[rabbitmq-discuss] Configuring SSL when connection is to a load balancer
Sean Whyte
sw at swhyte.net
Tue Aug 13 05:44:45 BST 2013
I am new to RabbitMQ but have successfully configured a 2 node HA
cluster and have that part working correctly.
There is a load balancer in front of the nodes that receives connections
on port 80 and forwards them to the cluster on port 5672. That works.
Now I need to get it working through SSL. We have a company policy where
all SSL certificates are installed on the load balancer and then the
decrypted packets are forwarded wherever we want.
We have configured the load balancer to receive encrypted traffic on
port 443 and forward the decrypted traffic to port 5672 on the rabbitmq
cluster. Since the traffic will be unencrypted by the time rabbitmq
receives it, I don't see any reason to configure SSL or use port 5671 on
the mq server. I have validated this works by running a Tomcat instance
in place of rabbitmq listening on port 5672, and I can view web pages.
Following the code samples for doing SSL
(http://www.rabbitmq.com/ssl.html) , I have created test consumer:
ConnectionFactory factory = new ConnectionFactory();
factory.setHost(host);
factory.setPort(443);
try
{
factory.useSslProtocol();
}
catch(KeyManagementException | NoSuchAlgorithmException e)
{
log.error("Unable to use SSL");
}
Channel channel = null;
Connection connection = null;
try
{
connection = factory.newConnection();
.
.
.
catch( IOException e )
{
log.error( "Unable to establish MQ connection" );
}
finally
{
close Connection and Channel
}
When the code gets to 'factory.newConnection()', it always times out.
With the same code, if I change the port to 80 (and remove the SSL
specific stuff), it works fine. I have tried all the various
useSslProtocol methods with their different parameters, but always the
same timeout result. Not sure what I'm missing.
More information about the rabbitmq-discuss
mailing list