官网:https://www.rabbitmq.com/docs/management#multiple-listeners
生成证书
openssl req -newkey rsa:2048 -nodes -keyout rsa_private.key -x509 -days 365 -out cert.crt //一次性生成私钥和证书2.使用 已有RSA 私钥生成自签名证书openssl req -new -x509 -days 365 -key rsa_private.key -out cert.crtmv server.key serverbak.keyopenssl rsa -in serverbak.key -out server.key //去除密码rm -rf serverbak.key3.生成自己网站的密钥server.keyopenssl genrsa -aes256 -passout pass:111111 -out server.key 20484.使用 RSA私钥生成 CSR 签名请求openssl req -new -key server.key -out server.csr5.使用 CA 证书及CA密钥 对请求签发证书进行签发,生成 x509证书 openssl x509 -req -days 3650 -in server.csr -CA cert.crt -CAkey rsa_private.key -set_serial 01 -out server.crt6.验证证书内容 openssl x509 -in server.crt -noout -text
配置
%% -*- mode: erlang -*- %% ---------------------------------------------------------------------------- %% RabbitMQ Sample Configuration File. %% %% Related doc guide: https://www.rabbitmq.com/configure.html. See %% https://rabbitmq.com/documentation.html for documentation ToC. %% ---------------------------------------------------------------------------- [{rabbit,[%%%% Networking%% ====================%%%% Related doc guide: https://www.rabbitmq.com/networking.html.%% By default, RabbitMQ will listen on all interfaces, using%% the standard (reserved) AMQP port.%%%% {tcp_listeners, [5672]},%% To listen on a specific interface, provide a tuple of {IpAddress, Port}.%% For example, to listen only on localhost for both IPv4 and IPv6:%%%% {tcp_listeners, [{"127.0.0.1", 5672},%% {"::1", 5672}]},%% TLS listeners are configured in the same fashion as TCP listeners,%% including the option to control the choice of interface.%%{ssl_listeners, [5671]},{ssl_options, [{cacertfile,"/opt/ssl/cert.crt"},{certfile,"/opt/ssl/server.crt"},{keyfile,"/opt/ssl/server.key"},{verify, verify_peer},{versions, ['tlsv1.2', 'tlsv1.1']}]}%% Number of Erlang processes that will accept connections for the TCP%% and TLS listeners.%%%% {num_tcp_acceptors, 10},%% {num_ssl_acceptors, 1},%% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection%% and TLS handshake), in milliseconds.%%%% {handshake_timeout, 10000},%% Set to 'true' to perform reverse DNS lookups when accepting a%% connection. Hostnames will then be shown instead of IP addresses%% in rabbitmqctl and the management plugin.%%%% {reverse_dns_lookups, false},%%%% Security, Access Control%% ========================%%%% Related doc guide: https://www.rabbitmq.com/access-control.html.%% The default "guest" user is only permitted to access the server%% via a loopback interface (e.g. localhost).%% {loopback_users, [<<"guest">>]},%%%% Uncomment the following line if you want to allow access to the%% guest user from anywhere on the network.%%{loopback_users, []}%% TLS configuration.%%%% Related doc guide: https://www.rabbitmq.com/ssl.html.%%%% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"},%% {certfile, "/path/to/server/cert.pem"},%% {keyfile, "/path/to/server/key.pem"},%% {verify, verify_peer},%% {fail_if_no_peer_cert, false}]},%% Choose the available SASL mechanism(s) to expose.%% The two default (built in) mechanisms are 'PLAIN' and%% 'AMQPLAIN'. Additional mechanisms can be added via%% plugins.%%%% Related doc guide: https://www.rabbitmq.com/authentication.html.%%%% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']},%% Select an authentication database to use. RabbitMQ comes bundled%% with a built-in auth-database, based on mnesia.%%%% {auth_backends, [rabbit_auth_backend_internal]},%% Configurations supporting the rabbitmq_auth_mechanism_ssl and%% rabbitmq_auth_backend_ldap plugins.%%%% NB: These options require that the relevant plugin is enabled.%% Related doc guide: https://www.rabbitmq.com/plugins.html for further details.%% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to%% authenticate a user based on the client's TLS certificate.%%%% To use auth-mechanism-ssl, add to or replace the auth_mechanisms%% list with the entry 'EXTERNAL'.%%%% {auth_mechanisms, ['EXTERNAL']},%% The rabbitmq_auth_backend_ldap plugin allows the broker to%% perform authentication and authorisation by deferring to an%% external LDAP server.%%%% For more information about configuring the LDAP backend, see%% https://www.rabbitmq.com/ldap.html.