This is my part of logstash.conf:
output {
stomp {
host => "localhost"
port => "61613"
destination => "/queue/test"
user => "admin"
password => "admin"
headers => {
"persistent" => true
}
}
stdout {}
}
Now I want send message to ActiveMQ with SSL. What should I do?
Based on this PR from the logstash-plugins project it appears that SSL/TLS is not supported with Stomp.
Related
input {
twitter {
consumer_key => "--"
consumer_secret => "-"
oauth_token => "--"
oauth_token_secret => "--"
keywords => ["innovation"]
full_tweet => true
}
}
filter {
}
output{
stdout
{
codec => dots
}
elasticsearch {
hosts => ["localhost:9200"]
index => "innotweets"
}
}
This is the config file to access tweets from twitter and create index in elasticsearch. It works well when I am not using VPN . When I execute this behind a proxy server, I am not able to create index in elasticsearch. What must I do to get past the proxy??
I'm trying to implement client certificate authentication with ASP.NET and IdentityServer4, but can't seem to make it work. Through Postman I get "Error: invalid_client", in debug console "Client secret validation failed for client: ISCCA.". I'm running the application with Kestrel on localhost.
Based on documentation and examples i've been through, this is my result so far:
Kestrel configuration:
webBuilder.ConfigureKestrel(builderOptions => {
builderOptions.ConfigureHttpsDefaults(httpOptions => {
httpOptions.AllowAnyClientCertificate();
httpOptions.ClientCertificateMode = ClientCertificateMode.AllowCertificate;
httpOptions.CheckCertificateRevocation = false;
});
});
Identity server configuration with in memory clients, resources and scopes:
services
.AddIdentityServer(options => {
// MTLS for client certificate authentication endpoints with default scheme set as Certificate
options.MutualTls.Enabled = true;
options.MutualTls.ClientCertificateAuthenticationScheme = CertificateAuthenticationDefaults.AuthenticationScheme;
// Use subdomain endpoints (mtls.host)
options.MutualTls.DomainName = "mtls";
})
.AddMutualTlsSecretValidators() // So that Identity Server knows to validate thumbprint or certificate name
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(new List<ApiResource> {
new ApiResource(
name: "MyAPI", // Api resource name
displayName: "My API Set", // Display name
userClaims: new List<string> { "access" } // Claims to be included in access token
)
})
.AddInMemoryIdentityResources(GetIdentityResources()) // Contains only IdentityResources.OpenId()
.AddInMemoryClients(new List<Client>() {
new Client {
Enabled = true,
ClientId = "ISCCA",
ClientSecrets = {
// Testing env client certificate thumbprint secret
new Secret() {
Value = "<thumbprint>",
Type = SecretTypes.X509CertificateThumbprint
}
},
AccessTokenLifetime = 60 * 60 * 24,
AllowedGrantTypes = GrantTypes.ClientCredentials,
AllowedScopes = { "MyAPI" }
}
})
.AddInMemoryApiScopes(new List<ApiScope> {
new ApiScope {
Name = "MyAPI",
DisplayName = "Some API",
UserClaims = { "access" }
}
});
Authentication and authorization:
services
.AddAuthentication(CertificateAuthenticationDefaults.AuthenticationScheme)
.AddCertificate(options => {
options.AllowedCertificateTypes = CertificateTypes.All;
options.RevocationMode = X509RevocationMode.NoCheck;
})
.AddIdentityServerJwt();
services.AddAuthorization(options => {
options.AddPolicy("ApiScope", policy => {
policy.RequireAuthenticatedUser();
policy.RequireClaim("access");
});
});
If i use a secret without defined type, the token is returned as expected, but when i want it to use the thumbprint, i get errors above.
I have set up the certificate in Postman and it is included in request, but i'm not sure if it comes to the server (everything is run localy on the same PC). As for token request and server response, below are screenshots of what is in auth header and response and Kestrel log:
I don't know what i did wrong. Also i have included
app.UseAuthentication();
app.UseIdentityServer();
app.UseAuthorization();
in Configure method.
I have a question about MassTransit configuration.
There is a Main application and Microservice.
