OPNsense Forum

Archive => 24.1, 24.4 Legacy Series => Topic started by: andyw on May 07, 2024, 02:53:44 PM

Title: Advice
Post by: andyw on May 07, 2024, 02:53:44 PM
Hello, I was wondering if anyone could help in regards to Nginx or Haproxy.

I have currently got couple of web servers (Using Lets Encrypt) running through Nginx as the "Security Rules" implementation is an added layer of protection.
I have the need to host an mqqt server ideally with tls and was wondering if this should still be done through Nginx or do I need to deploy Haproxy for this? Is it possible to have both Nginx and Haproxy on the same instance of Opnsense?

Any advice would be appreciated.

Thanks in advance,
Andy
Title: Re: Advice
Post by: muchacha_grande on May 08, 2024, 05:08:55 PM
Hi andyw,
I use Nginx and have an mqtts server. I don't use Nginx to proxy mqtt, instead, it is forwarded vía NAT and I connect directly from the outside.
If you already have certificates using Lets Encrypt with ACME plugin, you could program an automation to copy the new certificates to the mqtt server box and restart the service on each renewal.

Cheers
Title: Re: Advice
Post by: Patrick M. Hausen on May 08, 2024, 05:27:06 PM
You need to activate the community repository as documented here:
https://www.routerperformance.net/opnsense-repo/

Possibly not a good idea if you run the business edition because the system is mission critical - but that's for you to decide.
Title: Re: Advice
Post by: andyw on May 23, 2024, 04:06:04 PM
Thank you both for your replies. What benefit of activating the community repository would benefit me?
@ muchacha_grande do you have any redundency in your setup?

Thank you
Title: Re: Advice
Post by: Patrick M. Hausen on May 23, 2024, 04:11:50 PM
Sorry for the confusion - that should have gone to a completely different thread.
Title: Re: Advice
Post by: muchacha_grande on May 28, 2024, 09:05:58 PM
Hi @andyw,

Quote from: andyw on May 23, 2024, 04:06:04 PM
@ muchacha_grande do you have any redundency in your setup?

No, I don't. Just one mqtt server with a port forward rule.

Cheers