[rabbitmq-discuss] New RabbitMQ 3.3.0 Web_stomp SSL problems
brad at debtpaypro.com
brad at debtpaypro.com
Wed Apr 30 23:06:39 BST 2014
The config I posted was from when I was testing some things and is not
correct. The ssl port should be 15675.
On Wednesday, April 30, 2014 5:04:56 PM UTC-5, br... at debtpaypro.com wrote:
>
> I'm having a similar, or possibly the same, problem. My config is
> basically the same as yours. I'm running version 3.3.1. When starting up,
> a message is logged that says "rabbit_web_stomp: listening for HTTPS
> connections on 0.0.0.0:15675", but netstat shows that nothing is
> listening on port 15675 and connections to my server on port 15675 fail.
> There aren't any other interesting log messages in any of the rabbit log
> files. I have tried changing the port several time but the same message is
> logged and nothing listens on the new port. I know the certificates are
> good since we're using the on our live sites. If I change the config to
> point to files that do not exist for the certificates, the same thing
> happens.
>
> rabbitmq.config:
>
> [
> {rabbit, [
> {auth_backends, [rabbit_auth_backend_internal]},
> {log_levels, [
> {connection, info},
> {mirroring, info}
> ]},
> {heartbeat, 10},
> {collect_statistics_interval, 1000},
> {delegate_count, 32},
> {cluster_partition_handling, pause_minority}
> ]},
> {rabbitmq_management, [
> {sample_retention_policies, [
> {global, [{3600, 5}, {86400, 60}, {604800, 600}]},
> {basic, [{60, 5}, {3600, 60}]},
> {detailed, [{30, 1}]}
> ]},
> {http_log_dir, "/tmp/rabbit-mgmt"}
> ]},
> {kernel, [
> {net_ticktime, 5}
> ]},
> {rabbitmq_web_stomp, [
> {ssl_config, [
> {port, 15674},
> {backlog, 1024},
> {certfile, "/etc/pki/tls/certs/dpp.crt"},
> {keyfile, "/etc/pki/tls/private/dpp.key"}
> ]}
> ]}
> ].
>
>
> status:
>
> {running_applications,
> [{rabbitmq_web_stomp,"Rabbit WEB-STOMP - WebSockets to Stomp adapter",
> "3.3.1"},
> {ssl,"Erlang/OTP SSL application","4.1.6"},
> {public_key,"Public key infrastructure","0.13"},
> {crypto,"CRYPTO version 2","2.0.4"},
> {rabbitmq_stomp,"Embedded Rabbit Stomp Adapter","3.3.1"},
> {rabbitmq_management_visualiser,"RabbitMQ Visualiser","3.3.1"},
> {rabbitmq_management,"RabbitMQ Management Console","3.3.1"},
> {rabbitmq_management_agent,"RabbitMQ Management Agent","3.3.1"},
> {rabbitmq_amqp1_0,"AMQP 1.0 support for RabbitMQ","3.3.1"},
> {rabbit,"RabbitMQ","3.3.1"},
> {os_mon,"CPO CXC 138 46","2.2.7"},
> {rabbitmq_web_dispatch,"RabbitMQ Web Dispatcher","3.3.1"},
> {webmachine,"webmachine","1.10.3-rmq3.3.1-gite9359c7"},
> {mochiweb,"MochiMedia Web Server","2.7.0-rmq3.3.1-git680dba8"},
> {xmerl,"XML parser","1.2.10"},
> {cowboy,"Small, fast, modular HTTP
> server.","0.5.0-rmq3.3.1-git4b93c2d"},
> {sockjs,"SockJS","0.3.4-rmq3.3.1-git3132eb9"},
> {inets,"INETS CXC 138 49","5.7.1"},
> {mnesia,"MNESIA CXC 138 12","4.5"},
> {amqp_client,"RabbitMQ AMQP Client","3.3.1"},
> {sasl,"SASL CXC 138 11","2.1.10"},
> {stdlib,"ERTS CXC 138 10","1.17.5"},
> {kernel,"ERTS CXC 138 10","2.14.5"}]},
> {os,{unix,linux}},
> {erlang_version,
> "Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:24:24] [rq:24]
> [async-threads:30] [kernel-poll:true]\n"},
>
>
> On Friday, April 25, 2014 4:34:22 PM UTC-5, Sebastien Dubois wrote:
>>
>>
>> Hi all,
>>
>> Up to recently we've been using RabbitMQ 3.2.3/Erlang R15B01 with the
>> web_Stomp plugin over SSL. Since this was not supported, we had to rebuilt
>> the web_stomp plugin using a patched branch as described at
>> https://gist.github.com/berico-rclayton/5475365 (also see
>> https://github.com/rabbitmq/rabbitmq-web-stomp/pull/3). This has been
>> working fine for months.
>>
>> We recently realized that the fix for SSL support in web_stomp was
>> systemized in RabbitMQ 3.3.0/Erlang R16B03. So we installed it and updated
>> our configuration. However, using the exact same setup and self-signed
>> keys/certificates, we cannot get the new version to work properly while
>> using SSL over stomp. Connecting to https://<rabbit server IP>:15678/stomp
>> just fails, although from the log web_stomp seems to be listening correctly
>> on port 15678. We tried to regenerate a new set of keys, but it did not do
>> anything.
>>
>> Our old rabbitMQ config (patched 3.2.3 web_stomp) was:
>>
>> {rabbitmq_web_stomp, [
>>
>> {ssl_enabled, true},
>>
>> {https_port, 15678},
>>
>> {ssl_key_file, "/usr/local/ssl/private/server.key"},
>>
>> {ssl_key_password, "password"},
>>
>> {ssl_ca_certificate_file, "/usr/local/ssl/crt/public.crt"},
>>
>> {ssl_certificate_file, "/usr/local/ssl/crt/public.crt"}
>>
>> ] },
>>
>>
>> And the corresponding new config on RabbitMQ 3.3.0 is
>>
>> {rabbitmq_web_stomp,
>>
>> [{ssl_config, [{port, 15678},
>>
>> {backlog, 1024},
>>
>> {certfile, "/usr/local/ssl/crt/public.crt"},
>>
>> {keyfile, "/usr/local/ssl/private/server.key"},
>>
>> {cacertfile, "/usr/local/ssl/crt/public.crt"},
>>
>> {password, "password"}
>>
>> ]}
>>
>> ]},
>>
>> Is our config ok? does anybody experienced similar problems or have any
>> idea what we could be doing wrong?
>>
>>
>> Thanks in advance,
>>
>> /Sebas
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/attachments/20140430/ef50d21e/attachment-0001.html>
More information about the rabbitmq-discuss
mailing list