Skip to content

Latest commit

 

History

History
59 lines (46 loc) · 1.86 KB

README.md

File metadata and controls

59 lines (46 loc) · 1.86 KB
Raw

RabbitMQ with AMQPS and MQTTS with LetsEncrypt

Docker container with RabbitMQ with AMQPS and MQTTS enabled with automatic renewal of ssl certificates from LetsEncrypt. The only thing needed is a hostname for your server. This example uses mycoolserver.dyndns.com but it could be any hostname.

Start

Start AMQPS on port 5671, MQTTS on port 8883 and the management interface of RabbitMQ on port 443

HOSTNAME=mycoolserver.dyndns.com docker-compose up

Test HTTPS

Open a browser to https://rabbitmq.mycoolserver.dyndns.com and check that you see the RabbitMQs management interface and that it has a valid SSL certificate.

Test AMPQPS

docker-compose exec rabbitmq bash -c \
 'openssl s_client -connect ${HOSTNAME}:5671 \
  -CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
  -cert   /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt  \
  -key    /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'

Test MQTTS

docker-compose exec rabbitmq bash -c \
 'openssl s_client -connect ${HOSTNAME}:8883 \
  -CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
  -cert   /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt  \
  -key    /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'

rabbitmq.conf

The rabbitmq.conf loads the the following certificates from https://github.com/SteveLTN/https-portal

[
 {ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
 {rabbit, [
  {ssl_listeners, [5671]},
  {ssl_options, [
   {cacertfile,"/var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem"},
   {certfile,  "/var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt"},
   {keyfile,   "/var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key"},
   {versions, ['tlsv1.2', 'tlsv1.1']}
  ]},
  {loopback_users, []}
 ]},
 {rabbitmq_mqtt, [
  {ssl_listeners,    [8883]},
  {tcp_listeners,    [1883]}
 ]}
].