Ok, makes sense it doesn’t work with the device URL
To your questions
Is the device who is trying to access to your broker connected on the same network?
No the device is not in the same network.
The client is in an unknown remote network. The balena device is behind a gateway, which is accessible via the internet. The Gateway forwards specific ports (
8883) and points at the balena device in it’s own network.
Think of it like having a balena device at your home and your router forwards these ports. The router (gateway) has an address
This address is accessible via the internet and this already works with the unsecured websocket connection.
ws://someaddress.com:8083 works as intended.
if you want to use the edge device as your global MQTT/wss broker probably you will need to add extra-containers
It’s not clear to me, why there should be additional containers. It already works with an unsecured websocket connection, so I assume it’s a certificate issue.
Either we set up a device wide certificate, which was the initial question of this thread or we somehow make it work for the emqx container.
It’s still unclear to me where to save the certificate on the balena host. E.g. which directory holds the ssl certificates, and which directory holds the certificate keys?
I have tried something else.
I created a new image with the certificates copied into the container filesystem. However this also doesn’t work.
COPY domain.crt /etc/certs/emqx.crt
COPY domain.key /etc/certs/emqx.key
CMD ["/opt/emqx/bin/emqx", "foreground"]