我正在尝试将 RabbitMQ 设置为通过 SSL 工作。
我已更改配置文件 (/etc/rabbitmq/rabbitmq.config),如以下链接中所述 https://www.rabbitmq.com/ssl.html到:
# Defaults to rabbit. This can be useful if you want to run more than one node
# per machine - RABBITMQ_NODENAME should be unique per erlang-node-and-machine
# combination. See the clustering on a single machine guide for details:
# http://www.rabbitmq.com/clustering.html#single-machine
#NODENAME=rabbit
# By default RabbitMQ will bind to all interfaces, on IPv4 and IPv6 if
# available. Set this if you only want to bind to one network interface or#
# address family.
#NODE_IP_ADDRESS=127.0.0.1
# Defaults to 5672.
#NODE_PORT=5672
listeners.ssl.default = 5671
ssl_options.cacertfile = /home/myuser/rootca.crt
ssl_options.certfile = /home/myuser/mydomain.com.crt
ssl_options.keyfile = /home/myuser/mydomain.com.key
ssl_options.verify = verify_peer
ssl_options.password = 1234
ssl_options.fail_if_no_peer_cert = false
我不断收到以下错误:
sudo rabbitmq-server
/usr/lib/rabbitmq/bin/rabbitmq-server: 15: /etc/rabbitmq/rabbitmq-env.conf: listeners.ssl.default: not found
如果我删除上面的行,我会收到以下错误:
sudo rabbitmq-server
/usr/lib/rabbitmq/bin/rabbitmq-server: 17: /etc/rabbitmq/rabbitmq-env.conf: ssl_options.cacertfile: not found
值得一提的是,如果没有上述 SSL 配置,一切正常。
你能帮忙吗?
谢谢 :)
最佳答案
当您请求软件方面的帮助时,请务必说明您使用的软件版本,这一点非常重要。如果是RabbitMQ,还需要提供Erlang版本和使用的操作系统。
在您的情况下,您在 /etc/rabbitmq/rabbitmq-env.conf 中有(注释掉的)环境配置,以及 RabbitMQ 配置,这是不正确的。以下行必须从 rabbitmq-env.conf 中删除并放入 /etc/rabbitmq/rabbitmq.conf 文件中:
listeners.ssl.default = 5671
ssl_options.cacertfile = /home/myuser/rootca.crt
ssl_options.certfile = /home/myuser/mydomain.com.crt
ssl_options.keyfile = /home/myuser/mydomain.com.key
ssl_options.verify = verify_peer
ssl_options.password = 1234
ssl_options.fail_if_no_peer_cert = false
另请参阅 the documentation
注意:RabbitMQ 团队监控rabbitmq-users mailing list并且只是偶尔在 StackOverflow 上回答问题。
关于security - 通过 SSL 的 RabbitMQ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/54628127/