Public | Automated Build

Last pushed: 17 days ago
Short Description
RabbitMQ with AMQPS and MQTTS and all plugins enabled automatic certificate renewal from LetsEncrypt
Full Description

RabbitMQ with AMQPS and MQTTS with LetsEncrypt

Docker container with RabbitMQ with AMQPS and MQTTS enabled with automatic renewal of ssl certificates from LetsEncrypt. The only thing needed is a hostname for your server. This example uses mycoolserver.dyndns.com but it could be any hostname.

Start

Start AMQPS on port 5671, MQTTS on port 8883 and the management interface of RabbitMQ on port 443

HOSTNAME=mycoolserver.dyndns.com docker-compose up

Test HTTPS

Open a browser to https://rabbitmq.mycoolserver.dyndns.com and check that you see the RabbitMQs management interface and that it has a valid SSL certificate.

Test AMPQPS

docker-compose exec rabbitmq bash -c \
 'openssl s_client -connect ${HOSTNAME}:5671 \
  -CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
  -cert   /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt  \
  -key    /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'

Test MQTTS

docker-compose exec rabbitmq bash -c \
 'openssl s_client -connect ${HOSTNAME}:8883 \
  -CAfile /var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem \
  -cert   /var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt  \
  -key    /var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key'

rabbitmq.conf

The rabbitmq.conf loads the the following certificates from https://github.com/SteveLTN/https-portal

[
 {ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
 {rabbit, [
  {ssl_listeners, [5671]},
  {ssl_options, [
   {cacertfile,"/var/lib/https/rabbitmq.${HOSTNAME}/production/chained.pem"},
   {certfile,  "/var/lib/https/rabbitmq.${HOSTNAME}/production/signed.crt"},
   {keyfile,   "/var/lib/https/rabbitmq.${HOSTNAME}/production/domain.key"},
   {versions, ['tlsv1.2', 'tlsv1.1']}
  ]},
  {loopback_users, []}
 ]},
 {rabbitmq_mqtt, [
  {ssl_listeners,    [8883]},
  {tcp_listeners,    [1883]}
 ]}
].
Docker Pull Command
Owner
marcelmaatkamp