如何将节点的amqplib与ssl连接连接起来?

时间:2017-10-19 14:22:41

标签: node.js ssl rabbitmq amqp

我正在尝试连接我的RabbitMQ服务器,该服务器被强制使用SSL,并受到用户和密码的保护。以前,我成功地从C#,PHP和Python应用程序连接到此服务器。

这是我的node.js代码:

const amqp = require('amqplib');
const fs = require('fs');

const config = {...}

const opts = {
    ca: [fs.readFileSync(config.certificatePath)]
};

const url = `amqps://${config.username}:${config.password}@${config.hostname}:${config.port}`;

const open = amqp.connect(url, opts);

open.then(function(conn) {
    console.log('connected.');
}).then(null, console.warn);

我得到的错误是:无法获得本地颁发者证书

1)错误是什么意思?

2)我需要做什么才能连接?

注意:在library's ssl guide中写入“(必须)提供一个选项对象,该对象将传递给tls.connect()。” 我无法理解这个指令,他们也没有使用tls.connect()的例子。我尝试了一些变化但失败了,也许它会给这里的某个人提供线索。

2 个答案:

答案 0 :(得分:0)

您的证书路径已分配给ca,您错过了certkey

var opts = {
  cert: certificateAsBuffer,      // client cert
  key: privateKeyAsBuffer,        // client key
  passphrase: 'MySecretPassword', // passphrase for key
  ca: [caCertAsBuffer]            // array of trusted CA certs
};

您可以找到参考here

答案 1 :(得分:0)

我尝试了amqplib版本0.5.3,这是我的工作示例src/amqplib-ssl-example.js

var fs = require('fs')
const path = require('path')

var opts = {
  cert: fs.readFileSync(path.resolve(__dirname, '../ssl/client/client_certificate.pem')),
  key: fs.readFileSync(path.resolve(__dirname, '../ssl/client/private_key.pem')),
  ca: [fs.readFileSync(path.resolve(__dirname, '../ssl/testca/ca_certificate_bundle.pem'))],
  rejectUnauthorized: false
}

var q = 'tasks'

function bail (err) {
  console.error(err)
  process.exit(1)
}

// Publisher
function publisher (conn) {
  conn.createChannel(onOpen)
  function onOpen (err, ch) {
    if (err != null) bail(err)
    ch.assertQueue(q)
    const msg = 'something to do'
    ch.sendToQueue(q, Buffer.from(msg))
    console.log('Publisher: ', msg)
  }
}

// Consumer
function consumer (conn) {
  conn.createChannel(onOpen)
  function onOpen (err, ch) {
    if (err != null) bail(err)
    ch.assertQueue(q)
    ch.consume(q, function (msg) {
      if (msg !== null) {
        console.log('Consumer: ', msg.content.toString())
        ch.ack(msg)
      }
    })
  }
}

require('amqplib/callback_api')
  .connect('amqps://guest:guest@localhost', opts, function (err, conn) {
    if (err != null) bail(err)
    consumer(conn)
    publisher(conn)
  })

运行这段代码node src/amqplib-ssl-example.js时,将显示以下输出:

Publisher:  something to do
Consumer:  something to do

RabbitMQ服务器记录以下消息,您可以在其中看到通过SSL的连接。

rabbitmq_1  | 2019-03-24 00:05:41.579 [info] <0.431.0> started TLS (SSL) listener on [::]:5671
...
rabbitmq_1  | 2019-03-24 00:23:35.938 [info] <0.518.0> accepting AMQP connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671)
rabbitmq_1  | 2019-03-24 00:23:35.949 [info] <0.518.0> connection <0.518.0> (192.168.96.1:45014 -> 192.168.96.2:5671): user 'guest' authenticated and granted access to vhost '/'

为供您参考,我按照以下说明手动生成证书以用于本示例:

https://www.rabbitmq.com/ssl.html#manual-certificate-generation