This is an old revision of the document!
Rabbitmq
General Information
RabbitMQ is a cross platform message broker service.
- Official RabbitMQ Page: https://www.rabbitmq.com/
- RabbitMQ RPMs: https://www.rabbitmq.com/install-rpm.html
- Erlang/Rabbit Supported Versions Matrix: https://www.rabbitmq.com/which-erlang.html
- Erlang Downloads: https://bintray.com/rabbitmq/rpm/erlang
Checklist
- Distro(s): CentOS 7
- Additional Repo: EPEL
Installing
Installing RabbitMQ.
EL 7
- RabbitMQ is available in the standard EL 7 EPEL repo
- Its dependency, erlang is also available via the EPEL
- Install from EPEL repo
yum install rabbitmq-server
Configure
- Create certs directory
mkdir -p /etc/rabbitmq/certs
- Copy your SSL certs into /etc/rabbitmq/certs/
- Create config file
vim /etc/rabbitmq/rabbitmq.config %% RabbitMQ-Server Configuration /etc/rabbitmq/rabbitmq.config %% Disable SSLv3.0, TLSv1.0/1.1 support, and the default clear text tcp port (5672) %% Specify ciphers so that we are not supporting 3DES(CBC) [ {ssl, [{versions, ['tlsv1.2']}]}, {rabbit, [ {tcp_listeners, []}, {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/etc/rabbitmq/certs/current-ca.crt"}, {certfile, "/etc/rabbitmq/certs/current-cert.crt"}, {keyfile, "/etc/rabbitmq/certs/current-key.key"}, {verify, verify_peer}, {fail_if_no_peer_cert, false}, {versions, ['tlsv1.2']}, {ciphers, [ {ecdhe_rsa,aes_256_gcm,null,sha384}, {ecdh_rsa,aes_256_gcm,null,sha384}, {dhe_rsa,aes_256_gcm,null,sha384}, {dhe_dss,aes_256_gcm,null,sha384}, {rsa,aes_256_gcm,null,sha384}, {ecdhe_rsa,aes_128_gcm,null,sha256}, {ecdh_rsa,aes_128_gcm,null,sha256}, {dhe_rsa,aes_128_gcm,null,sha256}, {dhe_dss,aes_128_gcm,null,sha256}, {rsa,aes_128_gcm,null,sha256} ]}, {honor_cipher_order, true}, {honor_ecc_order, true} ]} ]} ].
- To get the supported ciphers list on the rabbitmq server, execute
rabbitmqctl eval 'ssl:cipher_suites().'
- Start and enable the service
- EL 7
systemctl start rabbitmq-server systemctl enable rabbitmq-server