This documentation is part of the "Projects with Books" initiative at zenOSmosis.
The source code for this project is available on GitHub.
Getting Started
Loading…
Getting Started
Relevant source files
This page guides you through the complete deployment process for the Docker MQTT Mosquitto Cloudflare Tunnel system. The setup consists of four phases: verifying prerequisites, configuring Cloudflare Tunnel, setting up local configuration files, and deploying containers.
Related Pages:
- Prerequisites (page 2.1): System requirements and account setup
- Cloudflare Tunnel Setup (page 2.2): Detailed tunnel creation steps
- Local Configuration (page 2.3): Environment and configuration file setup
- Deployment (page 2.4): Container deployment and verification
Deployment Workflow
The deployment process follows a linear sequence of configuration and initialization steps:
Diagram: Deployment Phase Sequence
stateDiagram-v2
[*] --> Prerequisites
Prerequisites --> CloudflareTunnel : Accounts verified
CloudflareTunnel --> LocalConfig : CLOUDFLARE_TUNNEL_TOKEN obtained
LocalConfig --> Deployment : .env file created
Deployment --> [*] : Containers running
state CloudflareTunnel {
[*] --> CreateTunnel
CreateTunnel --> ConfigureHostname
ConfigureHostname --> [*]
}
state LocalConfig {
[*] --> CreateEnvFile
CreateEnvFile --> PopulateToken
PopulateToken --> [*]
}
state Deployment {
[*] --> DockerComposeUp
DockerComposeUp --> VerifyContainers
VerifyContainers --> [*]
}
Sources : README.md:29-78
Deployment Phases Summary
| Phase | Key Actions | Output Artifacts | Page Reference |
|---|---|---|---|
| Prerequisites | Install Docker, Docker Compose; create Cloudflare account | System readiness | Page 2.1 |
| Cloudflare Tunnel Setup | Create tunnel in Zero Trust dashboard; configure public hostname | CLOUDFLARE_TUNNEL_TOKEN | Page 2.2 |
| Local Configuration | Create .env file; populate token; verify mosquitto.conf | .env file | Page 2.3 |
| Deployment | Execute docker compose up; verify container status | Running mosquitto and cloudflared containers | Page 2.4 |
Sources : README.md:29-78 docker-compose.yml:1-18
Configuration File Flow
Diagram: File-to-Container Mapping
Sources : docker-compose.yml:1-18 .env.sample:1-3 .gitignore:1-2
Configuration File Purposes
| File | Version Controlled | Purpose | Used By |
|---|---|---|---|
docker-compose.yml | Yes | Defines service orchestration, container names, image references, volume mounts, environment variable injection | Docker Compose |
mosquitto.conf | Yes | Configures MQTT broker listeners on ports 1883 and 9001 | mosquitto container |
.env.sample | Yes | Template showing required environment variables | Developers (documentation) |
.env | No | Contains actual CLOUDFLARE_TUNNEL_TOKEN value | cloudflared container |
.gitignore | Yes | Prevents .env from being committed | Git |
Sources : docker-compose.yml:1-18 mosquitto.conf:1-5 .env.sample:1-3 .gitignore:1-2
Quick Start Summary
This section provides an abbreviated setup sequence. For detailed instructions, see the child pages (2.1 through 2.4).
Step 1: Cloudflare Tunnel Configuration
Create a tunnel in the Cloudflare Zero Trust dashboard and obtain the CLOUDFLARE_TUNNEL_TOKEN. Configure a public hostname that routes to mosquitto:9001.
