Я пытаюсь создать образ докера для сервера RabbitMQ с поддержкой SSL с нуля. После настройки SSL он работает для AMQP / SSL, но консоль управления не работает с HTTPS.
Я также включил конфигурацию SSL для RabbitMQ в файле rabbitmq.config.
После построения докера и запуска сервера RabbitMQ он только включает AMQP через SSL и не включает HTTPS. Консоль управления по-прежнему доступна только по HTTP.
Ниже приведен список включенных плагинов:
[e*] cowboy 1.0.4
[e*] cowlib 1.0.2
[ ] rabbitmq_amqp1_0 3.6.10
[ ] rabbitmq_auth_backend_ldap 3.6.10
[E*] rabbitmq_auth_mechanism_ssl 3.6.10
[ ] rabbitmq_consistent_hash_exchange 3.6.10
[ ] rabbitmq_event_exchange 3.6.10
[ ] rabbitmq_federation 3.6.10
[ ] rabbitmq_federation_management 3.6.10
[ ] rabbitmq_jms_topic_exchange 3.6.10
[E*] rabbitmq_management 3.6.10
[e*] rabbitmq_management_agent 3.6.10
[ ] rabbitmq_management_visualiser 3.6.10
[ ] rabbitmq_mqtt 3.6.10
[ ] rabbitmq_recent_history_exchange 3.6.10
[ ] rabbitmq_sharding 3.6.10
[ ] rabbitmq_shovel 3.6.10
[ ] rabbitmq_shovel_management 3.6.10
[ ] rabbitmq_stomp 3.6.10
[ ] rabbitmq_top 3.6.10
[ ] rabbitmq_tracing 3.6.10
[ ] rabbitmq_trust_store 3.6.10
[e*] rabbitmq_web_dispatch 3.6.10
[ ] rabbitmq_web_mqtt 3.6.10
[ ] rabbitmq_web_mqtt_examples 3.6.10
[ ] rabbitmq_web_stomp 3.6.10
[ ] rabbitmq_web_stomp_examples 3.6.10
[ ] sockjs 0.3.4
Ниже приведен файл конфигурации:
[{ssl_config,
[{cacertfile,
"/path/to/ca_certificate.pem"},
{keyfile,"/path/to/server_key.pem"},
{certfile,
"/path/to/server_certificate.pem"},
{port,15671},
{ssl,true},
{ciphers,
["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
"ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
"DHE-RSA-AES256-GCM-SHA384"]}]}]},
{rabbit,
[{ssl_cert_login_from,common_name},
{ssl_options,
[{keyfile,"/path/to/server_key.pem"},
{honor_ecc_order,true},
{honor_cipher_order,true},
{certfile,
"/path/to/server_certificate.pem"},
{cacertfile,
"/path/to/ca_certificate.pem"},
{fail_if_no_peer_cert,true},
{verify,verify_peer},
{versions,['tlsv1.1','tlsv1.2']},
{ciphers,
["ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
"ECDH-ECDSA-AES256-GCM-SHA384","ECDH-RSA-AES256-GCM-SHA384",
"ECDH-ECDSA-AES256-SHA384","ECDH-RSA-AES256-SHA384",
"DHE-RSA-AES256-GCM-SHA384","DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-SHA256","DHE-DSS-AES256-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256","ECDHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256","ECDHE-RSA-AES128-SHA256",
"ECDH-ECDSA-AES128-GCM-SHA256","ECDH-RSA-AES128-GCM-SHA256",
"ECDH-ECDSA-AES128-SHA256","ECDH-RSA-AES128-SHA256",
"DHE-RSA-AES128-GCM-SHA256","DHE-DSS-AES128-GCM-SHA256",
"DHE-RSA-AES128-SHA256","DHE-DSS-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA","ECDHE-RSA-AES256-SHA",
"DHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA",
"ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA","ECDHE-RSA-AES128-SHA",
"DHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA",
"ECDH-ECDSA-AES128-SHA","ECDH-RSA-AES128-SHA"]}]},
{tcp_listeners,[5672]},
{ssl_listeners,[5671]},
{auth_mechanisms,['EXTERNAL']},
{cluster_formation,
[{peer_discovery_backend,rabbit_peer_discovery_classic_config},
{node_type,disc}]}]}].
Процесс остается простым. Я просто устанавливаю все с помощью файла Docker и запускаю контейнер.
Пожалуйста, подскажите, что я делаю не так.
Отредактировано
Ниже приведено содержание dockerfile:
FROM scratch
#MAINTAINER The IISPL <prafult@interfaceinfosoft.com>
ARG HOST_NAME
ADD ubuntu-bionic-core-cloudimg-amd64-root.tar.gz /
LABEL name="Ubutnu Base Image"
LABEL vendor="Ubutnu 18.04"
LABEL license=GPLv2
ENV HOST_MACHINE_HOSTNAME=$HOST_NAME
RUN apt-get update && \
apt-get install adduser wget make git gnupg gnupg2 gnupg1 vim python3 init-system-helpers openssl logrotate socat systemd erlang erlang-nox -y && \
apt-get autoclean && \
apt-get autoremove && \
apt-get -y upgrade
RUN apt-get install -y rabbitmq-server
#ENV RABBITMQ_VERSION 3.6.12
#RUN wget https://www.rabbitmq.com/releases/rabbitmq-server/v$RABBITMQ_VERSION/rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
# dpkg -i rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
# rm -rf rabbitmq-server_$RABBITMQ_VERSION-1_all.deb && \
RUN mkdir -p /home/rabbitmq_server/scripts
RUN mkdir /home/rabbitmq_server/ssl
COPY scripts /home/rabbitmq_server/scripts
COPY ssl /home/rabbitmq_server/ssl
COPY rabbitmq.config /etc/rabbitmq/rabbitmq.config
RUN chmod +x /home/rabbitmq_server/scripts/*.sh
RUN chmod -R 777 /home/rabbitmq_server/ssl/
RUN systemctl enable rabbitmq-server.service
RUN rabbitmq-plugins enable rabbitmq_management
RUN rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl
EXPOSE 5671 15672 5672 15671
CMD ["/home/rabbitmq_server/scripts/run.sh"]
И в скрипте запуска я просто запускаю сервер RabbitMQ.