System: linux (centos7.6)
deployment method: single node deployment docker +nginx+ssl
version: emqx 3.X (use the latest official image)
The configuration is as follows:
1. docker deployment (remember here, because it is a single node deployment, port 8084 must be given to nginx)
docker run -dit --restart always --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8085:8084 -p 18084:18083 emqx/emqx
#Change administrator password
#Enter the container and execute
/opt/emqx/bin/emqx_ctl admins passwd xiaoka
#docker exec -it emqx sh -c "/opt/emqx/bin/emqx_ctl admins passwd admin Passwordadmin "
2.nginx+wss deployment
#/etc/nginx/conf.d/wss.conf
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream wssweb {
server localIP:18083;
}
upstream wss {
server localIP:8083;
}
server {
listen 80;
server_name ws.xiaokakj.com;
root html;
index index.html index.htm;
location / {
proxy_pass http://wssweb;
}
}
server {
listen 8084 ssl;
server_name ws.test.com;
root html;
index index.html index.htm;
ssl_certificate /etc/nginx/cert/a.pem;
ssl_certificate_key /etc/nginx/cert/a.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location /mqtt {
proxy_pass http://wss;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-Ip $remote_addr;
}
}