linux_wiki:rabbitmq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:rabbitmq [2019/05/25 23:50]
 linux_wiki:rabbitmq [2019/05/25 23:50] (current)
Line 1: Line 1:
 +====== Rabbitmq ======
 +
 +**General Information**
 +
 +RabbitMQ is a cross platform message broker service.
 +
 +  * Official RabbitMQ Page: https://www.rabbitmq.com/
 +  * RabbitMQ RPMs: https://www.rabbitmq.com/install-rpm.html
 +  * Erlang/Rabbit Supported Versions Matrix: https://www.rabbitmq.com/which-erlang.html
 +  * Erlang Downloads: https://bintray.com/rabbitmq/rpm/erlang
 +
 +**Checklist**
 +  * Distro(s): CentOS 7
 +  * Additional Repo: EPEL
 +
 +----
 +
 +====== Installing ======
 +
 +Installing RabbitMQ.
 +
 +===== EL 7 =====
 +  * RabbitMQ is available in the standard EL 7 EPEL repo
 +    * Its dependency, erlang is also available via the EPEL
 +
 +  * Install from EPEL repo<code bash>yum install rabbitmq-server</code>
 +
 +----
 +
 +====== Configure ======
 +
 +  * Create certs directory<code bash>mkdir -p /etc/rabbitmq/certs</code>
 +  * Copy your SSL certs into /etc/rabbitmq/certs/
 +  * Create config file<code bash>vim /etc/rabbitmq/rabbitmq.config
 +
 +%% RabbitMQ-Server Configuration /etc/rabbitmq/rabbitmq.config
 +
 +%% Disable SSLv3.0, TLSv1.0/1.1 support, and the default clear text tcp port (5672)
 +%% Specify ciphers so that we are not supporting 3DES(CBC)
 +[
 + {ssl, [{versions, ['tlsv1.2']}]},
 + {rabbit, [
 +           {tcp_listeners, []},
 +           {ssl_listeners, [5671]},
 +           {ssl_options, [{cacertfile,"/etc/rabbitmq/certs/current-ca.crt"},
 +                          {certfile,  "/etc/rabbitmq/certs/current-cert.crt"},
 +                          {keyfile,   "/etc/rabbitmq/certs/current-key.key"},
 +                          {verify,   verify_peer},
 +                          {fail_if_no_peer_cert, false},
 +                          {versions, ['tlsv1.2']},
 +                          {ciphers,  [
 +                                      {ecdhe_rsa,aes_256_gcm,null,sha384},
 +                                      {ecdh_rsa,aes_256_gcm,null,sha384},
 +                                      {dhe_rsa,aes_256_gcm,null,sha384},
 +                                      {dhe_dss,aes_256_gcm,null,sha384},
 +                                      {rsa,aes_256_gcm,null,sha384},
 +                                      {ecdhe_rsa,aes_128_gcm,null,sha256},
 +                                      {ecdh_rsa,aes_128_gcm,null,sha256},
 +                                      {dhe_rsa,aes_128_gcm,null,sha256},
 +                                      {dhe_dss,aes_128_gcm,null,sha256},
 +                                      {rsa,aes_128_gcm,null,sha256}
 +                                     ]},
 +                          {honor_cipher_order, true},
 +                          {honor_ecc_order, true}
 +                         ]}
 +          ]}
 +].
 +</code>
 +      * To get the supported ciphers list on the rabbitmq server, execute<code bash>rabbitmqctl eval 'ssl:cipher_suites().'</code>
 +  * Start and enable the service
 +    * EL 7<code bash>systemctl start rabbitmq-server
 +systemctl enable rabbitmq-server</code>
 +
 +----
  
  • linux_wiki/rabbitmq.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)