[rabbitmq-discuss] TCP vs. SSL configuration

Tim Bain tbain at alumni.duke.edu
Thu Jun 27 14:52:49 BST 2013 

OK, leaving the value blank in a single-node single-machine broker makes
sense.

The documentation at
http://www.rabbitmq.com/clustering.html#single-machinesays that for a
clustered broker with multiple nodes on a single machine,
"You must ensure that for each invocation you set the environment variables
RABBITMQ_NODENAME and RABBITMQ_NODE_PORT to suitable values."  Should that
really say that RABBITMQ_NODENAME is required in all cases, and
RABBITMQ_NODE_PORT is required if TCP is enabled but not required if it's
not?


On Thu, Jun 27, 2013 at 9:49 AM, Simon MacMullen <simon at rabbitmq.com> wrote:

> Just leave RABBITMQ_NODE_PORT blank. The "real" setting is the one in the
> config file, the environment variables provide a way to override that, if
> they are set.
>
> If you want multiple brokers on one machine, each with SSL only, you'll
> need to set up one config file per broker, and then point to that using
> RABBITMQ_CONFIG_FILE (see http://www.rabbitmq.com/**relocate.html<http://www.rabbitmq.com/relocate.html>
> ).
>
> Cheers, Simon
>
>
> On 27/06/13 14:33, Tim Bain wrote:
>
>> So if TCP is disabled via the section you referenced in rabbitmq.config,
>> then what goes in the environment variable RABBITMQ_NODE_PORT?  Is that
>> value simply ignored if TCP is disabled (so you can set the environment
>> variable to anything, or just leave it unset)?  Do you set it to the SSL
>> port?  Something else?
>>
>> And if you have a set of N nodes in a cluster on a single machine, do
>> you still need to have a different value of RABBITMQ_NODE_PORT for each
>> instance?  (Do you just make it match the SSL port each node is using?)
>>
>> Thanks,
>> Tim
>>
>>
>> On Thu, Jun 27, 2013 at 5:31 AM, Simon MacMullen <simon at rabbitmq.com
>> <mailto:simon at rabbitmq.com>> wrote:
>>
>>     You can't disable the TCP listener via environment variables and
>>     hence rabbitmq-env.conf. But you can via the main configuration file
>>     - see tcp_listeners under
>>     http://www.rabbitmq.com/__**configure.html#config-items<http://www.rabbitmq.com/__configure.html#config-items>
>>
>>     <http://www.rabbitmq.com/**configure.html#config-items<http://www.rabbitmq.com/configure.html#config-items>>
>> - just set it
>>     to [].
>>
>>     Cheers, Simon
>>
>>     On 26/06/13 17:50, tbain98 at gmail.com <mailto:tbain98 at gmail.com>
>> wrote:
>>
>>         I'm new to RabbitMQ, and am a bit confused by some of the
>>         documentation
>>         surrounding TCP vs. SSL configuration.
>>
>>         I'm trying to set up a broker for which only authenticated
>> SSL-based
>>         connections will be allowed, so I do not want the TCP listener
>>         running.
>>         That seems easy to do for rabbitmq-env.conf, but the documentation
>>         <http://www.rabbitmq.com/__**configure.html<http://www.rabbitmq.com/__configure.html>
>>
>>         <http://www.rabbitmq.com/**configure.html<http://www.rabbitmq.com/configure.html>>>
>> seems to indicate that
>>         RABBITMQ_NODE_PORT is a required property (or at least, it seems
>>         to be
>>         required if you're setting up clustering on a single machine
>>         <http://www.rabbitmq.com/__**clustering.html#single-machine<http://www.rabbitmq.com/__clustering.html#single-machine>
>>         <http://www.rabbitmq.com/**clustering.html#single-machine<http://www.rabbitmq.com/clustering.html#single-machine>
>> **>__>,
>>
>>         which I'm not
>>         doing yet but want the option to do in the future) and that if
>>         it's not
>>         provided, a default will be used.
>>
>>         Is it possible to configure an SSL-only broker (just one node on a
>>         single machine), and if so, what if anything do you set
>>         RABBITMQ_NODE_PORT to?  (Just "RABBITMQ_NODE_PORT=" ?)  And
>>         (separate
>>         question) is it possible to configure a single-machine cluster
>> with
>>         multiple nodes, where each node is SSL-only, and again, what do
>>         you set
>>         RABBITMQ_NODE_PORT to for each node?
>>
>>         Thanks for the help...
>>         Tim
>>
>>
>>         ______________________________**___________________
>>         rabbitmq-discuss mailing list
>>         rabbitmq-discuss at lists.__rabbi**tmq.com <http://rabbitmq.com>
>>         <mailto:rabbitmq-discuss@**lists.rabbitmq.com<rabbitmq-discuss at lists.rabbitmq.com>
>> >
>>         https://lists.rabbitmq.com/__**cgi-bin/mailman/listinfo/__**
>> rabbitmq-discuss<https://lists.rabbitmq.com/__cgi-bin/mailman/listinfo/__rabbitmq-discuss>
>>
>>         <https://lists.rabbitmq.com/**cgi-bin/mailman/listinfo/**
>> rabbitmq-discuss<https://lists.rabbitmq.com/cgi-bin/mailman/listinfo/rabbitmq-discuss>
>> >
>>
>>
>>
>>     --
>>     Simon MacMullen
>>     RabbitMQ, Pivotal
>>
>>
>>
>
> --
> Simon MacMullen
> RabbitMQ, Pivotal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20130627/0eff2c4e/attachment.htm>

More information about the rabbitmq-discuss mailing list