官網:https://www.rabbitmq.com/docs/management#multiple-listeners
生成證書
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt //一次性生成私鑰和證書 2.使用 已有RSA 私鑰生成自簽名證書 openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crt mv server.key serverbak.key openssl rsa -in serverbak.key -out server.key //去除密碼 rm -rf serverbak.key 3.生成自己網站的金鑰server.key openssl genrsa -aes256 -passout pass:111111 -out server.key 2048 4.使用 RSA私鑰生成 CSR 簽名請求 openssl req -new -key server.key -out server.csr 5.使用 CA 證書及CA金鑰 對請求籤發證書進行簽發,生成 x509證書 openssl x509 -req -days 3650 -in server.csr -CA cert.crt -CAkey rsa_private.key -set_serial 01 -out server.crt 6.驗證證書內容 openssl x509 -in server.crt -noout -text
配置
%% -*- mode: erlang -*- %% ---------------------------------------------------------------------------- %% RabbitMQ Sample Configuration File. %% %% Related doc guide: https://www.rabbitmq.com/configure.html. See %% https://rabbitmq.com/documentation.html for documentation ToC. %% ---------------------------------------------------------------------------- [ {rabbit, [%% %% Networking %% ==================== %% %% Related doc guide: https://www.rabbitmq.com/networking.html. %% By default, RabbitMQ will listen on all interfaces, using %% the standard (reserved) AMQP port. %% %% {tcp_listeners, [5672]}, %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. %% For example, to listen only on localhost for both IPv4 and IPv6: %% %% {tcp_listeners, [{"127.0.0.1", 5672}, %% {"::1", 5672}]}, %% TLS listeners are configured in the same fashion as TCP listeners, %% including the option to control the choice of interface. %% {ssl_listeners, [5671]}, {ssl_options, [ {cacertfile,"/opt/ssl/cert.crt"}, {certfile,"/opt/ssl/server.crt"}, {keyfile,"/opt/ssl/server.key"}, {verify, verify_peer}, {versions, ['tlsv1.2', 'tlsv1.1']} ] } %% Number of Erlang processes that will accept connections for the TCP %% and TLS listeners. %% %% {num_tcp_acceptors, 10}, %% {num_ssl_acceptors, 1}, %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection %% and TLS handshake), in milliseconds. %% %% {handshake_timeout, 10000}, %% Set to 'true' to perform reverse DNS lookups when accepting a %% connection. Hostnames will then be shown instead of IP addresses %% in rabbitmqctl and the management plugin. %% %% {reverse_dns_lookups, false}, %% %% Security, Access Control %% ======================== %% %% Related doc guide: https://www.rabbitmq.com/access-control.html. %% The default "guest" user is only permitted to access the server %% via a loopback interface (e.g. localhost). %% {loopback_users, [<<"guest">>]}, %% %% Uncomment the following line if you want to allow access to the %% guest user from anywhere on the network. %%{loopback_users, []} %% TLS configuration. %% %% Related doc guide: https://www.rabbitmq.com/ssl.html. %% %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, %% {certfile, "/path/to/server/cert.pem"}, %% {keyfile, "/path/to/server/key.pem"}, %% {verify, verify_peer}, %% {fail_if_no_peer_cert, false}]}, %% Choose the available SASL mechanism(s) to expose. %% The two default (built in) mechanisms are 'PLAIN' and %% 'AMQPLAIN'. Additional mechanisms can be added via %% plugins. %% %% Related doc guide: https://www.rabbitmq.com/authentication.html. %% %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, %% Select an authentication database to use. RabbitMQ comes bundled %% with a built-in auth-database, based on mnesia. %% %% {auth_backends, [rabbit_auth_backend_internal]}, %% Configurations supporting the rabbitmq_auth_mechanism_ssl and %% rabbitmq_auth_backend_ldap plugins. %% %% NB: These options require that the relevant plugin is enabled. %% Related doc guide: https://www.rabbitmq.com/plugins.html for further details. %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to %% authenticate a user based on the client's TLS certificate. %% %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms %% list with the entry 'EXTERNAL'. %% %% {auth_mechanisms, ['EXTERNAL']}, %% The rabbitmq_auth_backend_ldap plugin allows the broker to %% perform authentication and authorisation by deferring to an %% external LDAP server. %% %% For more information about configuring the LDAP backend, see %% https://www.rabbitmq.com/ldap.html. %% %% Enable the LDAP auth backend by