[rabbitmq-discuss] Configuring SSL when connection is to a load balancer

Sean Whyte sw at swhyte.net
Tue Aug 13 05:44:45 BST 2013

I am new to RabbitMQ but have successfully configured a 2 node HA 
cluster and have that part working correctly.
There is a load balancer in front of the nodes that receives connections 
on port 80 and forwards them to the cluster on port 5672. That works.

Now I need to get it working through SSL. We have a company policy where 
all SSL certificates are installed on the load balancer and then the 
decrypted packets are forwarded wherever we want.

We have configured the load balancer to receive encrypted traffic on 
port 443 and forward the decrypted traffic to port 5672 on the rabbitmq 
cluster. Since the traffic will be unencrypted by the time rabbitmq 
receives it, I don't see any reason to configure SSL or use port 5671 on 
the mq server. I have validated this works by running a Tomcat instance 
in place of rabbitmq listening on port 5672, and I can view web pages.

Following the code samples for doing SSL 
(http://www.rabbitmq.com/ssl.html) , I have created test consumer:
         ConnectionFactory factory = new ConnectionFactory();
         catch(KeyManagementException | NoSuchAlgorithmException e)
             log.error("Unable to use SSL");

         Channel channel = null;
         Connection connection = null;
             connection = factory.newConnection();
         catch( IOException e )
             log.error( "Unable to establish MQ connection" );
             close Connection and Channel

When the code gets to 'factory.newConnection()', it always times out. 
With the same code, if I change the port to 80 (and remove the SSL 
specific stuff), it works fine. I have tried all the various 
useSslProtocol methods with their different parameters, but always the 
same timeout result. Not sure what I'm missing.

More information about the rabbitmq-discuss mailing list