Detailed instructions : See page 2.2 (Cloudflare Tunnel Setup)
Key outputs :
- Tunnel token string (begins with
eyJ...) - Public hostname (e.g.,
mqtt.example.com)
Sources : README.md:29-73
Step 2: Local Environment Setup
Create .env file from template and populate with tunnel token:
Edit .env:
CLOUDFLARE_TUNNEL_TOKEN=<token_from_step_1>
Detailed instructions : See page 2.3 (Local Configuration)
File locations :
- Template: .env.sample:1-3
- Configuration to create:
.env(excluded by .gitignore1)
Sources : .env.sample:1-3 README.md53
Step 3: Container Deployment
Execute Docker Compose to start both services:
Detailed instructions : See page 2.4 (Deployment)
Services started :
mosquittoservice (docker-compose.yml:4-9)cloudflaredservice (docker-compose.yml:11-17)
Sources : README.md:76-78 docker-compose.yml:1-18
Container Initialization
Diagram: Docker Compose Service Startup Sequence
Sources : docker-compose.yml:1-18 mosquitto.conf:1-5
Post-Deployment Verification
Verify both containers are operational:
Expected output shows two running containers:
| Container Name | Image | Status | Ports |
|---|---|---|---|
mosquitto | eclipse-mosquitto:latest | Up | 1883/tcp, 9001/tcp |
cloudflared | cloudflare/cloudflared:latest | Up | (no exposed ports) |
Check cloudflared logs for tunnel establishment confirmation:
Check mosquitto logs for listener initialization:
Sources : docker-compose.yml:4-9 docker-compose.yml:11-17
Docker Compose Service Configuration
Diagram: Service Definition to Runtime Mapping
Sources : docker-compose.yml:1-18
Service Configuration Parameters
mosquitto Service
| Parameter | Value | Purpose |
|---|---|---|
container_name | mosquitto | DNS-resolvable name for internal routing |
image | eclipse-mosquitto:latest | Official Mosquitto MQTT broker image |
restart | unless-stopped | Automatic restart unless explicitly stopped |
volumes | ./mosquitto.conf:/mosquitto/config/mosquitto.conf | Inject broker configuration |
File reference : docker-compose.yml:4-9
cloudflared Service
| Parameter | Value | Purpose |
|---|---|---|
container_name | cloudflared | Container identifier for logging and management |
image | cloudflare/cloudflared:latest | Official Cloudflare Tunnel connector image |
restart | unless-stopped | Automatic restart unless explicitly stopped |
command | tunnel --no-autoupdate run | Execute tunnel with auto-update disabled |
environment | CLOUDFLARE_TUNNEL_TOKEN from .env | Authenticates tunnel connection |
File reference : docker-compose.yml:11-17
Sources : docker-compose.yml:1-18
Connection Flow After Deployment
Once both containers are operational, the request flow follows this path:
- External clients connect to public hostname (e.g.,
https://mqtt.example.com:443) - Cloudflare edge network receives connection
- Traffic routes through tunnel to
cloudflaredcontainer cloudflaredproxies tomosquitto:9001via Docker internal DNSmosquittocontainer handles connection on WebSocket listener (port 9001)
Diagram: Client-to-Broker Request Path
graph LR
Client["MQTT Client"]
CFEdge["Cloudflare Edge\n(Port 443)"]
Tunnel["Tunnel Infrastructure"]
CFDContainer["cloudflared container"]
MosqContainer["mosquitto container\n(Port 9001)"]
Client -->|HTTPS/WSS| CFEdge
CFEdge -->|Tunnel protocol| Tunnel
Tunnel -->|Encrypted tunnel| CFDContainer
CFDContainer -->|HTTP to mosquitto:9001| MosqContainer
Sources : README.md:64-67 README.md82
System Management Commands
| Command | Action | Effect |
|---|---|---|
docker compose up | Start services in foreground | Containers run, logs visible in terminal |
docker compose up -d | Start services in background | Containers run detached from terminal |
docker compose down | Stop and remove containers | Containers stopped, network removed, volumes persist |
docker compose restart | Restart both services | Containers restarted with existing configuration |
docker logs mosquitto | View mosquitto container logs | Display broker initialization and connection logs |
docker logs cloudflared | View cloudflared container logs | Display tunnel establishment and proxy logs |
Sources : docker-compose.yml:1-18
Next Steps
For detailed setup instructions , refer to child pages:
| Page | Title | Content |
|---|---|---|
| 2.1 | Prerequisites | System requirements, Docker installation, Cloudflare account setup |
| 2.2 | Cloudflare Tunnel Setup | Step-by-step tunnel creation, hostname configuration, token extraction |
| 2.3 | Local Configuration | .env file creation, mosquitto.conf customization, security validation |
| 2.4 | Deployment | Container startup, health verification, troubleshooting common errors |
For advanced topics , see:
- Component details : Pages 3.1 (Mosquitto), 3.2 (Cloudflared), 3.3 (Docker Compose)
- Configuration reference : Pages 4.1, 4.2, 4.3
- Production deployment : Page 6.2
- Advanced security features : Page 6.1 (see
protected-no-wildcardbranch for ACL and encryption)
Sources : README.md:7-13 (protected branch reference)
Common Initial Setup Issues
| Issue | Symptom | Resolution |
|---|---|---|
| Missing .env file | cloudflared fails to start with authentication error | Create .env file from .env.sample:1-3 template and add valid token |
| Invalid tunnel token | cloudflared logs show authentication failure | Verify token in Cloudflare dashboard and update .env file |
| Port conflicts | Container fails to start with port binding error | Check if ports 1883 or 9001 are already in use on the host |
| Tunnel not found | cloudflared reports tunnel does not exist | Ensure tunnel was created in Cloudflare dashboard and token matches |
| Public hostname not configured | Clients cannot connect | Configure public hostname in Cloudflare dashboard as described in Step 2 |
| Volume mount errors | mosquitto fails to load configuration | Verify mosquitto.conf exists in repository root as defined in docker-compose.yml8 |
For comprehensive troubleshooting, see Troubleshooting.
Sources : README.md:23-73 docker-compose.yml:1-18 .env.sample:1-3
Dismiss
Refresh this wiki
Enter email to refresh