RabbitMq启用TLS-CSDN博客

阿里云国内75折回扣微信号：monov8

阿里云国际，腾讯云国际，低至75折。AWS 93折免费开户实名账号代冲值优惠多多微信号：monov8 飞机：@monov6

Windows环境

查看配置文件的位置

选择使用的节点
查看当前节点配置文件的配置

配置TLS

将证书放到同配置相同目录中
编辑配置文件添加TLS相关配置

[
 {ssl, [{versions, ['tlsv1.2']}]},
    {rabbit, [
        {ssl_listeners, [5671]},
        {ssl_options, [{cacertfile,"C:/Users/17126/AppData/Roaming/RabbitMQ/ssl/klca/cacert.pem"},
                       {certfile,"C:/Users/17126/AppData/Roaming/RabbitMQ/ssl/server/cert.pem"},
                       {keyfile,"C:/Users/17126/AppData/Roaming/RabbitMQ/ssl/server/key.pem"},
                       {depth, 2},
                       {verify,verify_peer},
                       {honor_cipher_order,true},
                       {honor_ecc_order,      true},
                       {fail_if_no_peer_cert,false},
                       {versions, ['tlsv1.2']},
                        {ciphers, [ 
                          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
                          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
                          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
                          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
                          "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",
                          "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",
                          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
                          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
                          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
                          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
                          "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
                          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
                          "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
                          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
                          ]
                         }      
        ]}
    ]}
].

重启服务

在这里插入图片描述

Linux环境 (使用docker)

拉取RabbitMq镜像

docker pull rabbitmq:3.11.2-management

在这里插入图片描述

在宿主机创建Rabbitmq容器配置挂载目录

在/etc目录下创建rabbitmq目录
cd /etc
mkdir rabbitmq

在这里插入图片描述

启动Rabbitmq镜像

docker run --name rabbitmq -d -p 15672:15672 -p 5672:5672 -p 5671:5671 -v /etc/rabbitmq:/etc/rabbitmq 031f07386589

查看启动状态

docker ps

在这里插入图片描述

开启Rabbitmq页面管理插件

进入容器

docker exec -it 7c4548748ca9 /bin/bash

开启web页面管理插件

rabbitmq-plugins enable rabbitmq_management

增加新用户(RabbitMQ默认只有一个guest帐号guest帐号只能在RabbitMQ安装服务器上登录在其它服务器用guest登录提示User can only log in via localhost。)

#第一步添加 admin 用户并设置密码
rabbitmqctl add_user admin 123456
#第二步添加 admin 用户为administrator角色
rabbitmqctl set_user_tags admin administrator
#第三步设置 admin 用户的权限指定允许访问的vhost以及write/read
rabbitmqctl set_permissions -p "/" admin ".*" ".*" ".*"
#第四步查看vhost/允许哪些用户访问
rabbitmqctl list_permissions -p /
#第五步查看用户列表
rabbitmqctl list_users

退出容器

exit

配置TLS

在宿主机与容器挂载目录中创建一个rabbitmq.conf 文件

touch rabbitmq.conf

将证书文件放到同目录中(这里都放在了ssl文件夹中)
配置rabbitmq.conf文件

listeners.ssl.default = 5671

ssl_options.cacertfile=/etc/rabbitmq/ssl/klca/cacert.pem
ssl_options.certfile=/etc/rabbitmq/ssl/server/cert.pem
ssl_options.keyfile=/etc/rabbitmq/ssl/server/key.pem

ssl_options.verify=verify_peer
ssl_options.fail_if_no_peer_cert=false
ssl_options.depth=2
ssl_options.versions.1=tlsv1.2
ssl_options.honor_cipher_order=true
ssl_options.honor_ecc_order=true

ssl_options.ciphers.1 = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ssl_options.ciphers.2 = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
ssl_options.ciphers.3 = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
ssl_options.ciphers.4 = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
ssl_options.ciphers.5 = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
ssl_options.ciphers.6 = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
ssl_options.ciphers.7 =  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
ssl_options.ciphers.8 =  TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
ssl_options.ciphers.9 = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
ssl_options.ciphers.10 = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
ssl_options.ciphers.11= TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
ssl_options.ciphers.12 = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA