[rabbitmq-discuss] TCP vs. SSL configuration

Simon MacMullen simon at rabbitmq.com
Fri Jun 28 11:02:36 BST 2013


Yes. Or it could be rephrased to mention the config file. Hmm.

Cheers, Simon

On 27/06/13 14:52, Tim Bain wrote:
> OK, leaving the value blank in a single-node single-machine broker makes
> sense.
>
> The documentation at
> http://www.rabbitmq.com/clustering.html#single-machine says that for a
> clustered broker with multiple nodes on a single machine, "You must
> ensure that for each invocation you set the environment variables
> RABBITMQ_NODENAME and RABBITMQ_NODE_PORT to suitable values."  Should
> that really say that RABBITMQ_NODENAME is required in all cases, and
> RABBITMQ_NODE_PORT is required if TCP is enabled but not required if
> it's not?
>
>
> On Thu, Jun 27, 2013 at 9:49 AM, Simon MacMullen <simon at rabbitmq.com
> <mailto:simon at rabbitmq.com>> wrote:
>
>     Just leave RABBITMQ_NODE_PORT blank. The "real" setting is the one
>     in the config file, the environment variables provide a way to
>     override that, if they are set.
>
>     If you want multiple brokers on one machine, each with SSL only,
>     you'll need to set up one config file per broker, and then point to
>     that using RABBITMQ_CONFIG_FILE (see
>     http://www.rabbitmq.com/__relocate.html
>     <http://www.rabbitmq.com/relocate.html>).
>
>     Cheers, Simon
>
>
>     On 27/06/13 14:33, Tim Bain wrote:
>
>         So if TCP is disabled via the section you referenced in
>         rabbitmq.config,
>         then what goes in the environment variable RABBITMQ_NODE_PORT?
>           Is that
>         value simply ignored if TCP is disabled (so you can set the
>         environment
>         variable to anything, or just leave it unset)?  Do you set it to
>         the SSL
>         port?  Something else?
>
>         And if you have a set of N nodes in a cluster on a single
>         machine, do
>         you still need to have a different value of RABBITMQ_NODE_PORT
>         for each
>         instance?  (Do you just make it match the SSL port each node is
>         using?)
>
>         Thanks,
>         Tim
>
>
>         On Thu, Jun 27, 2013 at 5:31 AM, Simon MacMullen
>         <simon at rabbitmq.com <mailto:simon at rabbitmq.com>
>         <mailto:simon at rabbitmq.com <mailto:simon at rabbitmq.com>>> wrote:
>
>              You can't disable the TCP listener via environment
>         variables and
>              hence rabbitmq-env.conf. But you can via the main
>         configuration file
>              - see tcp_listeners under
>         http://www.rabbitmq.com/____configure.html#config-items
>         <http://www.rabbitmq.com/__configure.html#config-items>
>
>              <http://www.rabbitmq.com/__configure.html#config-items
>         <http://www.rabbitmq.com/configure.html#config-items>> - just set it
>              to [].
>
>              Cheers, Simon
>
>              On 26/06/13 17:50, tbain98 at gmail.com
>         <mailto:tbain98 at gmail.com> <mailto:tbain98 at gmail.com
>         <mailto:tbain98 at gmail.com>> wrote:
>
>                  I'm new to RabbitMQ, and am a bit confused by some of the
>                  documentation
>                  surrounding TCP vs. SSL configuration.
>
>                  I'm trying to set up a broker for which only
>         authenticated SSL-based
>                  connections will be allowed, so I do not want the TCP
>         listener
>                  running.
>                  That seems easy to do for rabbitmq-env.conf, but the
>         documentation
>                  <http://www.rabbitmq.com/____configure.html
>         <http://www.rabbitmq.com/__configure.html>
>
>                  <http://www.rabbitmq.com/__configure.html
>         <http://www.rabbitmq.com/configure.html>>> seems to indicate that
>                  RABBITMQ_NODE_PORT is a required property (or at least,
>         it seems
>                  to be
>                  required if you're setting up clustering on a single
>         machine
>
>         <http://www.rabbitmq.com/____clustering.html#single-machine
>         <http://www.rabbitmq.com/__clustering.html#single-machine>
>
>         <http://www.rabbitmq.com/__clustering.html#single-machine
>         <http://www.rabbitmq.com/clustering.html#single-machine>__>__>,
>
>                  which I'm not
>                  doing yet but want the option to do in the future) and
>         that if
>                  it's not
>                  provided, a default will be used.
>
>                  Is it possible to configure an SSL-only broker (just
>         one node on a
>                  single machine), and if so, what if anything do you set
>                  RABBITMQ_NODE_PORT to?  (Just "RABBITMQ_NODE_PORT=" ?)  And
>                  (separate
>                  question) is it possible to configure a single-machine
>         cluster with
>                  multiple nodes, where each node is SSL-only, and again,
>         what do
>                  you set
>                  RABBITMQ_NODE_PORT to for each node?
>
>                  Thanks for the help...
>                  Tim
>
>
>                  ___________________________________________________
>                  rabbitmq-discuss mailing list
>                  rabbitmq-discuss at lists.__rabbi__tmq.com
>         <http://rabbitmq.com>
>                  <mailto:rabbitmq-discuss at __lists.rabbitmq.com
>         <mailto:rabbitmq-discuss at lists.rabbitmq.com>>
>         https://lists.rabbitmq.com/____cgi-bin/mailman/listinfo/____rabbitmq-discuss
>         <https://lists.rabbitmq.com/__cgi-bin/mailman/listinfo/__rabbitmq-discuss>
>
>
>         <https://lists.rabbitmq.com/__cgi-bin/mailman/listinfo/__rabbitmq-discuss
>         <https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss>>
>
>
>
>              --
>              Simon MacMullen
>              RabbitMQ, Pivotal
>
>
>
>
>     --
>     Simon MacMullen
>     RabbitMQ, Pivotal
>
>


-- 
Simon MacMullen
RabbitMQ, Pivotal


More information about the rabbitmq-discuss mailing list