adding to or replacing the %% auth_backends entry: %% %% {auth_backends, [rabbit_auth_backend_ldap]}, %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp %% configuration section later in this file and the README in %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further %% details. %% %% To use the TLS cert's CN instead of its DN as the username %% %% {ssl_cert_login_from, distinguished_name}, %% TLS handshake timeout, in milliseconds. %% %% {ssl_handshake_timeout, 5000}, %% Makes RabbitMQ accept SSLv3 client connections by default. %% DO NOT DO THIS IF YOU CAN HELP IT. %% %% {ssl_allow_poodle_attack, false}, %% Password hashing implementation. Will only affect newly %% created users. To recalculate hash for an existing user %% it's necessary to update her password. %% %% When importing definitions exported from versions earlier %% than 3.6.0, it is possible to go back to MD5 (only do this %% as a temporary measure!) by setting this to rabbit_password_hashing_md5. %% %% To use SHA-512, set to rabbit_password_hashing_sha512. %% %% {password_hashing_module, rabbit_password_hashing_sha256}, %% Configuration entry encryption. %% Related doc guide: https://www.rabbitmq.com/configure.html#configuration-encryption %% %% To specify the passphrase in the configuration file: %% %% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]} %% %% To specify the passphrase in an external file: %% %% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]} %% %% To make the broker request the passphrase when it starts: %% %% {config_entry_decoder, [{passphrase, prompt}]} %% %% To change encryption settings: %% %% {config_entry_decoder, [{cipher, aes_cbc256}, %% {hash, sha512}, %% {iterations, 1000}]} %% %% Default User / VHost %% ==================== %% %% On first start RabbitMQ will create a vhost and a user. These %% config items control what gets created. See %% https://www.rabbitmq.com/access-control.html for further %% information about vhosts and access control. %% %% {default_vhost, <<"/">>}, %% {default_user, <<"guest">>}, %% {default_pass, <<"guest">>}, %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, %% Tags for default user %% %% Related doc guide: https://www.rabbitmq.com/management.html. %% %% {default_user_tags, [administrator]}, %% %% Additional network and protocol related configuration %% ===================================================== %% %% Sets the default AMQP 0-9-1 heartbeat timeout in seconds. %% Values lower than 6 can produce false positives and are not %% recommended. %% %% Related doc guides: %% %% * https://www.rabbitmq.com/heartbeats.html %% * https://www.rabbitmq.com/networking.html %% %% {heartbeat, 60}, %% Set the max permissible size of an AMQP frame (in bytes). %% %% {frame_max, 131072}, %% Set the max frame size the server will accept before connection %% tuning occurs %% %% {initial_frame_max, 4096}, %% Set the max permissible number of channels per connection. %% 0 means "no limit". %% %% {channel_max, 0}, %% Set the max permissible number of client connections to the node. %% `infinity` means "no limit". %% %% This limit applies to client connections to all listeners (regardless of %% the protocol, whether TLS is used and so on). CLI tools and inter-node %% connections are exempt. %% %% When client connections are rapidly opened in succession, it is possible %% for the total connection count to go slightly higher than the configured limit. %% The limit works well as a general safety measure. %% %% Clients that are hitting the limit will see their TCP connections fail or time out. %% %% Introduced in 3.6.13. %% %% Related doc guide: https://www.rabbitmq.com/networking.html. %% %% {connection_max, infinity}, %% TCP socket options. %% %% Related doc guide: https://www.rabbitmq.com/networking.html. %% %% {tcp_listen_options, [{backlog, 128}, %% {nodelay, true}, %% {exit_on_close, false}]}, %% %% Resource Limits & Flow Control %% ============================== %% %% Related doc guide: https://www.rabbitmq.com/memory.html, https://www.rabbitmq.com/memory-use.html. %% Memory-based Flow Control threshold. %% %% {vm_memory_high_watermark, 0.7}, %% Alternatively, we can set a limit (in bytes) of RAM used by the node. %% %% {vm_memory_high_watermark, {absolute, 