Merge remote-tracking branch 'origin/develop/1.3.0' into develop/1.3.0

thingsboard · Mar 27, 2024 · 477a053 · 477a053
2 parents 555adf4 + 6d8a102
commit 477a053
Show file tree

Hide file tree

Showing 8 changed files with 28 additions and 3 deletions.
diff --git a/application/src/main/java/org/thingsboard/mqtt/broker/server/tls/MqttSslHandlerProvider.java b/application/src/main/java/org/thingsboard/mqtt/broker/server/tls/MqttSslHandlerProvider.java
@@ -22,6 +22,7 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.server.AbstractMqttHandlerProvider;
 import org.thingsboard.mqtt.broker.ssl.config.SslCredentials;
@@ -42,6 +43,7 @@ public SslCredentialsConfig mqttSslCredentials() {
  }
 
  @Autowired(required = false)
+ @Lazy
  @Qualifier("mqttSslCredentials")
  private SslCredentialsConfig mqttSslCredentialsConfig;
 

diff --git a/application/src/main/java/org/thingsboard/mqtt/broker/server/wss/MqttWssHandlerProvider.java b/application/src/main/java/org/thingsboard/mqtt/broker/server/wss/MqttWssHandlerProvider.java
@@ -22,6 +22,7 @@
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.server.AbstractMqttHandlerProvider;
 import org.thingsboard.mqtt.broker.ssl.config.SslCredentials;
@@ -42,8 +43,9 @@ public SslCredentialsConfig mqttWssCredentials() {
  }
 
  @Autowired(required = false)
+ @Lazy
  @Qualifier("mqttWssCredentials")
- private SslCredentialsConfig mqttSslCredentialsConfig;
+ private SslCredentialsConfig mqttWssCredentialsConfig;
 
  @Override
  protected String getSslProtocol() {
@@ -52,7 +54,7 @@ protected String getSslProtocol() {
 
  @Override
  protected SslCredentials getSslCredentials() {
- return this.mqttSslCredentialsConfig.getCredentials();
+ return this.mqttWssCredentialsConfig.getCredentials();
  }
 
 }
diff --git a/...tion/src/main/java/org/thingsboard/mqtt/broker/ssl/SslCredentialsWebServerCustomizer.java b/...tion/src/main/java/org/thingsboard/mqtt/broker/ssl/SslCredentialsWebServerCustomizer.java
@@ -25,6 +25,7 @@
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
 import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.thingsboard.mqtt.broker.ssl.config.SslCredentials;
 import org.thingsboard.mqtt.broker.ssl.config.SslCredentialsConfig;
@@ -42,6 +43,7 @@ public SslCredentialsConfig httpServerSslCredentials() {
  }
 
  @Autowired
+ @Lazy
  @Qualifier("httpServerSslCredentials")
  private SslCredentialsConfig httpServerSslCredentialsConfig;
 

diff --git a/k8s/aws/receipts/mqtt-load-balancer.yml b/k8s/aws/receipts/mqtt-load-balancer.yml
@@ -42,3 +42,7 @@ spec:
  - port: 8883
  targetPort: 8883
  name: mqtts
+ # This way NLB acts as transparent load balancer and forwards all traffic to port 8085 without decryption.
+ - port: 8085
+ targetPort: 8085
+ name: mqtt-wss
diff --git a/k8s/aws/receipts/mqtts-load-balancer.yml b/k8s/aws/receipts/mqtts-load-balancer.yml
@@ -29,7 +29,7 @@ metadata:
  # Don't forget to replace YOUR_MQTTS_CERTIFICATE_ARN with the correct value
  service.beta.kubernetes.io/aws-load-balancer-ssl-cert: YOUR_MQTTS_CERTIFICATE_ARN
  service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
- service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "mqtts"
+ service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "mqtts,mqtt-wss"
 spec:
  type: LoadBalancer
  externalTrafficPolicy: Local
@@ -46,3 +46,7 @@ spec:
  - port: 8883
  targetPort: 1883
  name: mqtts
+ # This way NLB acts as an TLS termination point and forwards decrypted traffic to 8084 port of the TBMQ.
+ - port: 8085
+ targetPort: 8084
+ name: mqtt-wss
diff --git a/k8s/aws/tb-broker.yml b/k8s/aws/tb-broker.yml
@@ -75,6 +75,8 @@ spec:
  name: mqtts
  - containerPort: 8084
  name: mqtt-ws
+ - containerPort: 8085
+ name: mqtt-wss
  env:
  - name: TB_SERVICE_ID
  valueFrom:
@@ -156,3 +158,5 @@ spec:
  name: mqtts
  - port: 8084
  name: mqtt-ws
+ - port: 8085
+ name: mqtt-wss
diff --git a/k8s/azure/receipts/mqtt-load-balancer.yml b/k8s/azure/receipts/mqtt-load-balancer.yml
@@ -36,3 +36,6 @@ spec:
  - port: 8883
  targetPort: 8883
  name: mqtts
+ - port: 8085
+ targetPort: 8085
+ name: mqtt-wss
diff --git a/k8s/azure/tb-broker.yml b/k8s/azure/tb-broker.yml
@@ -75,6 +75,8 @@ spec:
  name: mqtts
  - containerPort: 8084
  name: mqtt-ws
+ - containerPort: 8085
+ name: mqtt-wss
  env:
  - name: TB_SERVICE_ID
  valueFrom:
@@ -144,3 +146,5 @@ spec:
  name: mqtts
  - port: 8084
  name: mqtt-ws
+ - port: 8085
+ name: mqtt-wss