结合使用RabbitMQ和Docker时如何为管理控制台启用HTTPS

时间:2019-05-28 11:31:08

标签: docker rabbitmq

我正在尝试从零开始为启用RabbitMQ SSL的服务器构建docker映像。配置SSL后,其可用于AMQP / SSL,但管理控制台不适用于HTTPS。

我还为Rabbitmq.config文件中的RabbitMQ启用了SSL配置。

构建docker并运行RabbitMQ服务器后,它仅启用基于SSL的AMQP,而不启用HTTPS。仍然只能通过HTTP访问管理控制台。

以下是已启用的插件的列表:

[e*] cowboy                            1.0.4
[e*] cowlib                            1.0.2
[  ] rabbitmq_amqp1_0                  3.6.10
[  ] rabbitmq_auth_backend_ldap        3.6.10
[E*] rabbitmq_auth_mechanism_ssl       3.6.10
[  ] rabbitmq_consistent_hash_exchange 3.6.10
[  ] rabbitmq_event_exchange           3.6.10
[  ] rabbitmq_federation               3.6.10
[  ] rabbitmq_federation_management    3.6.10
[  ] rabbitmq_jms_topic_exchange       3.6.10
[E*] rabbitmq_management               3.6.10
[e*] rabbitmq_management_agent         3.6.10
[  ] rabbitmq_management_visualiser    3.6.10
[  ] rabbitmq_mqtt                     3.6.10
[  ] rabbitmq_recent_history_exchange  3.6.10
[  ] rabbitmq_sharding                 3.6.10
[  ] rabbitmq_shovel                   3.6.10
[  ] rabbitmq_shovel_management        3.6.10
[  ] rabbitmq_stomp                    3.6.10
[  ] rabbitmq_top                      3.6.10
[  ] rabbitmq_tracing                  3.6.10
[  ] rabbitmq_trust_store              3.6.10
[e*] rabbitmq_web_dispatch             3.6.10
[  ] rabbitmq_web_mqtt                 3.6.10
[  ] rabbitmq_web_mqtt_examples        3.6.10
[  ] rabbitmq_web_stomp                3.6.10
[  ] rabbitmq_web_stomp_examples       3.6.10
[  ] sockjs                            0.3.4

以下是配置文件:

     [{ssl_config,
          [{cacertfile,
               "/path/to/ca_certificate.pem"},
           {keyfile,"/path/to/server_key.pem"},
           {certfile,
               "/path/to/server_certificate.pem"},
           {port,15671},
       {ssl,true},
           {ciphers,
               ["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
                "ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
                "ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
                "ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
                "DHE-RSA-AES256-GCM-SHA384"]}]}]},
 {rabbit,
     [{ssl_cert_login_from,common_name},
      {ssl_options,
          [{keyfile,"/path/to/server_key.pem"},
           {honor_ecc_order,true},
           {honor_cipher_order,true},
           {certfile,
               "/path/to/server_certificate.pem"},
           {cacertfile,
               "/path/to/ca_certificate.pem"},
           {fail_if_no_peer_cert,true},
           {verify,verify_peer},
           {versions,['tlsv1.1','tlsv1.2']},
           {ciphers,
               ["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
                "ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
                "ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
                "ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
                "DHE-RSA-AES256-GCM-SHA384","DHE-DSS-AES256-GCM-SHA384",
                "DHE-RSA-AES256-SHA256","DHE-DSS-AES256-SHA256",
                "ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256",
                "ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256",
                "ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256",
                "ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256",
                "DHE-RSA-AES128-GCM-SHA256","DHE-DSS-AES128-GCM-SHA256",
                "DHE-RSA-AES128-SHA256","DHE-DSS-AES128-SHA256",
                "ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA",
                "DHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA",
                "ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA",
                "ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA",
                "DHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA",
                "ECDH-ECDSA-AES128-SHA","ECDH-RSA-AES128-SHA"]}]},
      {tcp_listeners,[5672]},
      {ssl_listeners,[5671]},
      {auth_mechanisms,['EXTERNAL']},
      {cluster_formation,
          [{peer_discovery_backend,rabbit_peer_discovery_classic_config},
           {node_type,disc}]}]}].

过程保持简单。我只是用Docker文件安装所有东西,然后运行容器。

请提出我在做什么错

已编辑 以下是dockerfile的内容:

FROM scratch
#MAINTAINER The IISPL <prafult@interfaceinfosoft.com>

ARG HOST_NAME

ADD ubuntu-bionic-core-cloudimg-amd64-root.tar.gz /

LABEL name="Ubutnu Base Image"
LABEL vendor="Ubutnu 18.04"
LABEL license=GPLv2

ENV HOST_MACHINE_HOSTNAME=$HOST_NAME

RUN apt-get update && \
    apt-get install adduser wget make git gnupg gnupg2 gnupg1 vim python3 init-system-helpers openssl logrotate socat systemd erlang erlang-nox -y && \
    apt-get autoclean && \
    apt-get autoremove && \
    apt-get -y upgrade

RUN apt-get install -y rabbitmq-server

#ENV RABBITMQ_VERSION 3.6.12

#RUN wget https://www.rabbitmq.com/releases/rabbitmq-server/v$RABBITMQ_VERSION/rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
#    dpkg -i rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
#    rm -rf rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \

RUN mkdir -p /home/rabbitmq_server/scripts
RUN mkdir /home/rabbitmq_server/ssl

COPY scripts /home/rabbitmq_server/scripts
COPY ssl /home/rabbitmq_server/ssl
COPY rabbitmq.config /etc/rabbitmq/rabbitmq.config
RUN chmod +x /home/rabbitmq_server/scripts/*.sh
RUN chmod -R 777 /home/rabbitmq_server/ssl/

RUN systemctl enable rabbitmq-server.service

RUN rabbitmq-plugins enable rabbitmq_management
RUN rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl

EXPOSE 5671 15672 5672 15671

CMD ["/home/rabbitmq_server/scripts/run.sh"]

在运行脚本中,我只运行RabbitMQ服务器。

0 个答案:

没有答案