RabbitMQ Container Notes

Submitted by code_admin on Fri, 07/27/2018 - 10:46

Notes on using container
https://hub.docker.com/_/rabbitmq/

RabbitMQ
snaplogictestrabbit001
port: 5671 -> 2221, 5672 -> 2222
management port: 15672 (Exposed via Kong)

Change the prefix it hosts at (enables me to host via kong) and enable management plugin

  1. echo "management.path_prefix = /rabbitmqmanagement" >> /etc/rabbitmq/rabbitmq.conf
  2. rabbitmq-plugins enable rabbitmq_management

TODO switch to using RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS

Security Steps

Setup admin user

go to admin intergface log in a guest guest
add use admin with secret password
give them the administrator tag
log in as admin
delete guest user
check guest user no longer works

Setup security for a client

in admin interface add a user and give it a password
Add a root virtual host

Rabbit MQ SSL setup or server and client

https://weblogs.asp.net/jeffreyabecker/Using-SSL-client-certificates-fo…

  • The public key (crt/cer file) of the CA which signed the server & client certs. This will likely be your active directory CA.
  • A keypair (pfx) for the server with a CN matching the servers dns name, a basic keyUsage of keyEncipherment, and an eku for ServerAuthentication (1.3.6.1.5.5.7.3.1)
  • A keypair (pfx) for the client with a basic keyUsage of digitalSignature and an eku for ClientAuthentication (1.3.6.1.5.5.7.3.2)

I already had private and public keys for the server.
To get the cacert public file I used the command:

  1. openssl s_client -showcerts -servername cat-sdts.metcarob-home.com -connect cat-sdts.metcarob-home.com:443 </dev/null

I manually extracted the parts between BEGIN CERTIFICATE and END CERTIFICATE into a file cacerts.crt.

I then turned this into a docker secret:

  1. cat filename | docker secret create webservices_cacert -

TODO SSL setup

RJM Article Type
Quick Reference