外网部署mq不开启ACL很容易被扫出来,强烈建议开启ACL 安全组限制ip!!
注意:部署成功后 dashboard的生产者列表需要生产者发一条消息才会显示!!
准备工作
docker pull apache/rocketmq:4.9.7
docker pull apacherocketmq/rocketmq-dashboard:latest
docker network create rocketmq
比如挂载配置放在/home/rocketmq-4.9.7 新建相应的目录 注意文件夹权限是否是777
安装namesrc
docker run -d --restart=always --name rocketmq-namesrv --network rocketmq -p 9876:9876 -v /home/rocketmq-4.9.7/namesrv/logs:/home/rocketmq/logs -v /home/rocketmq-4.9.7/namesrv/store:/home/rocketmq/store -e "MAX_POSSIBLE_HEAP=100000000" apache/rocketmq:4.9.7 sh mqnamesrv
配置broker.conf
先将配置文件拷到broker/broker-a
docker cp c727ffbe482d:/home/rocketmq/rocketmq-4.9.7/conf /opt/model/rocketmq-4.9.7/broker/broker-a/
进入conf目录编辑broker.conf
# 所属集群名称,如果节点较多可以配置多个
brokerClusterName = DefaultCluster
#broker名称,master和slave使用相同的名称,表明他们的主从关系
brokerName = broker-a
#0表示Master,大于0表示不同的slave
brokerId = 0
#表示几点做消息删除动作,默认是凌晨4点
deleteWhen = 04
#在磁盘上保留消息的时长,单位是小时
fileReservedTime = 48
#有三个值:SYNC_MASTER,ASYNC_MASTER,SLAVE;同步和异步表示Master和Slave之间同步数据的机制;
brokerRole = ASYNC_MASTER
#刷盘策略,取值为:ASYNC_FLUSH,SYNC_FLUSH表示同步刷盘和异步刷盘;SYNC_FLUSH消息写入磁盘后才返回成功状态,ASYNC_FLUSH不需要;
flushDiskType = ASYNC_FLUSH
#设置broker节点所在服务器的ip地址(**这个非常重要,主从模式下,从节点会根据主节点的brokerIP2来同步数据,如果不配置,主从无法同步,brokerIP1设置为自己外网能访问的ip,服务器双网卡情况下必须配置,比如阿里云这种,主节点需要配置ip1和ip2,从节点只需要配置ip1即可)
brokerIP1 = XX.XX.XX.XX
#nameServer地址,分号分割
namesrvAddr=XX.XX.XX.XX:9876
#Broker 对外服务的监听端口,
#listenPort = 10911
#是否允许Broker自动创建Topic 上线为false 测试可开启
autoCreateTopicEnable = false
#是否允许 Broker 自动创建订阅组 上线为false 测试可开启
autoCreateSubscriptionGroup = false
#开启鉴权
aclEnable=true
编辑ACL权限配置文件plain_acl.yml
globalWhiteRemoteAddresses:
#- 10.10.103.*
#- 192.168.0.*
accounts:
- accessKey: thirdpart
secretKey: XXXXXX
whiteRemoteAddress:
admin: false
defaultTopicPerm: DENY
defaultGroupPerm: SUB
topicPerms:
- sysx_categoryorg=SUB
groupPerms:
# the group should convert to retry topic
- thirdPartGroup=SUB
- accessKey: mqadmin1
secretKey: XXXXXX
whiteRemoteAddress:
# if it is admin, it could access all resources
admin: true
配置参考官方文档acl配置
启动broker
docker run -d --restart=always --name rocketmq-broker-a --network rocketmq -p 10909:10909 -p 10911:10911 -v /home/rocketmq-4.9.7/broker/broker-a/logs:/home/rocketmq/logs -v /home/rocketmq-4.9.7/broker/broker-a/store:/home/rocketmq/store -v /home/rocketmq-4.9.7/broker/broker-a/conf:/home/rocketmq/rocketmq-4.9.7/conf -e "MAX_POSSIBLE_HEAP=200000000" apache/rocketmq:4.9.7 sh mqbroker -c /home/rocketmq/rocketmq-4.9.7/conf/broker.conf
挂载的logs和store目录注意设置777权限
部署dashboard
建立配置目录
/home/rocketmq-4.9.7/console/data
新建users.properties文件并写入账号密码
admin=123456,1
部署
docker run -d --restart=always --name rocketmq-console --network rocketmq -v /opt/model/rocketmq-4.9.7/console/data:/tmp/rocketmq-console/data -e "JAVA_OPTS=-Drocketmq.namesrv.addr=XX.XX.XX.XX:9876 -Dcom.rocketmq.sendMessageWithVIPChannel=false -Drocketmq.config.loginRequired=true -Drocketmq.config.accessKey=mqadmin1-Drocketmq.config.secretKey=XXXXXX" -p 8082:8080 apacherocketmq/rocketmq-dashboard:latest