From 21e99872f698fd8e49818d032dfce5c7006b43e2 Mon Sep 17 00:00:00 2001 From: Maaike Date: Mon, 16 Dec 2024 14:47:54 +0100 Subject: [PATCH] websockets for mqtt --- docs/source/user/public-services-setup.rst | 18 ++++++++++++++++-- nginx/nginx-ssl.conf | 7 +++++++ nginx/nginx.conf | 7 +++++++ 3 files changed, 30 insertions(+), 2 deletions(-) diff --git a/docs/source/user/public-services-setup.rst b/docs/source/user/public-services-setup.rst index e4092c60..32560d23 100644 --- a/docs/source/user/public-services-setup.rst +++ b/docs/source/user/public-services-setup.rst @@ -24,7 +24,7 @@ Please ensure that you follow these best practices to ensure your wis2box-instan The wis2box development team is not responsible for the security of your wis2box-instance and it is your responsibility to ensure that your wis2box instance is secure. -GitHub issues and discussions provide a resourece and forum to discuss general wis2box features, bugs and updates. For specific security related questions, please write to ``wis2-support at wmo.int``. +GitHub issues and discussions provide a resource and forum to discuss general wis2box features, bugs and updates. For specific security related questions, please write to ``wis2-support at wmo.int``. web-proxy (nginx) ^^^^^^^^^^^^^^^^^ @@ -39,6 +39,7 @@ wis2box runs a local nginx container allowing access to the following HTTP based UI (wis2box-ui),`WIS2BOX_URL/` Storage (incoming data) (minio:wis2box-incoming),`WIS2BOX_URL/wis2box-incoming` Storage (public data) (minio:wis2box-public),`WIS2BOX_URL/data` + Websockets (WIS2-notifications),`WIS2BOX_URL/mqtt` You can edit ``nginx/nginx.conf`` to control which services are exposed through the nginx-container include in your stack. @@ -142,6 +143,19 @@ By exposing port 1883 on your host, the Global Broker will be able to subscribe The ``everyone`` user is defined by default for public readonly access (``origin/#``) as per WIS2 Node requirements. +When you add SSL to your wis2box instance, the internal MQTT broker will be accessible on port 8883 on the host running wis2box using the MQTT over SSL protocol (MQTTS). + +The mosquitto-service within wis2box also has websockets enabled and is proxied on '/mqtt' by the nginx container. + +The broker-address for the Global Broker to subscribe to WIS2 notifications using the mosquitto-service within wis2box is: + +- `mqtt://everyone:everyone@WIS2BOX_HOST:1883` - for MQTT without SSL +- `mqtts://everyone:everyone@WIS2BOX_HOST:8883` - for MQTT with SSL +- `ws://everyone:everyone@WIS2BOX_HOST/mqtt:80` - for MQTT over websockets without SSL +- `wss://everyone:everyone@WIS2BOX_HOST/mqtt:443` - for MQTT over websockets with SSL + +Where ``WIS2BOX_HOST`` is the hostname or IP address of the host running wis2box. + External broker --------------- @@ -229,4 +243,4 @@ Next: :ref:`downloading-data` .. _`Elasticsearch`: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html .. _`OGC API`: https://ogcapi.ogc.org .. _`nginx`: https://www.nginx.com/ -.. _`traefik`: https://traefik.io/ +.. _`traefik`: https://traefik.io/ \ No newline at end of file diff --git a/nginx/nginx-ssl.conf b/nginx/nginx-ssl.conf index 81a38d16..108dbe41 100644 --- a/nginx/nginx-ssl.conf +++ b/nginx/nginx-ssl.conf @@ -86,6 +86,13 @@ proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; } + location /mqtt { + proxy_pass http://mosquitto:8884; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + } location / { proxy_pass http://wis2box-ui:80; } diff --git a/nginx/nginx.conf b/nginx/nginx.conf index fd19673f..8a975ca6 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -83,6 +83,13 @@ proxy_set_header Authorization $http_authorization; proxy_pass_header Authorization; } + location /mqtt { + proxy_pass http://mosquitto:8884; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_set_header Host $host; + } location / { proxy_pass http://wis2box-ui:80; }