Tag Archives: RabbitMQ

Install and Secure RabbitMQ

Leave a reply

First follow the simple instructions on the RabbitMQ site. I recommend using their Apt repo if your using Ubuntu like me.

Next you will want to install the management console. To do that you just need to run the following command:

rabbitmq-plugins enable rabbitmq_management

Now the part where we divert from the simple install. We next will want to generate the some certificates. Personally I used the /opt/cert/rabbitmq/ directory that I created to store these in. To do that run the openssl command you see below:

openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes

Now this is a self-signed cert which should be fine for most development. If you want to do something in production I recommend making your own internal CA so that you can load the CA into your browsers and not get the self-signed error all the time. As this should not be used by 3rd parties getting a 3rd party signed certificate seems a bit over board.

Next is to configure RabbitMQ to use these certificates.

[
    {rabbit, [
              {ssl_listeners, [5671]},
              {ssl_options, [{cacertfile, "/opt/certs/rabbitmq/key.pem"},
                             {certfile, "/opt/certs/rabbitmq/cert.pem"},
                             {keyfile, "/opt/certs/rabbitmq/key.pem"},
                             {verify, verify_peer},
                             {fail_if_no_peer_cert, fasle}]}
     ]},
     {rabbitmq_management, {
              {listener, [{port, 15672},
                          {ssl, true}]}
     ]}
].

Now you should just be able to run the following command to restart the server:

service rabbitmq-server restart

After the  server reboots you should be able to access it via AMQP over SSL via port 5671 and get to the management console via https on port 15672.

Next we should lock down the management interface. First login using the guest account (guest/guest). Once you are logged in click on the Admin tab.

selectAdmin

Then click on the “Add a user” section. At this point fill in the username you want, add a password, and select the admin tag.

addUser

You should now see the user in the list. This user though will still have no access off the bat. Click on the user name to get more information about the user and to edit it.

newUser 

Once you’re in the user’s information go to the “Set permission” section and you can just set the default. This will give the user full access to the default virtual host.

setPermission

At this point you can click on the guest user and delete it. At this point got a server setup to use SSL for connections and without the default user. You are set with a decently secure setup. Have fun developing with RabbitMQ.

Advertisement