1、生产自签证书
mkdir /etc/emqttd/certs/ && cd /etc/emqttd/certs/ openssl genrsa -out ca-key.pem 2048 openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca"
2、配置nginx的ssl
#emqx upstream stream_backend { zone tcp_servers 64k; hash $remote_addr; server 172.31.182.156:30883 max_fails=2 fail_timeout=30s; } server { listen 1883 ssl; #status_zone tcp_server; proxy_pass stream_backend; proxy_buffer_size 4k; ssl_handshake_timeout 15s; ssl_certificate /etc/emqttd/certs/ca.pem; ssl_certificate_key /etc/emqttd/certs/ca-key.pem; } }
3、客户端连接