1073741824}}, %% %% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). %% %% {vm_memory_high_watermark, {absolute, "1024M"}}, %% %% Supported unit symbols: %% %% k, kiB: kibibytes (2^10 - 1,024 bytes) %% M, MiB: mebibytes (2^20 - 1,048,576 bytes) %% G, GiB: gibibytes (2^30 - 1,073,741,824 bytes) %% kB: kilobytes (10^3 - 1,000 bytes) %% MB: megabytes (10^6 - 1,000,000 bytes) %% GB: gigabytes (10^9 - 1,000,000,000 bytes) %% Fraction of the high watermark limit at which queues start to %% page message out to disc in order to free up memory. %% For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, %% paging can begin as early as when 20% of total available RAM is used by the node. %% %% Values greater than 1.0 can be dangerous and should be used carefully. %% %% One alternative to this is to use durable queues and publish messages %% as persistent (delivery mode = 2). With this combination queues will %% move messages to disk much more rapidly. %% %% Another alternative is to configure queues to page all messages (both %% persistent and transient) to disk as quickly %% as possible, see https://www.rabbitmq.com/lazy-queues.html. %% %% {vm_memory_high_watermark_paging_ratio, 0.5}, %% Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), %% Introduced in 3.6.11. `rss` is the default as of 3.6.12. %% See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. %% {vm_memory_calculation_strategy, rss}, %% Interval (in milliseconds) at which we perform the check of the memory %% levels against the watermarks. %% %% {memory_monitor_interval, 2500}, %% The total memory available can be calculated from the OS resources %% - default option - or provided as a configuration parameter: %% {total_memory_available_override_value, "5000MB"}, %% Set disk free limit (in bytes). Once free disk space reaches this %% lower bound, a disk alarm will be set - see the documentation %% listed above for more details. %% %% {disk_free_limit, 50000000}, %% %% Or you can set it using memory units (same as in vm_memory_high_watermark) %% with RabbitMQ 3.6.0+. %% {disk_free_limit, "50MB"}, %% {disk_free_limit, "50000kB"}, %% {disk_free_limit, "2GB"}, %% Alternatively, we can set a limit relative to total available RAM. %% %% Values lower than 1.0 can be dangerous and should be used carefully. %% {disk_free_limit, {mem_relative, 2.0}}, %% %% Clustering %% ===================== %% %% Queue master location strategy: %% * <<"min-masters">> %% * <<"client-local">> %% * <<"random">> %% %% Related doc guide: https://www.rabbitmq.com/ha.html#queue-master-location %% %% {queue_master_locator, <<"client-local">>}, %% Batch size (number of messages) used during eager queue mirror synchronisation. %% Related doc guide: https://www.rabbitmq.com/ha.html#batch-sync. When average message size is relatively large %% (say, 10s of kilobytes or greater), reducing this value will decrease peak amount %% of RAM used by newly joining nodes that need eager synchronisation. %% %% {mirroring_sync_batch_size, 4096}, %% Enables flow control between queue mirrors. %% Disabling this can be dangerous and is not recommended. %% When flow control is disabled, queue masters can outpace mirrors and not allow mirrors to catch up. %% Mirrors will end up using increasingly more RAM, eventually triggering a memory alarm. %% %% {mirroring_flow_control, true}, %% Additional server properties to announce to connecting clients. %% %% {server_properties, []}, %% How to respond to cluster partitions. %% Related doc guide: https://www.rabbitmq.com/partitions.html %% %% {cluster_partition_handling, ignore}, %% Mirror sync batch size, in messages. Increasing this will speed %% up syncing but total batch size in bytes must not exceed 2 GiB. %% Available in RabbitMQ 3.6.0 or later. %% %% {mirroring_sync_batch_size, 4096}, %% Make clustering happen *automatically* at startup - only applied %% to nodes that have just been reset or started for the first time. %% Related doc guide: https://www.rabbitmq.com/clustering.html#auto-config %% %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, %% Interval (in milliseconds) at which we send keepalive messages %% to other cluster members. Note that this is not the same thing %% as net_ticktime; missed keepalive messages will not cause nodes %% to be considered down. %% %% {cluster_keepalive_interval, 