docker-compose.yml

version: '3.1'
services:
  emqx:
    image: emqx/emqx:5.0.17
    restart: always
    container_name: "emqx"
    privileged: true
    ports:
      - "11883:1883"
      - "18083:8083"
      - "18084:8084"
      - "18883:8883"
      - "28083:18083"
    volumes:
      - /etc/localtime:/etc/localtime
      - /etc/resolv.conf:/etc/resolv.conf
      - /usr/local/emqx/etc/emqx.conf:/opt/emqx/etc/emqx.conf
      - /usr/local/emqx/etc/jingxiapikey.dat:/opt/emqx/etc/jingxiapikey.dat
    environment:
      - "TZ=Asia/Shanghai"
    networks:
      default:
        ipv4_address: 172.23.0.11

networks:
  default:
    external:
      name: mynet

修改后的emqx.conf

## NOTE:
## Configs in this file might be overridden by:
## 1. Environment variables which start with 'EMQX_' prefix
## 2. File $EMQX_NODE__DATA_DIR/configs/cluster-override.conf
## 3. File $EMQX_NODE__DATA_DIR/configs/local-override.conf
##
## The *-override.conf files are overwritten at runtime when changes
## are made from EMQX dashboard UI, management HTTP API, or CLI.
## All configuration details can be found in emqx.conf.example

allow_anonymous = false

node {
  name = "[email protected]"
  cookie = "emqxsecretcookie"
  data_dir = "data"
}

log {
  file_handlers.default {
    level = warning
    file = "log/emqx.log"
  }
}

cluster {
  name = emqxcl
  discovery_strategy = manual
}

authentication = {
    mechanism = password_based
    backend = mysql
    query_timeout = 5s
    enable = true
    password_hash_algorithm {
      name = sha256
      salt_position = suffix
    }
    server = "url:3306"
    database = "database name"
    username = "db username"
    password = "db passoword"
    query = "SELECT password_hash, salt, is_superuser FROM mqtt_user where username = ${username} LIMIT 1"
}

listeners.tcp.default {
  bind = "0.0.0.0:1883"
  proxy_protocol = true
  max_connections = 1024000
  enable_authn = quick_deny_anonymous
}

listeners.ssl.default {
  bind = "0.0.0.0:8883"
  proxy_protocol = true
  max_connections = 512000
  ssl_options {
    keyfile = "etc/certs/key.pem"
    certfile = "etc/certs/cert.pem"
    cacertfile = "etc/certs/cacert.pem"
  }
}

listeners.ws.default {
  bind = "0.0.0.0:8083"
  proxy_protocol = true
  max_connections = 1024000
  websocket.mqtt_path = "/mqtt"
  enable_authn = quick_deny_anonymous
}

listeners.wss.default {
  bind = "0.0.0.0:8084"
  proxy_protocol = true
  max_connections = 512000
  websocket.mqtt_path = "/mqtt"
  ssl_options {
    keyfile = "etc/certs/key.pem"
    certfile = "etc/certs/cert.pem"
    cacertfile = "etc/certs/cacert.pem"
  }
}

# listeners.quic.default {
#  enabled = true
#  bind = "0.0.0.0:14567"
#  max_connections = 1024000
#  keyfile = "etc/certs/key.pem"
#  certfile = "etc/certs/cert.pem"
#}

dashboard {
    listeners.http {
        bind = 18083
    }
    default_username = "username"
    default_password = "password"
}

api_key {
  bootstrap_file = "/opt/emqx/etc/jingxiapikey.dat"
}

api-key文件

key:secret

如何在emqx容器中获得真实的IP

nginx 配置

stream {
  upstream stream_backend {
      zone tcp_servers 64k;
      hash $remote_addr;
      server 127.0.0.1:11883 max_fails=2 fail_timeout=30s;
  }

  server {
      listen 8883 ssl;
      ssl_certificate  /xxx.pem;
      ssl_certificate_key /xxx.key;
      ssl_session_timeout 15m;
      proxy_pass stream_backend;
      proxy_buffer_size 4k;
      proxy_protocol on; #这里是关键
  }
}
修改之后: systemctl restart nginx