%%%% Enable the LDAP auth backend by adding to or replacing the%% auth_backends entry:%%%% {auth_backends, [rabbit_auth_backend_ldap]},%% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and%% STOMP ssl_cert_login configurations. See the rabbitmq_stomp%% configuration section later in this file and the README in%% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further%% details.%%%% To use the TLS cert's CN instead of its DN as the username%%%% {ssl_cert_login_from, distinguished_name},%% TLS handshake timeout, in milliseconds.%%%% {ssl_handshake_timeout, 5000},%% Makes RabbitMQ accept SSLv3 client connections by default.%% DO NOT DO THIS IF YOU CAN HELP IT.%%%% {ssl_allow_poodle_attack, false},%% Password hashing implementation. Will only affect newly%% created users. To recalculate hash for an existing user%% it's necessary to update her password.%%%% When importing definitions exported from versions earlier%% than 3.6.0, it is possible to go back to MD5 (only do this%% as a temporary measure!) by setting this to rabbit_password_hashing_md5.%%%% To use SHA-512, set to rabbit_password_hashing_sha512.%%%% {password_hashing_module, rabbit_password_hashing_sha256},%% Configuration entry encryption.%% Related doc guide: https://www.rabbitmq.com/configure.html#configuration-encryption%%%% To specify the passphrase in the configuration file:%%%% {config_entry_decoder, [{passphrase, <<"mypassphrase">>}]}%%%% To specify the passphrase in an external file:%%%% {config_entry_decoder, [{passphrase, {file, "/path/to/passphrase/file"}}]}%%%% To make the broker request the passphrase when it starts:%%%% {config_entry_decoder, [{passphrase, prompt}]}%%%% To change encryption settings:%%%% {config_entry_decoder, [{cipher, aes_cbc256},%% {hash, sha512},%% {iterations, 1000}]}%%%% Default User / VHost%% ====================%%%% On first start RabbitMQ will create a vhost and a user. These%% config items control what gets created. See%% https://www.rabbitmq.com/access-control.html for further%% information about vhosts and access control.%%%% {default_vhost, <<"/">>},%% {default_user, <<"guest">>},%% {default_pass, <<"guest">>},%% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},%% Tags for default user%%%% Related doc guide: https://www.rabbitmq.com/management.html.%%%% {default_user_tags, [administrator]},%%%% Additional network and protocol related configuration%% =====================================================%%%% Sets the default AMQP 0-9-1 heartbeat timeout in seconds.%% Values lower than 6 can produce false positives and are not%% recommended.%%%% Related doc guides:%%%% * https://www.rabbitmq.com/heartbeats.html%% * https://www.rabbitmq.com/networking.html%%%% {heartbeat, 60},%% Set the max permissible size of an AMQP frame (in bytes).%%%% {frame_max, 131072},%% Set the max frame size the server will accept before connection%% tuning occurs%%%% {initial_frame_max, 4096},%% Set the max permissible number of channels per connection.%% 0 means "no limit".%%%% {channel_max, 0},%% Set the max permissible number of client connections to the node.%% `infinity` means "no limit".%%%% This limit applies to client connections to all listeners (regardless of%% the protocol, whether TLS is used and so on). CLI tools and inter-node%% connections are exempt.%%%% When client connections are rapidly opened in succession, it is possible%% for the total connection count to go slightly higher than the configured limit.%% The limit works well as a general safety measure.%%%% Clients that are hitting the limit will see their TCP connections fail or time out.%%%% Introduced in 3.6.13.%%%% Related doc guide: https://www.rabbitmq.com/networking.html.%%%% {connection_max, infinity},%% TCP socket options.%%%% Related doc guide: https://www.rabbitmq.com/networking.html.%%%% {tcp_listen_options, [{backlog, 128},%% {nodelay, true},%% {exit_on_close, false}]},%%%% Resource Limits & Flow Control%% ==============================%%%% Related doc guide: https://www.rabbitmq.com/memory.html, https://www.rabbitmq.com/memory-use.html.%% Memory-based Flow Control threshold.%%%% {vm_memory_high_watermark, 0.7},%% Alternatively, we can set a limit (in bytes) of RAM used by the node.