搜索镜像
docker search rabbitmq
拉取镜像,直接拉取最新的,也可以选择版本号拉取
docker pull rabbitmqdocker pull rabbitmq:3.9.11启动容器 其中 -p 容器外部端口:容器内部端口 15672为管理面端口 5672为mq消息服务端口
docker run -d --name rabbitmq -p 18072:15672 -p 8072:5672 rabbitmq记得给服务器开放18072和8072端口
查看运行中的容器
docker ps进入容器内部
docker exec -it fe09b31d8000 /bin/bash安装mq管理面
rabbitmq-plugins enable rabbitmq_management
此时已经可以浏览器访问 ip:18072 进入管理系统了。默认用户名密码 guest guest
修改密码
列出用户
rabbitmqctl list_users
修改密码
rabbitmqctl change_password guest '你的密码'
重新登录管理系统,使用新密码登录即可。
-------------------------------------------------------------------如果要配置SSL--------------------------------------------------------------------
生成证书
$ git clone https://github.com/Berico-Technologies/CMF-AMQP-Configuration.git
$ cd CMF-AMQP-Configuration/ssl/
# Greyfoss 为自定义的证书签发机构名称,该脚本会生成一个ca目录,存储证书颁发机构的信息以及签发的证书
$ sh setup_ca.sh Greyfoss
# 生成服务端公钥和私钥 rabbit-server为生成的密钥前缀 123456为该秘钥自定义的密码
$ sh make_server_cert.sh rabbit-server 123456
# 生成客户端公钥和私钥
$ sh create_client_cert.sh rabbit-client 123456
生成Java客户端需要的证书
使用java的keytool工具生成客户端需要的证书。
keytool -import -alias rabbit-server -file server/rabbit-server.cert.pem -keystore server.keystore -storepass 123456
输入 y 回车
- import 将已签名数字证书导入密钥库
- alias 指定导入条目的别名
- file 指定要导入的证书
- keystore 指定密钥库的名称
- storepass 指定生成密钥库的密码
运行该命令会生成密钥库文件server.keystore。
安装Rabbitmq配置SSL
(上面已经安装过了)
在宿主机上创建以下文件夹:
mkdir -p ~/rabbitmq/etc/rabbitmq/ssl拷贝容器中的文件到宿主机 ~/rabbitmq/etc/rabbitmq/目录下:
docker cp rabbitmq:/etc/rabbitmq/conf.d ~/rabbitmq/etc/rabbitmq/docker cp rabbitmq:/etc/rabbitmq/enabled_plugins ~/rabbitmq/etc/rabbitmq/docker cp rabbitmq:/etc/rabbitmq/rabbitmq.conf ~/rabbitmq/etc/rabbitmq/没有这个文件,报错,先不管,下面会创建
拷贝需要的证书到 ~/rabbitmq/etc/rabbitmq/ssl下
cp server/rabbit-server.cert.pem ~/rabbitmq/etc/rabbitmq/ssl/cp server/rabbit-server.key.pem ~/rabbitmq/etc/rabbitmq/ssl/cp ca/cacert.pem ~/rabbitmq/etc/rabbitmq/ssl/ 创建 ~/rabbitmq/etc/rabbitmq/rabbitmq.conf文件
touch ~/rabbitmq/etc/rabbitmq/rabbitmq.conf文件内容:(注意 listeners.ssl.default = 5671)
# 禁用非tls连接
listeners.tcp = none
# SSL\TLS通信的端口
listeners.ssl.default = 5671
# 管理控制台端口
management.tcp.port = 15672
# 服务端私钥和证书文件配置
ssl_options.cacertfile = /etc/rabbitmq/ssl/cacert.pem
ssl_options.certfile = /etc/rabbitmq/ssl/rabbit-server.cert.pem
ssl_options.keyfile = /etc/rabbitmq/ssl/rabbit-server.key.pem
# 有verify_none和verify_peer两个选项,verify_none表示完全忽略验证证书的结果,verify_peer表示要求验证对方证书
ssl_options.verify = verify_peer
# 若为true,服务端会向客户端索要证书,若客户端无证书则中止SSL握手;若为false,则客户端没有证书时依然可完成SSL握手
ssl_options.fail_if_no_peer_cert = true
# 指定开启的tls版本
ssl_options.versions.1=tlsv1.2
ssl_options.versions.2=tlsv1.1
# 指定对应的cipher suites
ssl_options.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384
ssl_options.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384
ssl_options.ciphers.3 = ECDHE-ECDSA-AES256-SHA384
ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384
ssl_options.ciphers.5 = ECDHE-ECDSA-DES-CBC3-SHA
ssl_options.ciphers.6 = ECDH-ECDSA-AES256-GCM-SHA384
ssl_options.ciphers.7 = ECDH-RSA-AES256-GCM-SHA384
ssl_options.ciphers.8 = ECDH-ECDSA-AES256-SHA384
