mqtt protocol has been used to control intelligent devices on WeChat official account, but the new requirement is to run on small programs.
Applet requirements:
1. HTTPS is required for the interface, SSL1.2 or above,
2. ws needs to be modified to WSS, which cannot be followed by port number.
It took some time to solve and record the whole process.

Turn on configuration WSS

Modify the emq.conf configuration file

The first thought is to modify the emq.conf configuration file
The location is / etc/emqttd/emq.conf
Add relevant certificates according to official documents

##--------------------------------------------------------------------
## External MQTT/WebSocket/SSL Listener

listener.wss.external = 8084

listener.wss.external.acceptors = 4

listener.wss.external.max_clients = 64

listener.wss.external.access.1 = allow all

## SSL Options
listener.wss.external.handshake_timeout = 15s

#listener.wss.external.keyfile = /etc/emqttd/certs/key.pem
 listener.wss.external.keyfile = /etc/emqttd/certs/web.com.key

#listener.wss.external.certfile = /etc/emqttd/certs/cert.pem
 listener.wss.external.certfile = /etc/emqttd/certs/web.com.pem

## listener.wss.external.cacertfile = /etc/emqttd/certs/cacert.pem

## listener.wss.external.verify = verify_peer

## listener.wss.external.fail_if_no_peer_cert = true

No effect after restarting the service!

Upgrade EMQ version

Later, considering the possible version problem, we upgraded 2.3.0 to the latest version 2.3.4, but it still failed.

Solution

Through ps -ef | grep emqttd, it is found that the configuration file does not introduce / etc/emqttd/emq.conf,
But - config /var/lib/emqttd/configs/app.2018.02.26.17.56.21.config

emqtt    18682 18665  0 Feb26 pts/1    00:01:03 /usr/lib64/emqttd/erts-9.0/bin/beam.smp -W w -e 256000 -Q 65536 -P 256000 -A 32 -K true -zdbbl 32768 -- -root /usr/lib64/emqttd -progname usr/sbin/emqttd -- -home /var/lib/emqttd -- -boot /usr/lib64/emqttd/releases/2.3/emqttd -mode embedded -boot_var ERTS_LIB_DIR /usr/lib64/emqttd/erts-9.0/../lib -mnesia dir "/var/lib/emqttd/mnesia/emq@127.0.0.1" -config /var/lib/emqttd/configs/app.2018.02.26.17.56.21.config -kernel net_ticktime 60 -smp auto -setcookie emqsecretcookie -name emq@127.0.0.1 -vm_args /var/lib/emqttd/configs/vm.2018.02.26.17.56.21.args -- console

View config content
The contents are as follows:

          {ssl,8883,
               [{connopts,[]},
                {sockopts,
                    [{backlog,1024},
                     {send_timeout,15000},
                     {send_timeout_close,true},
                     {nodelay,true},
                     {reuseaddr,true}]},
                {sslopts,
                    [{handshake_timeout,15000},
                     {keyfile,"/etc/emqttd/certs/key.pem"},
                     {certfile,"/etc/emqttd/certs/cert.pem"},
                     {reuse_sessions,true}]},
                {acceptors,16},
                {max_clients,1024},
                {access,[{allow,all}]}]},
           {wss,8084,
               [{connopts,[]},
                {sockopts,
                    [{backlog,1024},
                     {send_timeout,15000},
                     {send_timeout_close,true},
                     {nodelay,true},
                     {reuseaddr,true}]},
                {sslopts,
                    [{handshake_timeout,15000},
                     {keyfile,"/etc/emqttd/certs/key.pem"},
                     {certfile,"/etc/emqttd/certs/cert.pem"},
                     {reuse_sessions,true}]},
                {acceptors,4},
                {max_clients,64},
                {access,[{allow,all}]}]},

Modify the domain name certificate to key.pem and cert.pem directly, and then restart.
Test successful!

wss mapping method

nginx configuration

        location /mqtt {
           access_log /wwwlogs/com.log;
           proxy_pass https://localhost:8084/mqtt;
           proxy_read_timeout 60s;
           proxy_set_header Host $host;
           proxy_set_header X-Real_IP $remote_addr;
           proxy_set_header X-Forwarded-for $remote_addr;
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection 'Upgrade';
        }

Modify mqttws Library

Modify the contents of mqttws31.js library and remove the port number

      if (arguments.length == 2) {
          // host: must be full ws:// uri
          // port: clientId
          clientId = port;
          uri = host;
          var match = uri.match(/^(wss?):\/\/((\[(.+)\])|([^\/]+?))(:(\d+))?(\/.*)$/);
          if (match) {
              host = match[4]||match[2];
              port = parseInt(match[7]);
              path = match[8];
          } else {
              throw new Error(format(ERROR.INVALID_ARGUMENT,[host,"host"]));
          }
      } else {
          if (arguments.length == 3) {
        clientId = path;
        path = "/mqtt";
      }
      if (typeof port !== "number" || port < 0)
        throw new Error(format(ERROR.INVALID_TYPE, [typeof port, "port"]));
      if (typeof path !== "string")
        throw new Error(format(ERROR.INVALID_TYPE, [typeof path, "path"]));

      var ipv6AddSBracket = (host.indexOf(":") != -1 && host.slice(0,1) != "[" && host.slice(-1) != "]");
      // uri = "ws://"+(ipv6AddSBracket?"["+host+"]":host)+":"+port+path;
      //Port number
      uri = "ws://"+(ipv6AddSBracket?"["+host+"]":host)+path;
    }

Note: today, we found that the web end of related projects sent mqtt message prompt "com.actions.mqtt.PublishThread - Client is not connected". Because the emqttd service was restarted, the web end did not automatically link mqtt, and it is normal after java project is restarted.