%%%% {vm_memory_high_watermark, {absolute, 1073741824}},%%%% Or you can set absolute value using memory units (with RabbitMQ 3.6.0+).%%%% {vm_memory_high_watermark, {absolute, "1024M"}},%%%% Supported unit symbols:%%%% k, kiB: kibibytes (2^10 - 1,024 bytes)%% M, MiB: mebibytes (2^20 - 1,048,576 bytes)%% G, GiB: gibibytes (2^30 - 1,073,741,824 bytes)%% kB: kilobytes (10^3 - 1,000 bytes)%% MB: megabytes (10^6 - 1,000,000 bytes)%% GB: gigabytes (10^9 - 1,000,000,000 bytes)%% Fraction of the high watermark limit at which queues start to%% page message out to disc in order to free up memory.%% For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5,%% paging can begin as early as when 20% of total available RAM is used by the node.%%%% Values greater than 1.0 can be dangerous and should be used carefully.%%%% One alternative to this is to use durable queues and publish messages%% as persistent (delivery mode = 2). With this combination queues will%% move messages to disk much more rapidly.%%%% Another alternative is to configure queues to page all messages (both%% persistent and transient) to disk as quickly%% as possible, see https://www.rabbitmq.com/lazy-queues.html.%%%% {vm_memory_high_watermark_paging_ratio, 0.5},%% Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`),%% Introduced in 3.6.11. `rss` is the default as of 3.6.12.%% See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background.%% {vm_memory_calculation_strategy, rss},%% Interval (in milliseconds) at which we perform the check of the memory%% levels against the watermarks.%%%% {memory_monitor_interval, 2500},%% The total memory available can be calculated from the OS resources%% - default option - or provided as a configuration parameter:%% {total_memory_available_override_value, "5000MB"},%% Set disk free limit (in bytes). Once free disk space reaches this%% lower bound, a disk alarm will be set - see the documentation%% listed above for more details.%%%% {disk_free_limit, 50000000},%%%% Or you can set it using memory units (same as in vm_memory_high_watermark)%% with RabbitMQ 3.6.0+.%% {disk_free_limit, "50MB"},%% {disk_free_limit, "50000kB"},%% {disk_free_limit, "2GB"},%% Alternatively, we can set a limit relative to total available RAM.%%%% Values lower than 1.0 can be dangerous and should be used carefully.%% {disk_free_limit, {mem_relative, 2.0}},%%%% Clustering%% =====================%%%% Queue master location strategy:%% * <<"min-masters">>%% * <<"client-local">>%% * <<"random">>%%%% Related doc guide: https://www.rabbitmq.com/ha.html#queue-master-location%%%% {queue_master_locator, <<"client-local">>},%% Batch size (number of messages) used during eager queue mirror synchronisation.%% Related doc guide: https://www.rabbitmq.com/ha.html#batch-sync. When average message size is relatively large%% (say, 10s of kilobytes or greater), reducing this value will decrease peak amount%% of RAM used by newly joining nodes that need eager synchronisation.%%%% {mirroring_sync_batch_size, 4096},%% Enables flow control between queue mirrors.%% Disabling this can be dangerous and is not recommended.%% When flow control is disabled, queue masters can outpace mirrors and not allow mirrors to catch up.%% Mirrors will end up using increasingly more RAM, eventually triggering a memory alarm.%%%% {mirroring_flow_control, true},%% Additional server properties to announce to connecting clients.%%%% {server_properties, []},%% How to respond to cluster partitions.%% Related doc guide: https://www.rabbitmq.com/partitions.html%%%% {cluster_partition_handling, ignore},%% Mirror sync batch size, in messages. Increasing this will speed%% up syncing but total batch size in bytes must not exceed 2 GiB.%% Available in RabbitMQ 3.6.0 or later.%%%% {mirroring_sync_batch_size, 4096},%% Make clustering happen *automatically* at startup - only applied%% to nodes that have just been reset or started for the first time.%% Related doc guide: https://www.rabbitmq.com/clustering.html#auto-config%%%% {cluster_nodes, {['rabbit@my.host.com'], disc}},%% Interval (in milliseconds) at which we send keepalive messages%% to other cluster members. Note that this is not the same thing%% as net_ticktime; missed keepalive messages will not cause nodes%% to be considered down.