[[linux_wiki:rabbitmq]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:rabbitmq [2019/05/26 03:50] (current)
Line 1: Line 1:
 +====== Rabbitmq ======
 +
 +**General Information**
 +
 +RabbitMQ is a cross platform message broker service.
 +
 +  * Official RabbitMQ Page: https://​www.rabbitmq.com/​
 +  * RabbitMQ RPMs: https://​www.rabbitmq.com/​install-rpm.html
 +  * Erlang/​Rabbit Supported Versions Matrix: https://​www.rabbitmq.com/​which-erlang.html
 +  * Erlang Downloads: https://​bintray.com/​rabbitmq/​rpm/​erlang
 +
 +**Checklist**
 +  * Distro(s): CentOS 7
 +  * Additional Repo: EPEL
 +
 +----
 +
 +====== Installing ======
 +
 +Installing RabbitMQ.
 +
 +===== EL 7 =====
 +  * RabbitMQ is available in the standard EL 7 EPEL repo
 +    * Its dependency, erlang is also available via the EPEL
 +
 +  * Install from EPEL repo<​code bash>yum install rabbitmq-server</​code>​
 +
 +----
 +
 +====== Configure ======
 +
 +  * Create certs directory<​code bash>​mkdir -p /​etc/​rabbitmq/​certs</​code>​
 +  * Copy your SSL certs into /​etc/​rabbitmq/​certs/​
 +  * Create config file<​code bash>vim /​etc/​rabbitmq/​rabbitmq.config
 +
 +%% RabbitMQ-Server Configuration /​etc/​rabbitmq/​rabbitmq.config
 +
 +%% Disable SSLv3.0, TLSv1.0/1.1 support, and the default clear text tcp port (5672)
 +%% Specify ciphers so that we are not supporting 3DES(CBC)
 +[
 + {ssl, [{versions, ['​tlsv1.2'​]}]},​
 + ​{rabbit,​ [
 +           ​{tcp_listeners,​ []},
 +           ​{ssl_listeners,​ [5671]},
 +           ​{ssl_options,​ [{cacertfile,"/​etc/​rabbitmq/​certs/​current-ca.crt"​},​
 +                          {certfile, ​ "/​etc/​rabbitmq/​certs/​current-cert.crt"​},​
 +                          {keyfile, ​  "/​etc/​rabbitmq/​certs/​current-key.key"​},​
 +                          {verify, ​  ​verify_peer},​
 +                          {fail_if_no_peer_cert,​ false},
 +                          {versions, ['​tlsv1.2'​]},​
 +                          {ciphers, ​ [
 +                                      {ecdhe_rsa,​aes_256_gcm,​null,​sha384},​
 +                                      {ecdh_rsa,​aes_256_gcm,​null,​sha384},​
 +                                      {dhe_rsa,​aes_256_gcm,​null,​sha384},​
 +                                      {dhe_dss,​aes_256_gcm,​null,​sha384},​
 +                                      {rsa,​aes_256_gcm,​null,​sha384},​
 +                                      {ecdhe_rsa,​aes_128_gcm,​null,​sha256},​
 +                                      {ecdh_rsa,​aes_128_gcm,​null,​sha256},​
 +                                      {dhe_rsa,​aes_128_gcm,​null,​sha256},​
 +                                      {dhe_dss,​aes_128_gcm,​null,​sha256},​
 +                                      {rsa,​aes_128_gcm,​null,​sha256}
 +                                     ]},
 +                          {honor_cipher_order,​ true},
 +                          {honor_ecc_order,​ true}
 +                         ]}
 +          ]}
 +].
 +</​code>​
 +      * To get the supported ciphers list on the rabbitmq server, execute<​code bash>​rabbitmqctl eval '​ssl:​cipher_suites().'</​code>​
 +  * Start and enable the service
 +    * EL 7<code bash>​systemctl start rabbitmq-server
 +systemctl enable rabbitmq-server</​code>​
 +
 +----
  
  • linux_wiki/rabbitmq.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)