So, I ran into a few issues and it took me a bit to work it out, but I got it. I’m also using nginx for the main Home Assistant page so I can do Alexa integration (which is awesome, can’t believe I put it off so long). At first I was trying to stick mosquitto in the sites-available like you did, but that directory by default is for HTTP connections, like websites. So it works for the Home Assistant site, but not for throwing the stream thing in there for MQTT, get errors about stream object in a bad spot. Ended up poking around your linked guide and just adding the stream config after the http config in the main nginx.conf file.
My other problem was I kept getting errors about “the shared memory zone ‘SSL’ is already declared for a different use in /etc/nginx/nginx.conf.” So, I removed all the SSL config stuff from the stream config. This produced a new error “no ‘ssl_certificate’ is defined in server listening on SSL port while SSL handshaking”. So, I went back and added in the ssl_certificate, ssl_certificate_key, and dhparam parameters to the stream config. They point to the same files I used for my main site access.
This is what I ended up with:
stream {
upstream mosquitto {
server servername:1883; # My MQTT server isn't on the same server
}
server {
listen 8883 ssl;
proxy_pass mosquitto;
ssl_certificate /etc/nginx/ssl/cert.crt;
ssl_certificate_key /etc/nginx/ssl/cert.key;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
}
}
Just wanted to share in case anyone else runs into those issues.
Note, I’m using a Ubuntu VM for Home Assistant and Nginx (same server) and CentOS VM for Mosquitto. So, I didn’t have to do anything special to use the stream directive. I’m also using Zanzito with the OwnTracks emulation with no issues. And I previously bought a wildcard SSL cert through ssl2buy.com (fairly cheap if you want to go that option vs letsencrypt or something similar).