10000}, %% %% Statistics Collection %% ===================== %% %% Set (internal) statistics collection granularity. %% %% {collect_statistics, none}, %% Statistics collection interval (in milliseconds). Increasing %% this will reduce the load on management database. %% %% {collect_statistics_interval, 5000}, %% Enables vhosts tracing. %% %% {trace_vhosts, []}, %% Explicitly enable/disable HiPE compilation. %% %% {hipe_compile, false}, %% Number of delegate processes to use for intra-cluster communication. %% On a node which is part of cluster, has more than 16 cores and plenty of network bandwidth, %% it may make sense to increase this value. %% %% {delegate_count, 16}, %% Number of times to retry while waiting for internal database tables (Mnesia tables) to sync %% from a peer. In deployments where nodes can take a long time to boot, this value %% may need increasing. %% %% {mnesia_table_loading_retry_limit, 10}, %% Amount of time in milliseconds which this node will wait for internal database tables (Mnesia tables) to sync %% from a peer. In deployments where nodes can take a long time to boot, this value %% may need increasing. %% %% {mnesia_table_loading_retry_timeout, 30000}, %% Size in bytes below which to embed messages in the queue index. %% Related doc guide: https://www.rabbitmq.com/persistence-conf.html %% %% {queue_index_embed_msgs_below, 4096}, %% Maximum number of queue index entries to keep in journal %% Related doc guide: https://www.rabbitmq.com/persistence-conf.html. %% %% {queue_index_max_journal_entries, 32768}, %% Number of credits that a queue process is given by the message store %% By default, a queue process is given 4000 message store credits, %% and then 800 for every 800 messages that it processes. %% %% {msg_store_credit_disc_bound, {4000, 800}}, %% Minimum number of messages with their queue position held in RAM required %% to trigger writing their queue position to disk. %% %% This value MUST be higher than the initial msg_store_credit_disc_bound value, %% otherwise paging performance may worsen. %% %% {msg_store_io_batch_size, 4096}, %% Number of credits that a connection, channel or queue are given. %% %% By default, every connection, channel or queue is given 400 credits, %% and then 200 for every 200 messages that it sends to a peer process. %% Increasing these values may help with throughput but also can be dangerous: %% high credit flow values are no different from not having flow control at all. %% %% Related doc guide: https://www.rabbitmq.com/blog/2015/10/06/new-credit-flow-settings-on-rabbitmq-3-5-5/ %% and http://alvaro-videla.com/2013/09/rabbitmq-internals-credit-flow-for-erlang-processes.html. %% %% {credit_flow_default_credit, {400, 200}}, %% Number of milliseconds before a channel operation times out. %% %% {channel_operation_timeout, 15000}, %% Number of queue operations required to trigger an explicit garbage collection. %% Increasing this value may reduce CPU load and increase peak RAM consumption of queues. %% %% {queue_explicit_gc_run_operation_threshold, 1000}, %% Number of lazy queue operations required to trigger an explicit garbage collection. %% Increasing this value may reduce CPU load and increase peak RAM consumption of lazy queues. %% %% {lazy_queue_explicit_gc_run_operation_threshold, 1000}, %% Number of times disk monitor will retry free disk space queries before %% giving up. %% %% {disk_monitor_failure_retries, 10}, %% Milliseconds to wait between disk monitor retries on failures. %% %% {disk_monitor_failure_retry_interval, 120000}, %% Whether or not to enable background periodic forced GC runs for all %% Erlang processes on the node in "waiting" state. %% %% Disabling background GC may reduce latency for client operations, %% keeping it enabled may reduce median RAM usage by the binary heap %% (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html). %% %% Before enabling this option, please take a look at the memory %% breakdown (https://www.rabbitmq.com/memory-use.html). %% %% {background_gc_enabled, false}, %% Interval (in milliseconds) at which we run background GC. %% %% {background_gc_target_interval, 60000}, %% Message store operations are stored in a sequence of files called segments. %% This controls max size of a segment file. %% Increasing this value may speed up (sequential) disk writes but will slow down segment GC process. %% DO NOT CHANGE THIS for existing installations. %% %% {msg_store_file_size_limit, 16777216}, %% Whether or not to enable file write buffering. %% %% {fhc_write_buffering, true}, %% Whether or not to enable file read buffering. Enabling %% this may slightly speed up reads but will also increase %% node's memory consumption, in particular on boot. %% %% {fhc_read_buffering, false} ]}, %% ---------------------------------------------------------------------------- %% Advanced Erlang Networking/Clustering Options. %% %% Related doc guide: https://www.rabbitmq.com/clustering.html %% ---------------------------------------------------------------------------- {kernel, [%% Sets the net_kernel tick time. %% Please see http://erlang.org/doc/man/kernel_app.html and %% https://www.rabbitmq.com/nettick.html for further details. %% %% {net_ticktime, 60} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ Management Plugin %% %% Related doc guide: https://www.rabbitmq.com/management.html %% ---------------------------------------------------------------------------- {rabbitmq_management, [%% Preload schema definitions from a previously exported definitions file. See %% https://www.rabbitmq.com/management.html#load-definitions %% %% {load_definitions, "/path/to/exported/definitions.json"}, %% Log all requests to the management HTTP API to a directory. %% %% {http_log_dir, "/path/to/rabbitmq/logs/http"}, %% Change the port on which the HTTP listener listens, %% specifying an interface for the web server to bind to. %% Also set the listener to use TLS and provide TLS options. %% %% {listener, [{port, 12345}, %% {ip, "127.0.0.1"}, %% {ssl, true}, %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, %% {certfile, "/path/to/cert.pem"}, %% {keyfile, "/path/to/key.pem"}]}]}, %% One of 'basic', 'detailed' or 'none'. See %% https://www.rabbitmq.com/management.html#fine-stats for more details. %% {rates_mode, basic}, %% Configure how long aggregated data (such as message rates and queue %% lengths) is retained. Please read the plugin's documentation in %% https://www.rabbitmq.com/management.html#configuration for more %% details. %% %% {sample_retention_policies, %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, %% {basic, [{60, 5}, {3600, 60}]}, %% {detailed, [{10, 5}]}]} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ Shovel Plugin %% %% Related doc guide: https://www.rabbitmq.com/shovel.html %% ---------------------------------------------------------------------------- {rabbitmq_shovel, [{shovels, [%% A named shovel worker. %% {my_first_shovel, %% [ %% List the source broker(s) from which to consume. %% %% {sources, %% [%% URI(s) and pre-declarations for all source broker(s). %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, %% {declarations, []} %% ]}, %% List the destination broker(s) to publish to. %% {destinations, %% [%% A singular version of the 'brokers' element. %% {broker, "amqp://"}, %% {declarations, []} %% ]}, %% Name of the queue to shovel messages from. %% %% {queue, <<"your-queue-name-goes-here">>}, %% Optional prefetch count. %% %% {prefetch_count, 10}, %% when to acknowledge messages: %% - no_ack: never (auto) %% - on_publish: after each message is republished %% - on_confirm: when the destination broker confirms receipt %% %% {ack_mode, on_confirm}, %% Overwrite fields of the outbound basic.publish. %% %% {publish_fields, [{exchange, <<"my_exchange">>}, %% {routing_key, <<"from_shovel">>}]}, %% Static list of basic.properties to set on re-publication. %% %% {publish_properties, [{delivery_mode, 2}]}, %% The number of seconds to wait before attempting to %% reconnect in the event of a connection failure. %% %% {reconnect_delay, 2.5} %% ]} %% End of my_first_shovel ]} %% Rather than specifying some values per-shovel, you can specify %% them for all shovels here. %% %% {defaults, [{prefetch_count, 0}, %% {ack_mode, on_confirm}, %% {publish_fields, []}, %% {publish_properties, [{delivery_mode, 2}]}, %% {reconnect_delay, 2.5}]} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ STOMP Plugin %% %% Related doc guide: https://www.rabbitmq.com/stomp.html %% ---------------------------------------------------------------------------- {rabbitmq_stomp, [%% Network Configuration - the format is generally the same as for the broker %% Listen only on localhost (ipv4 & ipv6) on a specific port. %% {tcp_listeners, [{"127.0.0.1", 61613}, %% {"::1", 61613}]}, %% Listen for TLS connections on a specific port. %% {ssl_listeners, [61614]}, %% Number of Erlang processes that will accept connections for the TCP %% and TLS listeners. %% %% {num_tcp_acceptors, 10}, %% {num_ssl_acceptors, 1}, %% Additional TLS options %% Extract a name from the client's certificate when using TLS. %% %% {ssl_cert_login, true}, %% Set a default user name and password. This is used as the default login %% whenever a CONNECT frame omits the login and passcode headers. %% %% Please note that setting this will allow clients to connect without %% authenticating! %% %% {default_user, [{login, "guest"}, %% {passcode, "guest"}]}, %% If a default user is configured, or you have configured use TLS client %% certificate based authentication, you can choose to allow clients to %% omit the CONNECT frame entirely. If set to true, the client is %% automatically connected as the default user or user supplied in the %% TLS certificate whenever the first frame sent on a session is not a %% CONNECT frame. %% %% {implicit_connect, true}, %% Whether or not to enable proxy protocol support. %% Once enabled, clients cannot directly connect to the broker %% anymore. They must connect through a load balancer that sends the %% proxy protocol header to the broker at connection time. %% This setting applies only to STOMP clients, other protocols %% like MQTT or AMQP have their own setting to enable proxy protocol. %% See the plugins or broker documentation for more information. %% %% {proxy_protocol, false} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ MQTT Plugin %% %% Related doc guide: https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md %% %% ---------------------------------------------------------------------------- {rabbitmq_mqtt, [%% Set the default user name and password. Will be used as the default login %% if a connecting client provides no other login details. %% %% Please note that setting this will allow clients to connect without %% authenticating! %% %% {default_user, <<"guest">>}, %% {default_pass, <<"guest">>}, %% Enable anonymous access. If this is set to false, clients MUST provide %% login information in order to connect. See the default_user/default_pass %% configuration elements for managing logins without authentication. %% %% {allow_anonymous, true}, %% If you have multiple chosts, specify the one to which the %% adapter connects. %% %% {vhost, <<"/">>}, %% Specify the exchange to which messages from MQTT clients are published. %% %% {exchange, <<"amq.topic">>}, %% Specify TTL (time to live) to control the lifetime of non-clean sessions. %% %% {subscription_ttl, 1800000}, %% Set the prefetch count (governing the maximum number of unacknowledged %% messages that will be delivered). %% %% {prefetch, 10}, %% TLS listeners. %% See https://www.rabbitmq.com/networking.html %% %% {tcp_listeners, [1883]}, %% {ssl_listeners, []}, %% Number of Erlang processes that will accept connections for the TCP %% and TLS listeners. %% See https://www.rabbitmq.com/networking.html %% %% {num_tcp_acceptors, 10}, %% {num_ssl_acceptors, 1}, %% TCP socket options. %% See https://www.rabbitmq.com/networking.html %% %% {tcp_listen_options, [ %% {backlog, 128}, %% {linger, {true, 0}}, %% {exit_on_close, false} %% ]}, %% Whether or not to enable proxy protocol support. %% Once enabled, clients cannot directly connect to the broker %% anymore. They must connect through a load balancer that sends the %% proxy protocol header to the broker at connection time. %% This setting applies only to MQTT clients, other protocols %% like STOMP or AMQP have their own setting to enable proxy protocol. %% See the plugins or broker documentation for more information. %% %% {proxy_protocol, false} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ AMQP 1.0 Support %% %% Related doc guide: https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md %% %% ---------------------------------------------------------------------------- {rabbitmq_amqp1_0, [%% Connections that are not