[rabbitmq-discuss] New RabbitMQ 3.3.0 Web_stomp SSL problems

brad at debtpaypro.com brad at debtpaypro.com
Wed Apr 30 23:06:39 BST 2014 

The config I posted was from when I was testing some things and is not 
correct.  The ssl port should be 15675.

On Wednesday, April 30, 2014 5:04:56 PM UTC-5, br... at debtpaypro.com wrote:
>
> I'm having a similar, or possibly the same, problem.  My config is 
> basically the same as yours.  I'm running version 3.3.1.  When starting up, 
> a message is logged that says "rabbit_web_stomp: listening for HTTPS 
> connections on 0.0.0.0:15675", but netstat shows that nothing is 
> listening on port 15675 and connections to my server on port 15675 fail.  
> There aren't any other interesting log messages in any of the rabbit log 
> files.  I have tried changing the port several time but the same message is 
> logged and nothing listens on the new port.  I know the certificates are 
> good since we're using the on our live sites.  If I change the config to 
> point to files that do not exist for the certificates, the same thing 
> happens.
>
> rabbitmq.config:
>
> [
>   {rabbit, [
>     {auth_backends, [rabbit_auth_backend_internal]},
>     {log_levels, [
>       {connection, info},
>       {mirroring, info}
>     ]},
>     {heartbeat, 10},
>     {collect_statistics_interval, 1000},
>     {delegate_count, 32},
>     {cluster_partition_handling, pause_minority}
>   ]},
>   {rabbitmq_management, [
>     {sample_retention_policies, [
>       {global, [{3600, 5}, {86400, 60}, {604800, 600}]},
>       {basic, [{60, 5}, {3600, 60}]},
>       {detailed, [{30, 1}]}
>     ]},
>     {http_log_dir, "/tmp/rabbit-mgmt"}
>   ]},
>   {kernel, [
>     {net_ticktime, 5}
>   ]},
>   {rabbitmq_web_stomp, [
>     {ssl_config, [
>       {port,       15674},
>       {backlog,    1024},
>       {certfile,   "/etc/pki/tls/certs/dpp.crt"},
>       {keyfile,    "/etc/pki/tls/private/dpp.key"}
>     ]}
>   ]}
> ].
>
>
> status:
>
>  {running_applications,
>      [{rabbitmq_web_stomp,"Rabbit WEB-STOMP - WebSockets to Stomp adapter",
>           "3.3.1"},
>       {ssl,"Erlang/OTP SSL application","4.1.6"},
>       {public_key,"Public key infrastructure","0.13"},
>       {crypto,"CRYPTO version 2","2.0.4"},
>       {rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","3.3.1"},
>       {rabbitmq_management_visualiser,"RabbitMQ Visualiser","3.3.1"},
>       {rabbitmq_management,"RabbitMQ Management Console","3.3.1"},
>       {rabbitmq_management_agent,"RabbitMQ Management Agent","3.3.1"},
>       {rabbitmq_amqp1_0,"AMQP 1.0 support for RabbitMQ","3.3.1"},
>       {rabbit,"RabbitMQ","3.3.1"},
>       {os_mon,"CPO  CXC 138 46","2.2.7"},
>       {rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.3.1"},
>       {webmachine,"webmachine","1.10.3-rmq3.3.1-gite9359c7"},
>       {mochiweb,"MochiMedia Web Server","2.7.0-rmq3.3.1-git680dba8"},
>       {xmerl,"XML parser","1.2.10"},
>       {cowboy,"Small, fast, modular HTTP 
> server.","0.5.0-rmq3.3.1-git4b93c2d"},
>       {sockjs,"SockJS","0.3.4-rmq3.3.1-git3132eb9"},
>       {inets,"INETS  CXC 138 49","5.7.1"},
>       {mnesia,"MNESIA  CXC 138 12","4.5"},
>       {amqp_client,"RabbitMQ AMQP Client","3.3.1"},
>       {sasl,"SASL  CXC 138 11","2.1.10"},
>       {stdlib,"ERTS  CXC 138 10","1.17.5"},
>       {kernel,"ERTS  CXC 138 10","2.14.5"}]},
>  {os,{unix,linux}},
>  {erlang_version, 
>      "Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:24:24] [rq:24] 
> [async-threads:30] [kernel-poll:true]\n"},
>
>
> On Friday, April 25, 2014 4:34:22 PM UTC-5, Sebastien Dubois wrote:
>>
>>
>> Hi all,
>>
>>   Up to recently we've been using RabbitMQ 3.2.3/Erlang R15B01 with the 
>> web_Stomp plugin over SSL.  Since this was not supported, we had to rebuilt 
>> the web_stomp plugin using a patched branch as described at 
>> https://gist.github.com/berico-rclayton/5475365 (also see 
>> https://github.com/rabbitmq/rabbitmq-web-stomp/pull/3).  This has been 
>> working fine for months.
>>
>>   We recently realized that the fix for SSL support in web_stomp was 
>> systemized in RabbitMQ 3.3.0/Erlang R16B03.  So we installed it and updated 
>> our configuration.  However, using the exact same setup and self-signed 
>> keys/certificates, we cannot get the new version to work properly while 
>> using SSL over stomp.  Connecting to https://<rabbit server IP>:15678/stomp 
>> just fails, although from the log web_stomp seems to be listening correctly 
>> on port 15678.  We tried to regenerate a new set of keys, but it did not do 
>> anything.
>>
>> Our old rabbitMQ config (patched 3.2.3 web_stomp) was:
>>
>>   {rabbitmq_web_stomp, [
>>
>>         {ssl_enabled, true},
>>
>>         {https_port, 15678},
>>
>>         {ssl_key_file, "/usr/local/ssl/private/server.key"},
>>
>>         {ssl_key_password, "password"},
>>
>>         {ssl_ca_certificate_file, "/usr/local/ssl/crt/public.crt"},
>>
>>         {ssl_certificate_file, "/usr/local/ssl/crt/public.crt"}
>>
>>    ] },
>>
>>
>> And the corresponding new config on RabbitMQ 3.3.0 is
>>
>>   {rabbitmq_web_stomp,
>>
>>       [{ssl_config, [{port,       15678},
>>
>>                      {backlog,    1024},
>>
>>                      {certfile,   "/usr/local/ssl/crt/public.crt"},
>>
>>                      {keyfile,    "/usr/local/ssl/private/server.key"},
>>
>>                      {cacertfile, "/usr/local/ssl/crt/public.crt"},
>>
>> {password, "password"}
>>
>>       ]}
>>
>>   ]},
>>
>> Is our config ok?  does anybody experienced similar problems or have any 
>> idea what we could be doing wrong?
>>
>>
>> Thanks in advance,
>>
>> /Sebas
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140430/ef50d21e/attachment-0001.html>

More information about the rabbitmq-discuss mailing list