAN:8883   
	mode			tcp
	log				global
	timeout client	30000
	acl				id	req.payload(0,0),mqtt_field_value(connect,client_identifier) ESP32-MQTT-Client-123456789abc
	tcp-request content reject  if  !id 
	default_backend mqtt_ipvANY

backend mqtt_ipvANY
	mode				tcp
	timeout connect		30000
	timeout server		30000
	retries				3
	load-server-state-from-file	global
	stick-table type string len 32 size 100k expire 30m
	stick on req.payload(0,0),mqtt_field_value(connect,client_identifier)
	server			mqtt LAN:1883

Topic		Replies	Views
HAProxy Integration for JWT Token-Based MQTT Authentication in IoT Scenario Help!	0	315	August 19, 2023
Tcp Proxy tls Handshake after 12 hours Help!	1	310	February 23, 2022
Arbitrary TCP (and HTTP) over port Help!	3	4466	March 22, 2016
TLS Passthrough with new port listening and RPC filtering Help!	7	869	December 12, 2018
HAPROXY websockets over http2.0 don't work Help!	4	367	September 8, 2023

How to secure MQTT traffic over the internet

Related Topics