Connect to MQTT broker (aedes running on AWS) from public client

[divyansh]

Hi, I am not sure if this is an issue or if it is not working due to some settings on my side.

I have installed node-red on AWS EC2 - Windows Instance and enable IIS Manager and installed websockets,enabling websockets through Server Manager was necessary to have node-red started fully on EC2.(before enable websockets, node-red was getting disconnected after login)

Now, the task is to run MQTT broker on the AWS EC2 instance and connect to it using public clients.

I have installed aedes broker and configure following: MQTT port: 1884 WS port : 8080 Have entered - user and password in security,my flow is attached

Now can when i try to connect by any client like google lens or hiveMQ client I am getting error.

Can anybody tell what mistake I am doing ?

As I am able to subscribe to Aedes MQTT broker on localhost, how can I connect Aedes MQTT broker through public clients.

Thanks and Regards,

[martin-doyle]

Some thoughts: Did you configure the associated security group and network access control list for the ports 1884 and 8080 in AWS EC2? Does Node-Red run on http or https? Can you access your local node-red-contrib-aedes with an external client like HiveMQ Websocket Client?

[divyansh]

Hi, I was able to configure MQTT and web sockets. I used NGINX and everything works fine. Thanks,

[martin-doyle]

Thank you for your message.That is good news. Would you mind sharing your setup? What needs to be considered in an AWS environment?

[divyansh]

Hi, Sure I explain everything, but can't share the setup file as it carries passwords to aws and node-red certificates. ( I have shared on the node-red forum also - https://discourse.nodered.org/t/connect-to-mqtt-broker-aedes-running-on-aws-from-public-client/25732/5 The main problems were

I was using IIS in which I wasn't able to configure proxy for MQTT.I disabled IIS, downloaded NGINX . To test if I am able to reach the website, I changed the default listen 80 ( HTTP) to some other port 8080. On opening 27.0.0.1:8080 ,I was able to see the default page of NGINX, with this I was sure that i am on right path.

Now the above, was to be checked with public client.On browser, I typed my domainname:8080 , I wasn't able to see. For this step : I set my in bound ports (Your EC2 Instance >security Groups) in AWS to allow tcp input and output connection on port 8080. PS: Not sure if outgoing rules are to necessary be set .

I set windows firewall on by Ec2 instance to allow inbound rules for all connections types to allow incoming data from port 8080.

4)Great!! by these simple 3 steps , I was able to setup my proxy server using NGINX.

Now for MQTT , went through following tutorial and everything worked.I didn't change any setting on my node-red. [https://www.nginx.com/blog/nginx-plus-iot-load-balancing-mqtt/#match 1] Trick : Before setting up everything on Cloud Instance, just check everything on your local machine. Then simply copy and paste the settings.js file of node-red , config file of nginx ( with some changes in path).This will save you a lot of lag which might delay your development in cloud

Happy Coding!!

[tronium]

Hi, I forked this repo and made modifications to provide public client access when the Node-RED server has no public-IP or behind firewall. I added another option to the Websocket parameter to bind to the path of the Node-RED http/https url.

https://github.com/tronium/node-red-contrib-aedes/commit/591fb96c5f3c3de6753be72ded1978faf59f0283

[martin-doyle]

Cool. Would you mind sending a Pull request? How about an instruction on the README.md? I would update the Changelog.md and the tests as well. Let me know what you think. Martin

[tronium]

I added a section on the README.md and made a Pull Request.

Thanks.

[martin-doyle]

Merged. New version 0.5 includes the Websocket path feature.

[tronium]

Nice!