[[linux_wiki:rabbitmq]]

Rabbitmq

General Information

RabbitMQ is a cross platform message broker service.

Checklist

  • Distro(s): CentOS 7
  • Additional Repo: EPEL

Installing

Installing RabbitMQ.

  • RabbitMQ is available in the standard EL 7 EPEL repo
    • Its dependency, erlang is also available via the EPEL
  • Install from EPEL repo
    yum install rabbitmq-server

Configure

  • Create certs directory
    mkdir -p /etc/rabbitmq/certs
  • Copy your SSL certs into /etc/rabbitmq/certs/
  • Create config file
    vim /etc/rabbitmq/rabbitmq.config
     
    %% RabbitMQ-Server Configuration /etc/rabbitmq/rabbitmq.config
     
    %% Disable SSLv3.0, TLSv1.0/1.1 support, and the default clear text tcp port (5672)
    %% Specify ciphers so that we are not supporting 3DES(CBC)
    [
     {ssl, [{versions, ['tlsv1.2']}]},
     {rabbit, [
               {tcp_listeners, []},
               {ssl_listeners, [5671]},
               {ssl_options, [{cacertfile,"/etc/rabbitmq/certs/current-ca.crt"},
                              {certfile,  "/etc/rabbitmq/certs/current-cert.crt"},
                              {keyfile,   "/etc/rabbitmq/certs/current-key.key"},
                              {verify,   verify_peer},
                              {fail_if_no_peer_cert, false},
                              {versions, ['tlsv1.2']},
                              {ciphers,  [
                                          {ecdhe_rsa,aes_256_gcm,null,sha384},
                                          {ecdh_rsa,aes_256_gcm,null,sha384},
                                          {dhe_rsa,aes_256_gcm,null,sha384},
                                          {dhe_dss,aes_256_gcm,null,sha384},
                                          {rsa,aes_256_gcm,null,sha384},
                                          {ecdhe_rsa,aes_128_gcm,null,sha256},
                                          {ecdh_rsa,aes_128_gcm,null,sha256},
                                          {dhe_rsa,aes_128_gcm,null,sha256},
                                          {dhe_dss,aes_128_gcm,null,sha256},
                                          {rsa,aes_128_gcm,null,sha256}
                                         ]},
                              {honor_cipher_order, true},
                              {honor_ecc_order, true}
                             ]}
              ]}
    ].
    • To get the supported ciphers list on the rabbitmq server, execute
      rabbitmqctl eval 'ssl:cipher_suites().'
  • Start and enable the service
    • EL 7
      systemctl start rabbitmq-server
      systemctl enable rabbitmq-server

  • linux_wiki/rabbitmq.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)