This page describes how to use the HTTPS (SSL/TLS Termination) Feature, which is part of the Security Plugin that is provided by the Management Center for the Pro Edition of Eclipse Mosquitto (MMC).
We recommend using a setup with a reverse proxy that handles TLS termination, but if your use case requires terminating TLS on the MMC side, this can now be done using this feature.
HTTPS (SSL/TLS Termination) Feature Overview
TLS Termination on the MMC side allows you to use HTTPs protocol without the need to set up a reverse proxy in front of the MMC.
Enable HTTPS Plugin
To enable the plugin, you should make sure you are using Pro Edition of Mosquitto and that you have the User Management
security feature enabled in your license. Also, ensure that your config file (specified with
CEDALO_MC_PROXY_CONFIG environmental variable or by default saved in
management-center/config/config.json) contains the following entry inside of the
Also, you need to specify the following environmental variables for HTTPS configuration:
You can read more about these variables below.
On start-up, the Management Center will print a message that the
https plugin is enabled and loaded into the console:
Loaded plugin: "cedalo_https" (Cedalo MMC SSL/TLS termination)
You will also see the messages like:
Starting Mosquitto proxy server at https://localhost:443
Started Mosquitto proxy server at https://localhost:443
When using HTTPS, we recommend using the standard HTTPs 443 port. To configure it, change the value of the
CEDALO_MC_PROXY_PORT environmental variable
HTTPS Environmental variables
More information on the HTTPS configuration variables:
CEDALO_MC_PLUGIN_HTTPS_KEY_PATH- path to server's private key file (required)
CEDALO_MC_PLUGIN_HTTPS_CERT_PATH- path to server's certificate (required)
CEDALO_MC_PLUGIN_HTTPS_CA_PATH- path to CA certificate (optional)
Note that if the HTTPS plugin is enabled in the config file but encounters an error, which in most cases is due to misconfiguration, then the MMC will not be started and will shut down.