Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hslatman/poc-caddy-mqtt-proxy

A small POC using Caddy as a TLS-terminating MQTT proxy
https://github.com/hslatman/poc-caddy-mqtt-proxy

caddy caddyserver mqtt

Last synced: 24 days ago
JSON representation

A small POC using Caddy as a TLS-terminating MQTT proxy

Host: GitHub
URL: https://github.com/hslatman/poc-caddy-mqtt-proxy
Owner: hslatman
Created: 2020-12-28T13:36:56.000Z (almost 4 years ago)
Default Branch: main
Last Pushed: 2022-08-31T10:30:19.000Z (about 2 years ago)
Last Synced: 2024-06-20T03:32:34.480Z (5 months ago)
Topics: caddy, caddyserver, mqtt
Language: Go
Homepage:
Size: 11.6 MB
Stars: 8
Watchers: 3
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# POC for Caddy as an MQTT proxy

A small POC using Caddy as a TLS-terminating MQTT proxy

## Description

This is a small POC using Caddy as an MQTT proxy based on the (experimental) *[Project Conncept](https://github.com/mholt/caddy-l4)* TCP/UDP app.

Caddy is configured to terminate a secure MQTT port (8883) with a self-signed certificate and to proxy the TCP traffic to Mosquitto (port 1883) running in a Docker container.

In addition to MQTT, this POC also shows how MQTT over Secure WebSockets (wss) can be used.
The `wss` endpoint can be reached at `https://localhost:8443` and forwarded to Mosquitto port 9001.

Currently no matching is done, apart from matching on a valid TLS handshake, meaning that any TCP traffic (wrapped in TLS) to port 8883 or 8443 will thus be forwarded to Mosquitto.

## Enforcing MQTT Traffic via TLS

This repository also contains a custom Caddy Handler that terminates connections that don't look like MQTT.
Ideally this would have been a Matcher, but when matching an MQTT connection wrapped with TLS, it is not possible to inspect the contents without terminating the TLS connection first, which is done in the TLS Handler.
The MQTT Handler should thus be executed after the TLS termination Handler.
In `config.json` an example usage of the MQTT Handler is shown.

## TODO

* Test plain MQTT connection matching
* Add some type of (G)UI for visualizing MQTT communication
* Implement a handler that matches MQTT over WebSocket traffic?
* Implement an MQTTS matcher (like, TLS + MQTT wrapped; easier configuration)?
* Add configuration to MQTT matching (e.g. protocol version, authenticated yes/no, client IDs, etc ...)
* Add some publishing and subscribing clients for demo purposes
* Improve Compose setup
* Improve README.md
* Add stats/metrics (i.e. MQTT specific metrics? Bit of a stretch, though)
* Do stuff with client certificates (mTLS)
* Do something with ALPN support?