Advice

[andyw]

Hello, I was wondering if anyone could help in regards to Nginx or Haproxy.

I have currently got couple of web servers (Using Lets Encrypt) running through Nginx as the "Security Rules" implementation is an added layer of protection.
I have the need to host an mqqt server ideally with tls and was wondering if this should still be done through Nginx or do I need to deploy Haproxy for this? Is it possible to have both Nginx and Haproxy on the same instance of Opnsense?

Any advice would be appreciated.

Thanks in advance,
Andy

[muchacha_grande]

Hi andyw,
I use Nginx and have an mqtts server. I don't use Nginx to proxy mqtt, instead, it is forwarded vía NAT and I connect directly from the outside.
If you already have certificates using Lets Encrypt with ACME plugin, you could program an automation to copy the new certificates to the mqtt server box and restart the service on each renewal.

Cheers

[Patrick M. Hausen]

You need to activate the community repository as documented here:
https://www.routerperformance.net/opnsense-repo/

Possibly not a good idea if you run the business edition because the system is mission critical - but that's for you to decide.

[andyw]

Thank you both for your replies. What benefit of activating the community repository would benefit me?
@ muchacha_grande do you have any redundency in your setup?

Thank you

[Patrick M. Hausen]

Sorry for the confusion - that should have gone to a completely different thread.

[muchacha_grande]

Hi @andyw,

@ muchacha_grande do you have any redundency in your setup?

No, I don't. Just one mqtt server with a port forward rule.

Cheers