For example, the Main application sends a commands to the microservice(consumer) to write off funds from the account.
Configuration in the Main application:
var rabbitHost = new Uri("rabbitmq://localhost/app");
services.AddMassTransit(x => {
x.AddBus(provider => Bus.Factory.CreateUsingRabbitMq(cfg => {
var host = cfg.Host(rabbitHost, hostConfigurator => {
hostConfigurator.Username("user");
hostConfigurator.Password("password");
});
}));
});
EndpointConvention.Map<WithdrawFunds>(new Uri(rabbitHost + "/test-queue"));
Microservice configuration:
var rabbitHost = new Uri("rabbitmq://localhost/app");
services.AddMassTransit(x => {
x.AddBus(provider => Bus.Factory.CreateUsingRabbitMq(cfg => {
var host = cfg.Host(rabbitHost, hostConfigurator => {
hostConfigurator.Username("username");
hostConfigurator.Password("password");
});
cfg.ReceiveEndpoint(host, "test-queue", ep => {
ep.Consumer<WithdrawFundsConsumer>();
});
}));
});
Command executed in Main application like:
await _sendEndpointProvider.Send<WithdrawFunds>(new {
Amount = 100,
AccountId = "someId"
});
MassTransit creates a "test-queue" queue and if both applications are running, then the interaction works successfully. But if I stop the microservice, then a
"test-queue_skipped" queue is created in which the missed messages fall. However, if I start the Microservice, it will not receive missed messages.
How can I configure MassTransit so that "_skipped" is not created, and messages are waiting for the consumer to appear?
I've been struggling to figure out how I'm meant to configure MassTransit and our new dedicated cloudamqp instance to work with SSL (note:everything is working without SSL fine).
I tried adding the UseSsl line in the code below, which I found in some old documentation, but that didn't work:
var bus = Bus.Factory.CreateUsingRabbitMq(sbc =>
{
var host = sbc.Host(new Uri(messageBusConfiguration["Host"]), h =>
{
h.Username(messageBusConfiguration["Username"]);
h.Password(messageBusConfiguration["Password"]);
h.UseSsl(s => {});
});
});
In cloudamqp I've set it to allow ampqs too and my services/APIs are setup and running in IIS using HTTPs without any issues.
I suspect I'm missing something fundamental here but I can't find any documentation on it.
This works for me, note that the port must be specified.
var busControl = Bus.Factory.CreateUsingRabbitMq(x =>
{
var host = x.Host(new Uri("rabbitmq://wombat.rmq.cloudamqp.com:5671/your_vhost/"), h =>
{
h.Username("your_username");
h.Password("your_password");
h.UseSsl(s =>
{
s.Protocol = SslProtocols.Tls12;
});
});
x.ReceiveEndpoint(host, "input_queue", e =>
{
});
});
await busControl.StartAsync(new CancellationTokenSource(TimeSpan.FromSeconds(30)).Token);
await busControl.StopAsync();
I've got the following logstash config, and I'm trying to send the RabbitMQ headers (which are stored in the #metadata field) to ElasticSearch
input {
rabbitmq {
auto_delete => false
durable => false
host => "my_host"
port => 5672
queue => "my_queue"
key => "#"
threads => 1
codec => "plain"
user => "user"
password => "pass"
metadata_enabled => true
}
}
filter {
???
}
output {
stdout { codec => rubydebug {metadata => true} }
elasticsearch { hosts => localhost }
}
I can see the headers in the std output
{
"#timestamp" => 2017-07-11T15:53:28.629Z,
"#metadata" => {
"rabbitmq_headers" => { "My_Header" => "My_value"
},
"rabbitmq_properties" => {
"content-encoding" => "utf-8",
"correlation-id" => "785901df-e954-4735-a9cf-868088fdac87",
"content-type" => "application/json",
"exchange" => "My_Exchange",
"routing-key" => "123-456",
"consumer-tag" => "amq.ctag-ZtX3L_9Zsz96aakkSGYzGA"
}
},
"#version" => "1",
"message" => "{...}"
Is there some filter (grok, mutate, kv, etc.) which can copy these values to Tags in the message sent to ElasticSearch?