add websockets proxy and persistent mosquitto-config

docs/source/user/public-services-setup.rst

@@ -24,7 +24,7 @@ Please ensure that you follow these best practices to ensure your wis2box-instan
 
 The wis2box development team is not responsible for the security of your wis2box-instance and it is your responsibility to ensure that your wis2box instance is secure.
 
-GitHub issues and discussions provide a resourece and forum to discuss general wis2box features, bugs and updates.  For specific security related questions, please write to ``wis2-support at wmo.int``.
+GitHub issues and discussions provide a resource and forum to discuss general wis2box features, bugs and updates.  For specific security related questions, please write to ``wis2-support at wmo.int``.
 
 web-proxy (nginx)
 ^^^^^^^^^^^^^^^^^
@@ -39,6 +39,7 @@ wis2box runs a local nginx container allowing access to the following HTTP based
    UI (wis2box-ui),`WIS2BOX_URL/`
    Storage (incoming data) (minio:wis2box-incoming),`WIS2BOX_URL/wis2box-incoming`
    Storage (public data) (minio:wis2box-public),`WIS2BOX_URL/data`
+   Websockets (WIS2-notifications),`WIS2BOX_URL/mqtt`
 
 You can edit ``nginx/nginx.conf`` to control which services are exposed through the nginx-container include in your stack.
 
@@ -142,6 +143,19 @@ By exposing port 1883 on your host, the Global Broker will be able to subscribe
 
    The ``everyone`` user is defined by default for public readonly access (``origin/#``) as per WIS2 Node requirements.
 
+When you add SSL to your wis2box instance, the internal MQTT broker will be accessible on port 8883 on the host running wis2box using the MQTT over SSL protocol (MQTTS).
+
+The mosquitto-service within wis2box also has websockets enabled and is proxied on '/mqtt' by the nginx container. 
+
+The broker-address for the Global Broker to subscribe to WIS2 notifications using the mosquitto-service within wis2box is:
+
+- `mqtt://everyone:everyone@WIS2BOX_HOST:1883` - for MQTT without SSL
+- `mqtts://everyone:everyone@WIS2BOX_HOST:8883` - for MQTT with SSL
+- `ws://everyone:everyone@WIS2BOX_HOST/mqtt:80` - for MQTT over websockets without SSL
+- `wss://everyone:everyone@WIS2BOX_HOST/mqtt:443` - for MQTT over websockets with SSL
+
+Where ``WIS2BOX_HOST`` is the hostname or IP address of the host running wis2box.	
+
 External broker
 ---------------
 

nginx/nginx-ssl.conf

@@ -77,6 +77,13 @@
             auth_basic_user_file /etc/nginx/.htpasswd/webapp;
             proxy_pass http://wis2box-webapp:4173/wis2box-webapp/;
         }
+        location /mqtt {
+            proxy_pass http://mosquitto:8884;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+        }
         location /auth {
             internal;
             proxy_pass http://wis2box-auth:80/authorize;

nginx/nginx.conf

@@ -83,6 +83,13 @@
             proxy_set_header        Authorization $http_authorization;
             proxy_pass_header       Authorization;
         }
+        location /mqtt {
+            proxy_pass http://mosquitto:8884;
+            proxy_http_version 1.1;
+            proxy_set_header Upgrade $http_upgrade;
+            proxy_set_header Connection "upgrade";
+            proxy_set_header Host $host;
+        }
         location / {
             proxy_pass http://wis2box-ui:80;
         }