# MQTT-TLS reverse proxy.
# Public:   mqtt.wbd-rd.nl:8883 (TLS, terminated here)
# Upstream: rabbitmq:1883 (plaintext on internal `app` network)

server {
    listen 8883 ssl;

    ssl_certificate     /etc/letsencrypt/live/infra/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/infra/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;

    proxy_pass rabbitmq:1883;
    proxy_timeout 10m;
    proxy_connect_timeout 5s;
}