我试图弄清楚如何为RabbitMQ正确配置SSL。我没有找到太多有关如何使用受信任证书的信息。 (是的,互联网上有很多示例如何使用自签名cert + openssl来做到这一点,但事实并非如此)。
我从认证机构收到了以下文件:
拥有这些文件后,我需要做一些魔术并使用/生成/?在Rabbitmq配置文件中使用的正确的certfile,keycert,cacertfile:
[
{rabbit,
[
{tcp_listeners, [{"0.0.0.0", 5672}, {"::1", 5672}]},
{ssl_listeners, [5671]},
{default_vhost, <<"/">>},
{default_user, <<"guest">>},
{default_pass, <<"guest">>},
{default_permissions, [<<".*">>, <<".*">>, <<".*">>]},
{ssl_options, [{cacertfile, "/opt/bitnami/rabbitmq/etc/rabbitmq/testca/cacert.pem"},{certfile,"/opt/bitnami/rabbitmq/etc/rabbitmq/server/cert.pem"},
{keyfile,"/opt/bitnami/rabbitmq/etc/rabbitmq/server/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true}]}
]
},
{kernel, []},
{rabbitmq_management,
[
{listener, [{port, 15672}, {ip, "0.0.0.0"}]}
]
},
{rabbitmq_shovel,
[
{shovels, []}
]
},
{rabbitmq_web_stomp, [
{tcp_config, [
{port, 15674}
]
},
{ssl_config, [{port, 15673},
{backlog, 1024},
{certfile, "/opt/bitnami/rabbitmq/etc/rabbitmq/client/cert.pem"},
{keyfile, "/opt/bitnami/rabbitmq/etc/rabbitmq/client/key.pem"},
{cacertfile, "/opt/bitnami/rabbitmq/etc/rabbitmq/testca/cacert.pem"},
{password, "MySecretPassword"}]
}
]
},
{rabbitmq_mqtt, []},
{rabbitmq_amqp1_0, []},
{rabbitmq_auth_backend_ldap, []}
]
我已在rabbitmq实例上启用了rabbitmq_auth_mechanism_ssl插件。 我遍历了大多数教程,却找不到任何可行的解决方案。
请帮助!