ssl_options.ciphers.9 = ECDH-RSA-AES256-SHA384
ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384
ssl_options.ciphers.11= DHE-DSS-AES256-SHA256
ssl_options.ciphers.12 = AES256-GCM-SHA384
ssl_options.ciphers.13 = AES256-SHA256
ssl_options.ciphers.14 = ECDHE-ECDSA-AES128-GCM-SHA256
ssl_options.ciphers.15 = ECDHE-RSA-AES128-GCM-SHA256
ssl_options.ciphers.16 = ECDHE-ECDSA-AES128-SHA256
ssl_options.ciphers.17 = ECDHE-RSA-AES128-SHA256
ssl_options.ciphers.18 = ECDH-ECDSA-AES128-GCM-SHA256
ssl_options.ciphers.19= ECDH-RSA-AES128-GCM-SHA256
ssl_options.ciphers.20 = ECDH-ECDSA-AES128-SHA256
ssl_options.ciphers.21 = ECDH-RSA-AES128-SHA256
ssl_options.ciphers.22 = DHE-DSS-AES128-GCM-SHA256
ssl_options.ciphers.23 = DHE-DSS-AES128-SHA256
ssl_options.ciphers.24 = AES128-GCM-SHA256
ssl_options.ciphers.25 = AES128-SHA256
ssl_options.ciphers.26 = ECDHE-ECDSA-AES256-SHA
ssl_options.ciphers.27 = ECDHE-RSA-AES256-SHA
ssl_options.ciphers.28 = DHE-DSS-AES256-SHA
ssl_options.ciphers.29 = ECDH-ECDSA-AES256-SHA
ssl_options.ciphers.30 = ECDH-RSA-AES256-SHA
ssl_options.ciphers.31= AES256-SHA
ssl_options.ciphers.32 = ECDHE-ECDSA-AES128-SHA
ssl_options.ciphers.33 = ECDHE-RSA-AES128-SHA
ssl_options.ciphers.34 = DHE-DSS-AES128-SHA
ssl_options.ciphers.35 = DHE-DSS-AES128-SHA256
ssl_options.ciphers.36 = ECDH-ECDSA-AES128-SHA
ssl_options.ciphers.37 = ECDH-RSA-AES128-SHA
ssl_options.ciphers.38 = AES128-SHA删除正在运行的rabbitmq:
docker rm -f rabbitmq使用下面命令重新创建rabbitmq容器
docker run -d --name rabbitmq -p 15672:15672 -p 5671:5671 -v /root/rabbitmq/etc/rabbitmq/:/etc/rabbitmq/ rabbitmqdocker logs -f rabbitmq 看到日志内以下内容说明配置成功。
2021-07-09 02:47:14.453 [info] <0.882.0> started TLS (SSL) listener on [::]:5671
{removed_failing_handler,rabbit_log}
2021-07-09 02:47:17.092 [info] <0.736.0> Server startup complete; 4 plugins started.
* rabbitmq_prometheus
* rabbitmq_management
* rabbitmq_web_dispatch
* rabbitmq_management_agent
completed with 4 plugins.
2021-07-09 02:47:17.093 [info] <0.736.0> Resetting node maintenance status
默认的guest用户不能远程访问,因此需要创建一个可以远程访问的用户。
# 进入容器内部
docker exec -it rabbitmq bash# 创建一个用户名为rabbit,密码为rabbit的用户
rabbitmqctl add_user rabbit rabbit# 设置用户权限为超级管理员
rabbitmqctl set_user_tags rabbit administrator# 授权远程访问
rabbitmqctl set_permissions -p / rabbit "." "." ".*"# 退出容器
exit# 重启rabbitmq
docker restart rabbitmq
通过刚才创建的用户rabbit访问管理员页面http://ip:15672
SpringBoot集成RabbitMQ SSL
首先在配置文件中添加以下配置,比如在application-dev.yaml中添加:
spring:
rabbitmq:
virtual-host: /
host: 127.0.0.1
port: 5671
username: ${RABBIT_USERNAME}
password: ${RABBIT_PASSWORD}
ssl:
enabled: true
key-store: classpath:keyStore/rabbit-client.keycert.p12
key-store-password: ${KEYSTORE_PASSWORD} # 刚才上面配置的密码 123456
trust-store: classpath:keyStore/server.keystore
trust-store-password: ${TRUSTSTORE_PASSWORD} # 刚才上面配置的密码 123456
algorithm: TLSv1.2
verify-hostname: false导入依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-amqp</artifactId>
</dependency>
org.springframework.boot.autoconfigure.amqp.RabbitAutoConfiguration类就会自动配置。
扫一扫
2297
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
