Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [mosquitto-dev] Advice needed (long, sorry)

Hi Stefano

This is not so easy with load balancing, would be interesting to hear how people is doing this.
With AWS this is dead easy :) - can use the ELB to connect the TSL clients on SSL, say port 8883 and terminate this to clear text TCP port say 1883
So the Amazon's ELB takes care of your security side - you just load the certificate on the ELB and run your brokers behind the ELB on clear text, without having to setup the broker with SSL connections ext  - Not sure about HAProxy or NGinx but sure other load balancing system should be able to do this as welll - ssl termination 

If you do use TLS with clients, you can take adv of the usern+pass in MQTT to do even more security things - one side you keep the man in the middel out with SSL while with user+pass you verify the device to the real deal. THIS also helps keeping your connection from being dropped by somebody trying to hijack your session. What i mean with this is - if you connect with say ID:ABC and I also connect with the same ID:ABC, you will be throw off and I will become device:ABC - with TSL+Usern+Pass you secure the line and keep people from dropping you off

Hope this helps or provide some options

Izak Smit

On Thu, Feb 12, 2015 at 8:45 AM, Stefano Costa <stefano.costa@xxxxxxxxxxx> wrote:

Il giorno 11/feb/2015, alle ore 23:06, Manuel Domínguez Dorado <manolodd@xxxxxxxxx> ha scritto:

Hi Stefano, thanks.

This is a very complex data. We are designing API messages that are about 200 bytes size (average). The 

This is the sort of discussion where one can learn a lot from comments and experience of others! Thanks. If you're willing to share (and others too): are you using TLS for clients? Or any other crypt and auth. This is not so easy with load balancing, would be interesting to hear how people is doing this.

Thanks again for the salt!

mosquitto-dev mailing list
To change your delivery options, retrieve your password, or unsubscribe from this list, visit

Back to the top