emqx_cluster/single_node/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log notice;
pid        /var/run/nginx.pid;

events {
    worker_connections  10240;
}

stream {

  upstream emqxtcp {
    server emqx1:1883;
    server emqx2:1883; 
    server emqx3:1883;
  }

  upstream emqxtls {
    # weight

    # down: Indicates that the current server is temporarily excluded from load balancing.
    # weight: Default is 1, where higher weight results in a larger load share.
    # max_fails: Maximum number of allowed request failures; defaults to 1.
    # fail_timeout: Timeout after which failures are considered; default is 10 seconds. After reaching max_fails failures, the server is paused.
    # backup: When other non-backup servers are down or busy, requests are sent to the backup server.
    
    server emqx1-cluster.emqx.io:1883 weight=1 max_fails=2 ;
    server emqx2-cluster.emqx.io:1883 weight=1 max_fails=2 down;
    server emqx3-cluster.emqx.io:1883 weight=2 max_fails=2; 
  }

  # 多网卡
  # split_clients "$remote_addr$remote_port" $multi_ip {        
  #   20% 10.211.55.5;        
  #   20% 10.211.55.20;        
  #   20% 10.211.55.21;        
  #   20% 10.211.55.22;        
  #   * 10.211.55.23;    
  # }

  # TCP
  server {
    listen 1883;
    # Multiple Network Interfaces
    #proxy_bind $multi_ip;

    proxy_pass emqxtcp;
    # EMQX corresponding listeners need to enable the proxy protocol.
    # proxy_protocol on;
  }

  # TLS
  server {
    listen 8883 ssl; 

    
    # If the certificate doesn't match the hostname, validation needs to be disabled.
    ssl_verify_client off;
    ssl_verify_depth 0;

    ssl_certificate /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
    ssl_handshake_timeout 15s;

    proxy_pass emqxtls;
    proxy_buffer_size 4k;

     # EMQX corresponding listeners need to enable the proxy protocol.
    # proxy_protocol on;
  }

}

http {
  # Nginx status
  server {
    listen 8888;
    
    location /status {            
      stub_status on;            
      access_log off;            
    }
  }

  upstream emqxws {
    server emqx1-cluster.emqx.io:8083;
    server emqx2-cluster.emqx.io:8083;
    server emqx3-cluster.emqx.io:8083;
  }
  
  # ws
  server {
    listen 8083;

    location /mqtt {
        proxy_pass http://emqxws;
        
        # websocket连接的Upgrade必须设置为WebSocket，表示在取得服务器响应之后，使用HTTP升级将HTTP协议转换(升级)为WebSocket协议            
        proxy_set_header Upgrade $http_upgrade;            
        # websocket 的Connection必须设置为Upgrade，表示客户端希望连接升级            
        proxy_set_header Connection "Upgrade";            
        #反向代理真实IP            
        proxy_set_header Host $host;            
        proxy_set_header X-Real-IP $remote_addr;            
        proxy_set_header REMOTE-HOST $remote_addr;            
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;              
        #禁用缓存             
        proxy_buffering off;
    }
  }

  # wss
  server {
    listen 8084 ssl;
    ssl_certificate /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;

    location /mqtt {
        proxy_pass http://emqxws;

        # WebSocket Connection Upgrade must be set to "WebSocket," indicating that after receiving a server response, the HTTP protocol is transformed (upgraded) to the WebSocket protocol.
        proxy_set_header Upgrade $http_upgrade;            
        # WebSocket Connection header must be set to "Upgrade," indicating that the client wishes to upgrade the connection.            
        proxy_set_header Connection "Upgrade";            
        # Proxy Real IP     
        proxy_set_header Host $host;            
        proxy_set_header X-Real-IP $remote_addr;            
        proxy_set_header REMOTE-HOST $remote_addr;            
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;              
        # Disable Caching         
        proxy_buffering off;
    }
  }
}