Through a fair bit of experiementation, I managed to this going with letsencrypt SSL and basic auth on nginx so just sharing it here:
My nginx config looks like this.
server {
listen 8889 ssl;
server_name YOURSERVER; # Your site
ssl_certificate /etc/letsencrypt/live/YOURSERVER/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSERVER/privkey.pem;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
location / {
proxy_pass http://localhost:1884/; # Mosquitto websockets port
proxy_redirect default;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
}
}
On iOS app, at least (don’t know about Android):
Mode: Private (not HTTP)
Host: username:password@YOURSERVER
Port: 8889
WebSockets: Enabled
TLS: Enabled:
Authentication: Disabled