After further research, it seems like this should be very easy to achieve. The underlying mqtt library in netclient already supports websockets out of the box: https://github.com/eclipse/paho.mqtt.golang > The library also supports using MQTT over websockets by using the ws:// (unsecure) or wss:// (secure) prefix in the URI. You can set mqtt server in websocket mode using this config entry:

protocol websockets

Then you can make netmaker server talk websocket like this:

MQ_HOST: "ws://netmaker-mq"

The only thing left now is to make netclient contact

wss://website.com

. I tried with

SERVER_NAME: "wss://website.com"

but it doesn't seem to attempt any connection at all.

Looking at the source, it seems like all we need to do is make these hardcoded

mqtts://

prefixes configurable, so we can set them as `wss://`: https://github.com/gravitl/netmaker/blob/4d062b88ba2c56afbd3371e14e9ab36f75c57dfe/netclient/functions/daemon.go#L215 https://github.com/gravitl/netmaker/blob/4d062b88ba2c56afbd3371e14e9ab36f75c57dfe/netclient/functions/daemon.go#L242

Is this something you would be able to do @jolly-london-20127 et al?

I tried making these changes manually and compiling the client, but it still tries to connect over

mqtts://

, maybe I'm missing something in the codebase. Any help very welcome!

yes, there are workarounds such as running traefik in front of nginx, or two instances of nginx, one of which configured with streams, but this is a very ugly workaround, imo, when you can just use websockets

also, websockets will penetrate restrictive firewalls (e.g. DPI) much better than mqtts

Any thoughts on this one? @User