%%%% {cluster_keepalive_interval, 10000},%%%% Statistics Collection%% =====================%%%% Set (internal) statistics collection granularity.%%%% {collect_statistics, none},%% Statistics collection interval (in milliseconds). Increasing%% this will reduce the load on management database.%%%% {collect_statistics_interval, 5000},%% Enables vhosts tracing.%%%% {trace_vhosts, []},%% Explicitly enable/disable HiPE compilation.%%%% {hipe_compile, false},%% Number of delegate processes to use for intra-cluster communication.%% On a node which is part of cluster, has more than 16 cores and plenty of network bandwidth,%% it may make sense to increase this value.%%%% {delegate_count, 16},%% Number of times to retry while waiting for internal database tables (Mnesia tables) to sync%% from a peer. In deployments where nodes can take a long time to boot, this value%% may need increasing.%%%% {mnesia_table_loading_retry_limit, 10},%% Amount of time in milliseconds which this node will wait for internal database tables (Mnesia tables) to sync%% from a peer. In deployments where nodes can take a long time to boot, this value%% may need increasing.%%%% {mnesia_table_loading_retry_timeout, 30000},%% Size in bytes below which to embed messages in the queue index.%% Related doc guide: https://www.rabbitmq.com/persistence-conf.html%%%% {queue_index_embed_msgs_below, 4096},%% Maximum number of queue index entries to keep in journal%% Related doc guide: https://www.rabbitmq.com/persistence-conf.html.%%%% {queue_index_max_journal_entries, 32768},%% Number of credits that a queue process is given by the message store%% By default, a queue process is given 4000 message store credits,%% and then 800 for every 800 messages that it processes.%%%% {msg_store_credit_disc_bound, {4000, 800}},%% Minimum number of messages with their queue position held in RAM required%% to trigger writing their queue position to disk.%%%% This value MUST be higher than the initial msg_store_credit_disc_bound value,%% otherwise paging performance may worsen.%%%% {msg_store_io_batch_size, 4096},%% Number of credits that a connection, channel or queue are given.%%%% By default, every connection, channel or queue is given 400 credits,%% and then 200 for every 200 messages that it sends to a peer process.%% Increasing these values may help with throughput but also can be dangerous:%% high credit flow values are no different from not having flow control at all.%%%% Related doc guide: https://www.rabbitmq.com/blog/2015/10/06/new-credit-flow-settings-on-rabbitmq-3-5-5/%% and http://alvaro-videla.com/2013/09/rabbitmq-internals-credit-flow-for-erlang-processes.html.%%%% {credit_flow_default_credit, {400, 200}},%% Number of milliseconds before a channel operation times out.%%%% {channel_operation_timeout, 15000},%% Number of queue operations required to trigger an explicit garbage collection.%% Increasing this value may reduce CPU load and increase peak RAM consumption of queues.%%%% {queue_explicit_gc_run_operation_threshold, 1000},%% Number of lazy queue operations required to trigger an explicit garbage collection.%% Increasing this value may reduce CPU load and increase peak RAM consumption of lazy queues.%%%% {lazy_queue_explicit_gc_run_operation_threshold, 1000},%% Number of times disk monitor will retry free disk space queries before%% giving up.%%%% {disk_monitor_failure_retries, 10},%% Milliseconds to wait between disk monitor retries on failures.%%%% {disk_monitor_failure_retry_interval, 120000},%% Whether or not to enable background periodic forced GC runs for all%% Erlang processes on the node in "waiting" state.%%%% Disabling background GC may reduce latency for client operations,%% keeping it enabled may reduce median RAM usage by the binary heap%% (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html).%%%% Before enabling this option, please take a look at the memory%% breakdown (https://www.rabbitmq.com/memory-use.html).%%%% {background_gc_enabled, false},%% Interval (in milliseconds) at which we run background GC.%%%% {background_gc_target_interval, 60000},%% Message store operations are stored in a sequence of files called segments.%% This controls max size of a segment file.