Wss configuration for nginx reverse proxy

prasad9920 · February 22, 2022, 1:45pm

Hi All,

Facing wss connection failed on nginx side. We are using nginx as reverse proxy. I searched on google it was showing required following config but after putting following config under stream it giving error as “nginx: [emerg] “location” directive is not allowed here in”. so I put same config under http section but getting another error as bind failed on 443.

    location /mqtt {
       access_log /wwwlogs/com.log;
       proxy_pass https://localhost:8084/mqtt;
       proxy_read_timeout 60s;
       proxy_set_header Host $host;
       proxy_set_header X-Real_IP $remote_addr;
       proxy_set_header X-Forwarded-for $remote_addr;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection 'Upgrade';
    }

Please anyone help me to fix this issue on nginx.

SShet · February 24, 2022, 2:26pm

Hello Prasad,

Welcome to Hivemq community Forum.

To enable reverse proxy for web-sockets you will need to put your configuration inside http block.

Following are the minimum required configs to enable websockets for Hivemq broker.

server {
        listen       8001;    #please make sure port is not used by any other process
        server_name  localhost;   # use your server name or ip

        location /mqtt {
            proxy_pass "http://localhost:8000/mqtt";  #use the port you have actually configured in your Hivemq config.xml.
            proxy_connect_timeout 1s;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "Upgrade";
            proxy_set_header Host $host;
         }
   
    }

Of course you can add SSL/TLS Termination configurations to same server block.
Also if you want to forward real ip to broker you will need to have proxy protocol feature enabled. This is a HiveMQ Enterprise Edition feature.

I hope this helps.

Kind regards,
Sheetal from the HiveMQ Team

prasad9920 · February 24, 2022, 2:57pm

Hi Sheetal,

Thanks for quick reply.

I configured the same config under http block it giving bind error on port 443.

Actually on nginx stream block is configured and when I put above config in server section of stream it showing error as location is not allowed in stream so I google it and put it under http block but it was giving bind 443.

I think nginx stream and http both want to bind on port 443 and this is making issue.

Daria_H · February 25, 2022, 9:15am

Hi Prasad,

could you please confirm exact HiveMQ version and flavour you are running?

thanks!
Dasha from HiveMQ Team

prasad9920 · February 25, 2022, 9:53am

Hi Daria,

hivmq version 3.3.3 and centos 7.9

SShet · February 25, 2022, 11:10am

Hello Prasad,

Thanks for reply. HiveMQ 3.3.3 is already reached end of life. We would recommend updating to the supported hivemq version.

It is not supported to listen on same port (443) in http and stream hence you are getting error with binding port. To resolve issue you will need to change port either for stream block or http block. We would recommend to use 8883 instead of 443 port for stream block.

Kind regards,
Sheetal

prasad9920 · February 25, 2022, 12:10pm

Hi Sheetal,

Thanks for quick response. My nginx stream config as under and I have doubt, do we have /mqtt is directory on hivemq installation location? because we are putting config on nginx to location search under /mqtt. My hivemq server running on 8883 I am using nginx as reverse proxy but due do wss issue I am stuck.

server {
listen 443 ssl;
server_name servername;

ssl_certificate certificate-path;
ssl_certificate_key key-file-path;

location /mqtt/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass https://127.0.0.1:8883/mqtt/;
proxy_ssl_certificate certificate-path;
proxy_ssl_certificate_key key-file-path;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
}

SShet · February 25, 2022, 2:43pm

Hello @prasad9920 ,

Can you please share your Hivemq config.xml as well as full Nginx configs. Also please share your full error what you observe with Nginx.

Kind regards
Sheetal from the HiveMQ Team

prasad9920 · February 25, 2022, 2:54pm

Hi Sheetal,

Thanks for help my bad I was putting wrong port 8883 it is actually 8885. After that change it is working properly under http block.

Following is the config for http section now. Keeping for reference

upstream broker1 {
server 192.168.10.35:8885;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate server-cert;
ssl_certificate_key cert-key-file;

            location /mqtt {
                    proxy_pass   http://broker1;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header Host $host;
                    proxy_read_timeout 300s;
                    proxy_connect_timeout   75s;
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
            }

Thanks for help Sheetal. Sorry for trouble.

prasad9920 · March 7, 2022, 8:00am

Hi Sheetal,

is it possible to share haproxy config for hivemq?

Regards,
Prasad

Topic		Replies	Views
Troubshooting to setup SSL /TLS websocket HiveMQ Community Edition	8	326	February 29, 2024
How to config Nginx correctly to use HiveMQ broker HiveMQ Community Edition	3	2352	February 26, 2020
How to Configure CE Broker with Domain name via Nginx HiveMQ Community Edition	15	877	March 30, 2023
Connection to Hivemq is failing	6	1014	September 22, 2023
Problem configuring TLS WS HiveMQ Community Edition	2	567	November 16, 2022

Wss configuration for nginx reverse proxy

Related topics