Appearance

Nginx 配置

  • FreeMQTT Plus 采用 Nginx 作为负载均衡器情形下,需要此配置。
  • 配置文件位于:~/freemqtt-swarm-compose/nginx/nginx.conf
  • 一般不需要修改,如果想禁止某个端口的访问,如 1883 端口,只需注释掉或删除对应的 server 节。

Nginx 配置文件内容

nginx
user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  50000;
    multi_accept on;
}

stream {
	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	upstream mqtt_backend {
		server freemqtt_anode:1883;
    }

    server {
        listen 1883;
        listen [::]:1883;
        proxy_pass mqtt_backend;
	    proxy_protocol on;
    }

	server {
        listen 8883 ssl;
        listen [::]:8883 ssl;
	    ssl_certificate /etc/nginx/ssl/freemqtt.crt; 
	    ssl_certificate_key /etc/nginx/ssl/freemqtt.key;
	    proxy_pass mqtt_backend;
        proxy_protocol on;
	}
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

#   access_log  /var/log/nginx/access.log main;
 	access_log /var/log/nginx/access.log;
 	error_log /var/log/nginx/error.log;
  
    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
#   include /etc/nginx/conf.d/*.conf;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

	upstream mqtt_over_ws_backend {
		server freemqtt_anode:80;
    }

    server {
        listen 8443 ssl;
        listen [::]:8443 ssl;
        server_name  localhost;

	    ssl_certificate /etc/nginx/ssl/freemqtt.crt; 
	    ssl_certificate_key /etc/nginx/ssl/freemqtt.key;

        location /mqtt {
            proxy_pass http://mqtt_over_ws_backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
	        proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Real-Port $remote_port;
        	proxy_set_header REMOTE-HOST $remote_addr;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_set_header X-Forwarded-Proto https;
        }
    }
}