%% Increasing this value may speed up (sequential) disk writes but will slow down segment GC process.%% DO NOT CHANGE THIS for existing installations.%%%% {msg_store_file_size_limit, 16777216},%% Whether or not to enable file write buffering.%%%% {fhc_write_buffering, true},%% Whether or not to enable file read buffering. Enabling%% this may slightly speed up reads but will also increase%% node's memory consumption, in particular on boot.%%%% {fhc_read_buffering, false}]},%% ----------------------------------------------------------------------------%% Advanced Erlang Networking/Clustering Options.%%%% Related doc guide: https://www.rabbitmq.com/clustering.html%% ----------------------------------------------------------------------------{kernel,[%% Sets the net_kernel tick time.%% Please see http://erlang.org/doc/man/kernel_app.html and%% https://www.rabbitmq.com/nettick.html for further details.%%%% {net_ticktime, 60}]},%% ----------------------------------------------------------------------------%% RabbitMQ Management Plugin%%%% Related doc guide: https://www.rabbitmq.com/management.html%% ----------------------------------------------------------------------------{rabbitmq_management,[%% Preload schema definitions from a previously exported definitions file. See%% https://www.rabbitmq.com/management.html#load-definitions%%%% {load_definitions, "/path/to/exported/definitions.json"},%% Log all requests to the management HTTP API to a directory.%%%% {http_log_dir, "/path/to/rabbitmq/logs/http"},%% Change the port on which the HTTP listener listens,%% specifying an interface for the web server to bind to.%% Also set the listener to use TLS and provide TLS options.%%%% {listener, [{port, 12345},%% {ip, "127.0.0.1"},%% {ssl, true},%% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"},%% {certfile, "/path/to/cert.pem"},%% {keyfile, "/path/to/key.pem"}]}]},%% One of 'basic', 'detailed' or 'none'. See%% https://www.rabbitmq.com/management.html#fine-stats for more details.%% {rates_mode, basic},%% Configure how long aggregated data (such as message rates and queue%% lengths) is retained. Please read the plugin's documentation in%% https://www.rabbitmq.com/management.html#configuration for more%% details.%%%% {sample_retention_policies,%% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]},%% {basic, [{60, 5}, {3600, 60}]},%% {detailed, [{10, 5}]}]}]},%% ----------------------------------------------------------------------------%% RabbitMQ Shovel Plugin%%%% Related doc guide: https://www.rabbitmq.com/shovel.html%% ----------------------------------------------------------------------------{rabbitmq_shovel,[{shovels,[%% A named shovel worker.%% {my_first_shovel,%% [%% List the source broker(s) from which to consume.%%%% {sources,%% [%% URI(s) and pre-declarations for all source broker(s).%% {brokers, ["amqp://user:password@host.domain/my_vhost"]},%% {declarations, []}%% ]},%% List the destination broker(s) to publish to.%% {destinations,%% [%% A singular version of the 'brokers' element.%% {broker, "amqp://"},%% {declarations, []}%% ]},%% Name of the queue to shovel messages from.%%%% {queue, <<"your-queue-name-goes-here">>},%% Optional prefetch count.%%%% {prefetch_count, 10},%% when to acknowledge messages:%% - no_ack: never (auto)%% - on_publish: after each message is republished%% - on_confirm: when the destination broker confirms receipt%%%% {ack_mode, on_confirm},%% Overwrite fields of the outbound basic.publish.%%%% {publish_fields, [{exchange, <<"my_exchange">>},%% {routing_key, <<"from_shovel">>}]},%% Static list of basic.properties to set on re-publication.%%%% {publish_properties, [{delivery_mode, 2}]},%% The number of seconds to wait before attempting to%% reconnect in the event of a connection failure.%%%% {reconnect_delay, 2.5}%% ]} %% End of my_first_shovel]}%% Rather than specifying some values per-shovel, you can specify%% them for all shovels here.%%%% {defaults, [{prefetch_count, 0},%% {ack_mode, on_confirm},%% {publish_fields, []},%% {publish_properties, [{delivery_mode, 2}]},%% {reconnect_delay, 2.5}]}]},%% ----------------------------------------------------------------------------%% RabbitMQ STOMP Plugin%%%% Related doc guide: https://www.rabbitmq.com/stomp.html%% ----------------------------------------------------------------------------{rabbitmq_stomp,[%% Network Configuration - the format is generally the same as for the broker%% Listen only on localhost (ipv4 & ipv6) on a specific port.