authenticated with SASL will connect as this %% account. See the README for more information. %% %% Please note that setting this will allow clients to connect without %% authenticating! %% %% {default_user, "guest"}, %% Enable protocol strict mode. See the README for more information. %% %% {protocol_strict_mode, false} ]}, %% ---------------------------------------------------------------------------- %% RabbitMQ LDAP Plugin %% %% Related doc guide: https://www.rabbitmq.com/ldap.html. %% %% ---------------------------------------------------------------------------- {rabbitmq_auth_backend_ldap, [%% %% Connecting to the LDAP server(s) %% ================================ %% %% Specify servers to bind to. You *must* set this in order for the plugin %% to work properly. %% %% {servers, ["your-server-name-goes-here"]}, %% Connect to the LDAP server using TLS %% %% {use_ssl, false}, %% Specify the LDAP port to connect to %% %% {port, 389}, %% LDAP connection timeout, in milliseconds or 'infinity' %% %% {timeout, infinity}, %% Enable logging of LDAP queries. %% One of %% - false (no logging is performed) %% - true (verbose logging of the logic used by the plugin) %% - network (as true, but additionally logs LDAP network traffic) %% %% Defaults to false. %% %% {log, false}, %% %% Authentication %% ============== %% %% Pattern to convert the username given through AMQP to a DN before %% binding %% %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, %% Alternatively, you can convert a username to a Distinguished %% Name via an LDAP lookup after binding. See the documentation for %% full details. %% When converting a username to a dn via a lookup, set these to %% the name of the attribute that represents the user name, and the %% base DN for the lookup query. %% %% {dn_lookup_attribute, "userPrincipalName"}, %% {dn_lookup_base, "DC=gopivotal,DC=com"}, %% Controls how to bind for authorisation queries and also to %% retrieve the details of users logging in without presenting a %% password (e.g., SASL EXTERNAL). %% One of %% - as_user (to bind as the authenticated user - requires a password) %% - anon (to bind anonymously) %% - {UserDN, Password} (to bind with a specified user name and password) %% %% Defaults to 'as_user'. %% %% {other_bind, as_user}, %% %% Authorisation %% ============= %% %% The LDAP plugin can perform a variety of queries against your %% LDAP server to determine questions of authorisation. See %% https://www.rabbitmq.com/ldap.html#authorisation for more %% information. %% Set the query to use when determining vhost access %% %% {vhost_access_query, {in_group, %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, %% Set the query to use when determining resource (e.g., queue) access %% %% {resource_access_query, {constant, true}}, %% Set queries to determine which tags a user has %% %% {tag_queries, []} ]}, %% Lager controls logging. %% See https://github.com/basho/lager for more documentation {lager, [ %% %% Log directory, taken from the RABBITMQ_LOG_BASE env variable by default. %% {log_root, "/var/log/rabbitmq"}, %% %% All log messages go to the default "sink" configured with %% the `handlers` parameter. By default, it has a single %% lager_file_backend handler writing messages to "$nodename.log" %% (ie. the value of $RABBIT_LOGS). %% {handlers, [ %% {lager_file_backend, [{file, "rabbit.log"}, %% {level, info}, %% {date, ""}, %% {size, 0}]} %% ]}, %% %% Extra sinks are used in RabbitMQ to categorize messages. By %% default, those extra sinks are configured to forward messages %% to the default sink (see above). "rabbit_log_lager_event" %% is the default category where all RabbitMQ messages without %% a category go. Messages in the "channel" category go to the %% "rabbit_channel_lager_event" Lager extra sink, and so on. %% {extra_sinks, [ %% {rabbit_log_lager_event, [{handlers, [ %% {lager_forwarder_backend, %% [lager_event, info]}]}]}, %% {rabbit_channel_lager_event, [{handlers, [ %% {lager_forwarder_backend, %% [lager_event, info]}]}]}, %% {rabbit_connection_lager_event, [{handlers, [ %% {lager_forwarder_backend, %% [lager_event, info]}]}]}, %% {rabbit_mirroring_lager_event, [{handlers, [ %% {lager_forwarder_backend, %% [lager_event, info]}]}]} %% ]} ]} ].
重啟
rabbitmqctl stop
rabbitmq-server -detached
檢視