如何禁用RabbitMQ默认tcp侦听端口-5672
我已使用新端口号(即带有SSL的5671)配置RabbitMQ如何禁用RabbitMQ默认tcp侦听端口-5672,rabbitmq,Rabbitmq,我已使用新端口号(即带有SSL的5671)配置RabbitMQRabbitMQ.config文件 现在我想禁用默认端口,即5672 配置文件如下:- [ {rabbit, [ {ssl_listeners, [5671]}, {ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"}, {certfile,"
RabbitMQ.config
文件
现在我想禁用默认端口,即5672
配置文件如下:-
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
现在它在5671和5672端口上工作。但是我需要禁用5672端口。
提出一些意见或建议
提前感谢。要禁用standart RabbitMQ 5672端口,请将
{tcp\u侦听器,[]}
添加到您的RabbitMQ.conf:
[
{rabbit, [
{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
listeners.ssl.1 = 5671
ssl_options.cacertfile = /path/to/testca/cacert.pem
ssl_options.certfile = /path/to/server/cert.pem
ssl_options.keyfile = /path/to/server/key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
它与RabbitMQ 3.1.5兼容,下面介绍如何使用:
[
{rabbit, [
{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
listeners.ssl.1 = 5671
ssl_options.cacertfile = /path/to/testca/cacert.pem
ssl_options.certfile = /path/to/server/cert.pem
ssl_options.keyfile = /path/to/server/key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
[
{rabbit,
[{tcp_listeners, []}
]}
].
似乎要使用新文件格式禁用非ssl侦听,可以执行以下操作:
listeners.tcp = none
这与其他3.7答案的效果相同,但不需要在advanced.config中执行此操作。修复有问题的端口数。572->5672和etcBe警告,如果没有对等证书,则选项
失败,false
仍然允许没有证书的客户端连接。阅读更多关于fail\u if\u no\u peer\u cert
设置的信息……第二部分是否使用advanced.config而不是rabbitmq.conf有意义吗?我尝试了一些方法让它在rabbitmq.conf中工作(不是),但没有任何运气。请随意编辑我的答案,如果你得到它的工作!来自rabbitmq文档:某些配置设置不可能或难以使用sysctl格式进行配置。因此,可以使用Erlang术语格式的附加配置文件(与rabbitmq.config相同)。该文件通常命名为advanced.config。它将与rabbitmq.conf中提供的配置合并。
我想这就是为什么我没有在rabbitmq-server-3.8中为我工作。您是否有机会在3.8中测试此设置?@mrc02_kr这是文档推荐的方式。似乎在3.8.11中对我有效。