%% {tcp_listeners, [{"127.0.0.1", 61613},%% {"::1", 61613}]},%% Listen for TLS connections on a specific port.%% {ssl_listeners, [61614]},%% Number of Erlang processes that will accept connections for the TCP%% and TLS listeners.%%%% {num_tcp_acceptors, 10},%% {num_ssl_acceptors, 1},%% Additional TLS options%% Extract a name from the client's certificate when using TLS.%%%% {ssl_cert_login, true},%% Set a default user name and password. This is used as the default login%% whenever a CONNECT frame omits the login and passcode headers.%%%% Please note that setting this will allow clients to connect without%% authenticating!%%%% {default_user, [{login, "guest"},%% {passcode, "guest"}]},%% If a default user is configured, or you have configured use TLS client%% certificate based authentication, you can choose to allow clients to%% omit the CONNECT frame entirely. If set to true, the client is%% automatically connected as the default user or user supplied in the%% TLS certificate whenever the first frame sent on a session is not a%% CONNECT frame.%%%% {implicit_connect, true},%% Whether or not to enable proxy protocol support.%% Once enabled, clients cannot directly connect to the broker%% anymore. They must connect through a load balancer that sends the%% proxy protocol header to the broker at connection time.%% This setting applies only to STOMP clients, other protocols%% like MQTT or AMQP have their own setting to enable proxy protocol.%% See the plugins or broker documentation for more information.%%%% {proxy_protocol, false}]},%% ----------------------------------------------------------------------------%% RabbitMQ MQTT Plugin%%%% Related doc guide: https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md%%%% ----------------------------------------------------------------------------{rabbitmq_mqtt,[%% Set the default user name and password. Will be used as the default login%% if a connecting client provides no other login details.%%%% Please note that setting this will allow clients to connect without%% authenticating!%%%% {default_user, <<"guest">>},%% {default_pass, <<"guest">>},%% Enable anonymous access. If this is set to false, clients MUST provide%% login information in order to connect. See the default_user/default_pass%% configuration elements for managing logins without authentication.%%%% {allow_anonymous, true},%% If you have multiple chosts, specify the one to which the%% adapter connects.%%%% {vhost, <<"/">>},%% Specify the exchange to which messages from MQTT clients are published.%%%% {exchange, <<"amq.topic">>},%% Specify TTL (time to live) to control the lifetime of non-clean sessions.%%%% {subscription_ttl, 1800000},%% Set the prefetch count (governing the maximum number of unacknowledged%% messages that will be delivered).%%%% {prefetch, 10},%% TLS listeners.%% See https://www.rabbitmq.com/networking.html%%%% {tcp_listeners, [1883]},%% {ssl_listeners, []},%% Number of Erlang processes that will accept connections for the TCP%% and TLS listeners.%% See https://www.rabbitmq.com/networking.html%%%% {num_tcp_acceptors, 10},%% {num_ssl_acceptors, 1},%% TCP socket options.%% See https://www.rabbitmq.com/networking.html%%%% {tcp_listen_options, [%% {backlog, 128},%% {linger, {true, 0}},%% {exit_on_close, false}%% ]},%% Whether or not to enable proxy protocol support.%% Once enabled, clients cannot directly connect to the broker%% anymore. They must connect through a load balancer that sends the%% proxy protocol header to the broker at connection time.%% This setting applies only to MQTT clients, other protocols%% like STOMP or AMQP have their own setting to enable proxy protocol.%% See the plugins or broker documentation for more information.%%%% {proxy_protocol, false}]},%% ----------------------------------------------------------------------------%% RabbitMQ AMQP 1.0 Support%%%% Related doc guide: https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md%%%% ----------------------------------------------------------------------------{rabbitmq_amqp1_0,[%% Connections that are not authenticated with SASL will connect as this%% account. See the README for more information.