Nginx 配置

• FreeMQTT Plus 默认使用 Nginx 作为负载均衡器
• 用户也可以用其他任何4层TCP负载均衡器，如HAProxy
• 配置文件位于：~/freemqttplus-compose/nginx 路径下

Nginx 配置文件：nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;
worker_rlimit_nofile 65535;

events {
    use epoll;
    worker_connections  50000;
    multi_accept on;
}

stream {
	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	upstream mqtt_backend {
		server fmq-a1:1883;
		server fmq-a2:1883;
		server fmq-a3:1883;
    }
    server {
        listen 1883;
        proxy_pass mqtt_backend;
    }
	server {
	    listen 8883 ssl;
	    ssl_certificate /etc/nginx/ssl/freemqtt.net.crt; 
	    ssl_certificate_key /etc/nginx/ssl/freemqtt.net.key;
#	    ssl_dhparam /etc/nginx/ssl/freemqtt.net.origin.key;
	    proxy_pass mqtt_backend;
	}

}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;
	##
	# SSL Settings
	##
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
#   include /etc/nginx/conf.d/*.conf;

    map $http_upgrade $connection_upgrade {
        default upgrade;
        '' close;
    }

	upstream mqtt_over_ws_backend {
		server fmq-a1:1080;
		server fmq-a2:1080;
		server fmq-a3:1080;
    }

    server {
        listen       80;
        listen  [::]:80;
        server_name  localhost;

        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }
        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }

        location /mqtt {
            proxy_pass http://mqtt_over_ws_backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
	        proxy_set_header X-Real-IP $remote_addr;
        	proxy_set_header REMOTE-HOST $remote_addr;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_set_header X-Forwarded-Proto https;
        }
    }

    server {
        listen 443 ssl;
        listen  [::]:433 ssl;
        server_name  localhost;
	    ssl_certificate /etc/nginx/ssl/freemqtt.net.crt; 
	    ssl_certificate_key /etc/nginx/ssl/freemqtt.net.key;
#       ssl_dhparam /etc/nginx/ssl/freemqtt.net.origin.key;
        location /mqtt {
            proxy_pass http://mqtt_over_ws_backend;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
            proxy_set_header Host $host;
	        proxy_set_header X-Real-IP $remote_addr;
        	proxy_set_header REMOTE-HOST $remote_addr;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	        proxy_set_header X-Forwarded-Proto https;
        }
    }
}