Thanks Wes for the response. Perhaps your response above answer my question (which is that both HTTPS and MQTT can NOT share the same port at the application layer), but just to be sure…I had posted Help Desk tick with Ignition regarding our question, and this was there response:
Thank you for the in-depth information on your background and question. It sounds like you’d need to use Application-Layer Protocol Negotiation (ALPN), so you can determine whether HTTPS or MQTT will be used over port 443. This should be possible with v4.0.8 of the MQTT module by Cirrus Link. According to the latest update notes by Cirrus Link, ALPN should be supported in Ignition 8. Ignition 8.x Compatible Release Notes - MQTT Modules for Ignition 8.x - Confluence I recommend contacting Cirrus Link support (Contact Support - Cirrus Link Solutions - Worldwide - United States) if you have additional questions about how to use this ALPN with the MQTT modules as they are better equipped to answer questions as the developers of that module. If you are still having trouble with the module after speaking with Cirrus Link, you can reach me by replying to this email or you can call in and reference ticket #25591.
FYI: My original question to Ignition was:
Our application uses MQTT for data transport (Ignition Transmission, Distributor and Engine) using a Cloud version of Ignition as the Distributor/Engine and On Premise Edge Ignition for Transmission . The Cloud is also where users go to view Perspective views. We have certain clients that are very particular about inbound/outbound port assignments on firewalls. So I have the following question…
A “normal” installation would use Port 8883 (MQTT SSL/TLS) for Outbound MQTT traffic from an Edge Ignition up to the Cloud, so we would need IT to allow this Firewall Outbound port to be configured open. In some cases, the IT department will NOT allow Port 8883 to be open for Outbound traffic, but WILL allow Port 443 to be open (as the default for HTTPS traffic).
If we configure the MQTT Port to use Port 443 at the Edge, will the Cloud version of Ignition be able to arbitrate Perspective (HTTPS) traffic from MQTT traffic at the Application Layer ? (Since the Cloud will need to BOTH support Perspective (HTTPS) and MQTT traffic.) In other words, does Ignition provide Layer 7 protocol arbitration (i.e. HTTPS vs MQTT). If not, is there any remedy for this requirement or acceptable option that we could propose for these IT security restrictions?