%%%% Please note that setting this will allow clients to connect without%% authenticating!%%%% {default_user, "guest"},%% Enable protocol strict mode. See the README for more information.%%%% {protocol_strict_mode, false}]},%% ----------------------------------------------------------------------------%% RabbitMQ LDAP Plugin%%%% Related doc guide: https://www.rabbitmq.com/ldap.html.%%%% ----------------------------------------------------------------------------{rabbitmq_auth_backend_ldap,[%%%% Connecting to the LDAP server(s)%% ================================%%%% Specify servers to bind to. You *must* set this in order for the plugin%% to work properly.%%%% {servers, ["your-server-name-goes-here"]},%% Connect to the LDAP server using TLS%%%% {use_ssl, false},%% Specify the LDAP port to connect to%%%% {port, 389},%% LDAP connection timeout, in milliseconds or 'infinity'%%%% {timeout, infinity},%% Enable logging of LDAP queries.%% One of%% - false (no logging is performed)%% - true (verbose logging of the logic used by the plugin)%% - network (as true, but additionally logs LDAP network traffic)%%%% Defaults to false.%%%% {log, false},%%%% Authentication%% ==============%%%% Pattern to convert the username given through AMQP to a DN before%% binding%%%% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},%% Alternatively, you can convert a username to a Distinguished%% Name via an LDAP lookup after binding. See the documentation for%% full details.%% When converting a username to a dn via a lookup, set these to%% the name of the attribute that represents the user name, and the%% base DN for the lookup query.%%%% {dn_lookup_attribute, "userPrincipalName"},%% {dn_lookup_base, "DC=gopivotal,DC=com"},%% Controls how to bind for authorisation queries and also to%% retrieve the details of users logging in without presenting a%% password (e.g., SASL EXTERNAL).%% One of%% - as_user (to bind as the authenticated user - requires a password)%% - anon (to bind anonymously)%% - {UserDN, Password} (to bind with a specified user name and password)%%%% Defaults to 'as_user'.%%%% {other_bind, as_user},%%%% Authorisation%% =============%%%% The LDAP plugin can perform a variety of queries against your%% LDAP server to determine questions of authorisation. See%% https://www.rabbitmq.com/ldap.html#authorisation for more%% information.%% Set the query to use when determining vhost access%%%% {vhost_access_query, {in_group,%% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},%% Set the query to use when determining resource (e.g., queue) access%%%% {resource_access_query, {constant, true}},%% Set queries to determine which tags a user has%%%% {tag_queries, []}]},%% Lager controls logging.%% See https://github.com/basho/lager for more documentation {lager, [%%%% Log directory, taken from the RABBITMQ_LOG_BASE env variable by default.%% {log_root, "/var/log/rabbitmq"},%%%% All log messages go to the default "sink" configured with%% the `handlers` parameter. By default, it has a single%% lager_file_backend handler writing messages to "$nodename.log"%% (ie. the value of $RABBIT_LOGS).%% {handlers, [%% {lager_file_backend, [{file, "rabbit.log"},%% {level, info},%% {date, ""},%% {size, 0}]}%% ]},%%%% Extra sinks are used in RabbitMQ to categorize messages. By%% default, those extra sinks are configured to forward messages%% to the default sink (see above). "rabbit_log_lager_event"%% is the default category where all RabbitMQ messages without%% a category go. Messages in the "channel" category go to the%% "rabbit_channel_lager_event" Lager extra sink, and so on.%% {extra_sinks, [%% {rabbit_log_lager_event, [{handlers, [%% {lager_forwarder_backend,%% [lager_event, info]}]}]},%% {rabbit_channel_lager_event, [{handlers, [%% {lager_forwarder_backend,%% [lager_event, info]}]}]},%% {rabbit_connection_lager_event, [{handlers, [%% {lager_forwarder_backend,%% [lager_event, info]}]}]},%% {rabbit_mirroring_lager_event, [{handlers, [%% {lager_forwarder_backend,%% [lager_event, info]}]}]}%% ]}]} ].
重启
rabbitmqctl stop
rabbitmq-server -detached
查看