b.stefanuk.caSetting up an AMQP Broker (RabbitMQ)
Option 1: Docker
You can use Docker to get a RabbitMQ instance up and running quickly (see Download RabbitMQ)
docker run -d --rm --hostname my-rabbit --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.11-managementdocker run -d --rm --hostname my-rabbit --name rabbitmq -p 5672:5672 -p 15672:15672 rabbitmq:3.11-managementView the logs of the container with docker logs rabbitmq
Option 2: Uncontainerized
Alternatively, if you wish to run the RabbitMQ server un-containerized, the Cloudsmith installation instructions are a good place to start, see Install RabbitMQ.
- Add the Erlang and RabbitMQ repositories to your APT sources.
- Update and then install the target packages, these should be outlined on the page linked above. By the end of the installation you should have access to a number of programs such as rabbitmqctl and rabbitmq-server.
Enable to management plugin (root privlages may be required).
rabbitmq-plugins enable rabbitmq_managementrabbitmq-plugins enable rabbitmq_managementBy default the username and password are both guest. Use these credentials to access the management portal at localhost:15672 (note this is the port mapped in the docker run command above).
To enable TLS/SSL you need certificates and key pairs (how this work? I don't know). Use the OpenSSL tool to generate self-signed certificates (see Additional Resources for specific commands).
- Create the root private key
- Sign the certificate
- Generate a sever key
- Generate a Certificate Signing Request
- Generate self-signed certificate
To enable TLS/SSL you have to adjust the default RabbitMQ configuration file at /etc/rabbitmq/rabbitmq.conf, create it if it doesn't exist. Put the following contents in it to match the certificates and keys you created earlier.
listeners.ssl.default = 5671
ssl_options.cacertfile = /etc/pki/tls/RMQ-CA-cert.pem
ssl_options.certfile = /etc/pki/tls/RMQ-server-cert.pem
ssl_options.keyfile = /etc/pki/tls/RMQ-server-key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = truelisteners.ssl.default = 5671
ssl_options.cacertfile = /etc/pki/tls/RMQ-CA-cert.pem
ssl_options.certfile = /etc/pki/tls/RMQ-server-cert.pem
ssl_options.keyfile = /etc/pki/tls/RMQ-server-key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = trueTROUBLESHOOTING
Connection reset by peer: sometimes has to do with incorrectly formatted and configured certificates. see https://stackoverflow.com/questions/50562203/rabbitmq-connection-reset
ADDITIONAL RESOURCES
- https://medium.com/dlt-labs-publication/how-to-set-up-an-ssl-tls-enabled-rabbitmq-server-3e4e47315e8b (note that not all steps here are correct nor do all of the commands work. TODO: re-create the contents of this Medium article for yourself and publish online.)