Thank you Andre for your quick answer.
But i still haven't figured out why does this doesn't work.
So i have a very simple haproxy configuration file:
global
log /dev/log local0 info
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 5000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats mode 644 level admin
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options prefer-client-ciphers no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-server-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-dh-param-file /etc/haproxy/dhparams.pem
defaults
mode http
log global
option httplog
option dontlognull
option http-server-close
option redispatch
retries 3
timeout http-request 10s
timeout http-keep-alive 5s
... Http stuff
listen srv-vernemq
bind 1xxx.xxx.xxx.xxx:1883
mode tcp
server srv-vernemq-01 xx.xx.xx.xx:1883 check send-proxy-v2
When using this configuration i am able to connect to vernemq via haproxy
eg:
$ mosquitto_sub -h <FQDN> -p 1883 -t '#' -u <USER> -P <PASSWORD> -d
Client (null) sending CONNECT
Client (null) received CONNACK (0)
Client (null) sending SUBSCRIBE (Mid: 1, Topic: #, QoS: 0, Options: 0x00)
Client (null) received SUBACK
Subscribed (mid: 1): 0
If i change the haproxy to do SSL termination:
HAPROXY:
listen srv-vernemq
bind 1xxx.xxx.xxx.xxx:1883 ssl crt /etc/certs/cert.pem
mode tcp
server srv-vernemq-01 xx.xx.xx.xx:1883 check send-proxy-v2
Trying with mosquitto:
$ mosquitto_sub -h <FQDN> -p 1883 -t '#' -u <USER> -P <PASSWORD> -d
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Client (null) sending CONNECT
Stays like this until i get a timeout.
I think that i am missing something maybe in HAProxy or how i use mosquitto to validate the setup, which also leaves to ask another question, how or which tool do the vernemq community recommends to try/validate/access the vernemq server that supports TCP, SSL and Websockets, i am new to this mqtt world so knowledge is null regarding this subject, but in the documentation i also dident find any examples or references in how to interact with vernemq from a client perspective.
Thank you all in advance.
Op donderdag 10 juni 2021 om 15:10:27 UTC+2 schreef
a...@erl.io: