[rabbitmq-discuss] New RabbitMQ 3.3.0 Web_stomp SSL problems

brad at debtpaypro.com brad at debtpaypro.com
Wed Apr 30 23:04:56 BST 2014 

I'm having a similar, or possibly the same, problem.  My config is 
basically the same as yours.  I'm running version 3.3.1.  When starting up, 
a message is logged that says "rabbit_web_stomp: listening for HTTPS 
connections on 0.0.0.0:15675", but netstat shows that nothing is listening 
on port 15675 and connections to my server on port 15675 fail.  There 
aren't any other interesting log messages in any of the rabbit log files.  
I have tried changing the port several time but the same message is logged 
and nothing listens on the new port.  I know the certificates are good 
since we're using the on our live sites.  If I change the config to point 
to files that do not exist for the certificates, the same thing happens.

rabbitmq.config:

[
  {rabbit, [
    {auth_backends, [rabbit_auth_backend_internal]},
    {log_levels, [
      {connection, info},
      {mirroring, info}
    ]},
    {heartbeat, 10},
    {collect_statistics_interval, 1000},
    {delegate_count, 32},
    {cluster_partition_handling, pause_minority}
  ]},
  {rabbitmq_management, [
    {sample_retention_policies, [
      {global, [{3600, 5}, {86400, 60}, {604800, 600}]},
      {basic, [{60, 5}, {3600, 60}]},
      {detailed, [{30, 1}]}
    ]},
    {http_log_dir, "/tmp/rabbit-mgmt"}
  ]},
  {kernel, [
    {net_ticktime, 5}
  ]},
  {rabbitmq_web_stomp, [
    {ssl_config, [
      {port,       15674},
      {backlog,    1024},
      {certfile,   "/etc/pki/tls/certs/dpp.crt"},
      {keyfile,    "/etc/pki/tls/private/dpp.key"}
    ]}
  ]}
].


status:

 {running_applications,
     [{rabbitmq_web_stomp,"Rabbit WEB-STOMP - WebSockets to Stomp adapter",
          "3.3.1"},
      {ssl,"Erlang/OTP SSL application","4.1.6"},
      {public_key,"Public key infrastructure","0.13"},
      {crypto,"CRYPTO version 2","2.0.4"},
      {rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","3.3.1"},
      {rabbitmq_management_visualiser,"RabbitMQ Visualiser","3.3.1"},
      {rabbitmq_management,"RabbitMQ Management Console","3.3.1"},
      {rabbitmq_management_agent,"RabbitMQ Management Agent","3.3.1"},
      {rabbitmq_amqp1_0,"AMQP 1.0 support for RabbitMQ","3.3.1"},
      {rabbit,"RabbitMQ","3.3.1"},
      {os_mon,"CPO  CXC 138 46","2.2.7"},
      {rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.3.1"},
      {webmachine,"webmachine","1.10.3-rmq3.3.1-gite9359c7"},
      {mochiweb,"MochiMedia Web Server","2.7.0-rmq3.3.1-git680dba8"},
      {xmerl,"XML parser","1.2.10"},
      {cowboy,"Small, fast, modular HTTP 
server.","0.5.0-rmq3.3.1-git4b93c2d"},
      {sockjs,"SockJS","0.3.4-rmq3.3.1-git3132eb9"},
      {inets,"INETS  CXC 138 49","5.7.1"},
      {mnesia,"MNESIA  CXC 138 12","4.5"},
      {amqp_client,"RabbitMQ AMQP Client","3.3.1"},
      {sasl,"SASL  CXC 138 11","2.1.10"},
      {stdlib,"ERTS  CXC 138 10","1.17.5"},
      {kernel,"ERTS  CXC 138 10","2.14.5"}]},
 {os,{unix,linux}},
 {erlang_version, 
     "Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:24:24] [rq:24] 
[async-threads:30] [kernel-poll:true]\n"},


On Friday, April 25, 2014 4:34:22 PM UTC-5, Sebastien Dubois wrote:
>
>
> Hi all,
>
>   Up to recently we've been using RabbitMQ 3.2.3/Erlang R15B01 with the 
> web_Stomp plugin over SSL.  Since this was not supported, we had to rebuilt 
> the web_stomp plugin using a patched branch as described at 
> https://gist.github.com/berico-rclayton/5475365 (also see 
> https://github.com/rabbitmq/rabbitmq-web-stomp/pull/3).  This has been 
> working fine for months.
>
>   We recently realized that the fix for SSL support in web_stomp was 
> systemized in RabbitMQ 3.3.0/Erlang R16B03.  So we installed it and updated 
> our configuration.  However, using the exact same setup and self-signed 
> keys/certificates, we cannot get the new version to work properly while 
> using SSL over stomp.  Connecting to https://<rabbit server IP>:15678/stomp 
> just fails, although from the log web_stomp seems to be listening correctly 
> on port 15678.  We tried to regenerate a new set of keys, but it did not do 
> anything.
>
> Our old rabbitMQ config (patched 3.2.3 web_stomp) was:
>
>   {rabbitmq_web_stomp, [
>
>         {ssl_enabled, true},
>
>         {https_port, 15678},
>
>         {ssl_key_file, "/usr/local/ssl/private/server.key"},
>
>         {ssl_key_password, "password"},
>
>         {ssl_ca_certificate_file, "/usr/local/ssl/crt/public.crt"},
>
>         {ssl_certificate_file, "/usr/local/ssl/crt/public.crt"}
>
>    ] },
>
>
> And the corresponding new config on RabbitMQ 3.3.0 is
>
>   {rabbitmq_web_stomp,
>
>       [{ssl_config, [{port,       15678},
>
>                      {backlog,    1024},
>
>                      {certfile,   "/usr/local/ssl/crt/public.crt"},
>
>                      {keyfile,    "/usr/local/ssl/private/server.key"},
>
>                      {cacertfile, "/usr/local/ssl/crt/public.crt"},
>
> {password, "password"}
>
>       ]}
>
>   ]},
>
> Is our config ok?  does anybody experienced similar problems or have any 
> idea what we could be doing wrong?
>
>
> Thanks in advance,
>
> /Sebas
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140430/bfc20bd6/attachment-0001.html>

More information about the rabbitmq-discuss mailing list