MQTT TLS on port 8883 for outside world and 1883 for client in other docker container-CodePudding

I have a docker-compose file where I have a MQTT container and a python app container. The MQTT container must be able to accept connections over tls and port 8883 from the outside world. Only a client located in the other python app container should be able to connect unencrypted over port 1883.

Encrypted connections work. The only thing I don't know is how to define port 1883 for my other app container.

If I use the IP address (in mosquitto.conf) of the app container I will have to change it manually whenever it changes the IP of the app container. Is it possible to use the container name?

How can I define this in mosquitto.conf?

listener 8883
listener 1883 <app container host> ?

i mean if docker-compose:

version: '3.8'
services:
  app:
    build: ...
    .
    .

  mqtt-xyz:
    build: ...
    .
    .

then mosquitto.conf:

listener 8883
listener 1883 app

Thank you.

CodePudding user response：

Just bind both listeners to the default wildcard (0.0.0.0), and then only map the 8883 listener to the host in the compose file ports section.

You can then access the broker internally by the service name mqtt-xyz on port 1883

CodePudding user response：

To respond to your Question "can i use container NAME instead of IpAddress" yes you can but it's need to be in the same netework in your docker-compose file

and for "can i use multiple ports" according to Mosquitto documentation yes you can use multiple listener in config file

mosquitto.conf

Check the GitHub Doc for Mosquitto

I hope i helped you ,let me know if you need more help.