[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [mosquitto-dev] Mosquitto over SSL refuses publishing message
|
No,
Unless you have explicitly configured nginx to proxy for mosquitto it
will definitely not be.
It was going slowly because we've been slowly stripping away at what was
actually happening.
The point about using fullchain.pem rather than chain.pem is the best
option going forward (as well as sorting what ever permissions problem
you have)
On 16/09/2019 18:36, Aman Alam wrote:
> Thanks so much everybody.
>
> Nginx came with the on-click install of RoR on Digital Ocean,.
> I don't know much about nginx, similarly I don't know too much about
> SSL, yet.
> But I'll try to start finding out more about my config and post back
> here and on StackOverflow.
>
>>Nginx, is it reverse proxying for mosquitto? if so is it doing SSL
> termination?
> Nginx is reverse proxying for the Puma webserver, but I am not sure
> whether it's proxying for mosquitto or if it's doing SSL Termination.
> I'll check that and report back.
>
> Yes, this question is also on StackOverflow and is moving slowly, but it
> moved much faster here, and I at least learned that it's probably got to
> do more with Nginx :) (Thanks Anil, Greg)
> (I'll definitely update StackOverflow when I find a solution)
>
> -Aman
>
>
> On Mon, Sep 16, 2019 at 10:46 AM Greg Troxel <gdt@xxxxxxxxxx
> <mailto:gdt@xxxxxxxxxx>> wrote:
>
> <colin.helliwell@xxxxxxxxxxxxxx
> <mailto:colin.helliwell@xxxxxxxxxxxxxx>> writes:
>
> > FWIW, I've had the same problem with Home Assistant - it needs the
> > 'fullchain' file that LetsEncrypt generate, not the 'cert'.
>
> It's not really a problem so much as an expected situation. The nature
> of PKIX is that there is a set of normal trust anchors and when you send
> a cert from a server you have to send the entire chain except for what's
> in the recipient's trust anchor set. Many CAs have a root and then
> intermeidate certificates used to sign end enitty certs. If those
> intermediate ones are sent, via using the fullchain.pem file, nobody
> notices this.
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx <mailto:mosquitto-dev@xxxxxxxxxxx>
> To change your delivery options, retrieve your password, or
> unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
>
>
>
> --
> *Aman Alam*
> amanalam.com <https://www.amanalam.com>
>
> (Not sent from an iPhone)
>
>
> _______________________________________________
> mosquitto-dev mailing list
> mosquitto-dev@xxxxxxxxxxx
> To change your delivery options, retrieve your password, or unsubscribe from this list, visit
> https://www.eclipse.org/mailman/listinfo/mosquitto-dev
>
--
http://www.hardill.me.uk/wordpress
http://about.me/hardillb
http://flickr.com/photos/hardillb/
http://last.fm/user/hardillb
https://keybase.io/hardillb
