我正在尝试从零开始为启用RabbitMQ SSL的服务器构建docker映像。配置SSL后,其可用于AMQP / SSL,但管理控制台不适用于HTTPS。
我还为Rabbitmq.config文件中的RabbitMQ启用了SSL配置。
构建docker并运行RabbitMQ服务器后,它仅启用基于SSL的AMQP,而不启用HTTPS。仍然只能通过HTTP访问管理控制台。
以下是已启用的插件的列表:
[e*] cowboy 1.0.4
[e*] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.10
[ ] rabbitmq_auth_backend_ldap 3.6.10
[E*] rabbitmq_auth_mechanism_ssl 3.6.10
[ ] rabbitmq_consistent_hash_exchange 3.6.10
[ ] rabbitmq_event_exchange 3.6.10
[ ] rabbitmq_federation 3.6.10
[ ] rabbitmq_federation_management 3.6.10
[ ] rabbitmq_jms_topic_exchange 3.6.10
[E*] rabbitmq_management 3.6.10
[e*] rabbitmq_management_agent 3.6.10
[ ] rabbitmq_management_visualiser 3.6.10
[ ] rabbitmq_mqtt 3.6.10
[ ] rabbitmq_recent_history_exchange 3.6.10
[ ] rabbitmq_sharding 3.6.10
[ ] rabbitmq_shovel 3.6.10
[ ] rabbitmq_shovel_management 3.6.10
[ ] rabbitmq_stomp 3.6.10
[ ] rabbitmq_top 3.6.10
[ ] rabbitmq_tracing 3.6.10
[ ] rabbitmq_trust_store 3.6.10
[e*] rabbitmq_web_dispatch 3.6.10
[ ] rabbitmq_web_mqtt 3.6.10
[ ] rabbitmq_web_mqtt_examples 3.6.10
[ ] rabbitmq_web_stomp 3.6.10
[ ] rabbitmq_web_stomp_examples 3.6.10
[ ] sockjs 0.3.4
以下是配置文件:
[{ssl_config,
[{cacertfile,
"/path/to/ca_certificate.pem"},
{keyfile,"/path/to/server_key.pem"},
{certfile,
"/path/to/server_certificate.pem"},
{port,15671},
{ssl,true},
{ciphers,
["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
"ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
"DHE-RSA-AES256-GCM-SHA384"]}]}]},
{rabbit,
[{ssl_cert_login_from,common_name},
{ssl_options,
[{keyfile,"/path/to/server_key.pem"},
{honor_ecc_order,true},
{honor_cipher_order,true},
{certfile,
"/path/to/server_certificate.pem"},
{cacertfile,
"/path/to/ca_certificate.pem"},
{fail_if_no_peer_cert,true},
{verify,verify_peer},
{versions,['tlsv1.1','tlsv1.2']},
{ciphers,
["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
"ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
"DHE-RSA-AES256-GCM-SHA384","DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-SHA256","DHE-DSS-AES256-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256",
"ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256",
"DHE-RSA-AES128-GCM-SHA256","DHE-DSS-AES128-GCM-SHA256",
"DHE-RSA-AES128-SHA256","DHE-DSS-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA",
"ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA",
"DHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA",
"ECDH-ECDSA-AES128-SHA","ECDH-RSA-AES128-SHA"]}]},
{tcp_listeners,[5672]},
{ssl_listeners,[5671]},
{auth_mechanisms,['EXTERNAL']},
{cluster_formation,
[{peer_discovery_backend,rabbit_peer_discovery_classic_config},
{node_type,disc}]}]}].
过程保持简单。我只是用Docker文件安装所有东西,然后运行容器。
请提出我在做什么错
已编辑 以下是dockerfile的内容:
FROM scratch
#MAINTAINER The IISPL <prafult@interfaceinfosoft.com>
ARG HOST_NAME
ADD ubuntu-bionic-core-cloudimg-amd64-root.tar.gz /
LABEL name="Ubutnu Base Image"
LABEL vendor="Ubutnu 18.04"
LABEL license=GPLv2
ENV HOST_MACHINE_HOSTNAME=$HOST_NAME
RUN apt-get update && \
apt-get install adduser wget make git gnupg gnupg2 gnupg1 vim python3 init-system-helpers openssl logrotate socat systemd erlang erlang-nox -y && \
apt-get autoclean && \
apt-get autoremove && \
apt-get -y upgrade
RUN apt-get install -y rabbitmq-server
#ENV RABBITMQ_VERSION 3.6.12
#RUN wget https://www.rabbitmq.com/releases/rabbitmq-server/v$RABBITMQ_VERSION/rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
# dpkg -i rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
# rm -rf rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
RUN mkdir -p /home/rabbitmq_server/scripts
RUN mkdir /home/rabbitmq_server/ssl
COPY scripts /home/rabbitmq_server/scripts
COPY ssl /home/rabbitmq_server/ssl
COPY rabbitmq.config /etc/rabbitmq/rabbitmq.config
RUN chmod +x /home/rabbitmq_server/scripts/*.sh
RUN chmod -R 777 /home/rabbitmq_server/ssl/
RUN systemctl enable rabbitmq-server.service
RUN rabbitmq-plugins enable rabbitmq_management
RUN rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl
EXPOSE 5671 15672 5672 15671
CMD ["/home/rabbitmq_server/scripts/run.sh"]
在运行脚本中,我只运行RabbitMQ服务器。