I would like to know if there is a way to configure RabbitMQ to close lost connections regardless the heartbeat.
My issue is that if a connection was opened with heartbeat set to 0 and the connection is lost (like disabling the network interface) the server keep the connection open forever, I understand that the TCP timeout is 11 minutes but the connection is not closing even hours later.
I did added keepalive configuration to the server but with the same result (I'm working with SSL).
Is there a way to configure the server to close this connections regardless to the heartbeat configuration?
Or maybe I can reject connection with low heartbeat configuration?
Environment Details:
OS ubuntu server 14.04
RabbitMQ server version 3.5.4
Configuration:
{tcp_listen_options, [binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true},
{exit_on_close, true},
{keepalive, true}]}
{ssl_options, [{cacertfile, "/etc/rabbitmq/certs/cacert.pem"},
{certfile, "/etc/rabbitmq/certs/cert.pem"},
{keyfile, "/etc/rabbitmq/certs/key.pem"},
{verify, verify_peer},
{keepalive, true},
{fail_if_no_peer_cert, false}]},
Related
I installed Rabbit MQ on my Ubuntu 16.04 Server. After that, I enabled plugins for MQTT for RabbitMQ. In rabbitmq-plugins list I can see that MQTT plugin is enabled and running on the server.
I then added the following configuration file for MQTT at this location
/etc/rabbitmq/rabbitmq.config
and restarted the server:
[{rabbit, [{tcp_listeners, [5672]}]},
{rabbitmq_mqtt, [{default_user, <<"myuser">>},
{default_pass, <<"mypass">>},
{allow_anonymous, false},
{vhost, <<"/">>},
{exchange, <<"amq.topic">>},
{subscription_ttl, 1800000},
{prefetch, 10},
{ssl_listeners, []},
%% Default MQTT with TLS port is 8883
%% {ssl_listeners, [8883]}
{tcp_listeners, [1883]},
{tcp_listen_options, [{backlog, 128},
{nodelay, true}]}]}
].
Now When I am trying to publish a message to rabbitmq server like:
import paho.mqtt.publish as publish
import paho.mqtt.client as mqtt
publish.single('/',
payload='hello world',
hostname='xxx.xxx.xxx.xxx', # My servers IP address
auth={'username':'myuser', 'password':'mypass'},
port=1883,
protocol=mqtt.MQTTv311)
It gives me this error:
paho.mqtt.MQTTException: Connection Refused: bad user name or password.
There is no Encryption for now. So what am I doing wrong?
I tried the same procedure with Mosquitto MQTT Broker and it worked fine. I think the issue is with my rabbitmq configuration.
This spring guide on messaging with rabbitmq does not talk about the host port configurations. I followed the same and added these properties to application.properties to connect to rabbitmq broker installed on GCP
spring:
rabbitmq:
host: XXX.XXX.XXX.XX
port: 5672
username: user
password: bitnami
virtual-host: /
While running the app I am getting timeout exception while connecting to rabbitmq
2017-08-06 17:16:54.322 ERROR 7280 --- [ container-1] o.s.a.r.l.SimpleMessageListenerContainer : Failed to check/redeclare auto-delete queue(s).
org.springframework.amqp.AmqpConnectException: java.net.ConnectException: Connection timed out: connect
at org.springframework.amqp.rabbit.support.RabbitExceptionTranslator.convertRabbitAccessException(RabbitExceptionTranslator.java:62) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.connection.AbstractConnectionFactory.createBareConnection(AbstractConnectionFactory.java:367) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.connection.CachingConnectionFactory.createConnection(CachingConnectionFactory.java:565) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.doExecute(RabbitTemplate.java:1430) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:1411) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitTemplate.execute(RabbitTemplate.java:1387) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.core.RabbitAdmin.getQueueProperties(RabbitAdmin.java:336) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer.redeclareElementsIfNecessary(SimpleMessageListenerContainer.java:1136) ~[spring-rabbit-1.7.2.RELEASE.jar:na]
at org.springframework.amqp.rabbit.listener.SimpleMessageListenerContainer$AsyncMessageProcessingConsumer.run(SimpleMessageListenerContainer.java:1387) [spring-rabbit-1.7.2.RELEASE.jar:na]
Tried the following but still same error:
Opened up tcp:5672 through GCP firewall configuration
Changed the rabbitmq config at /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.config to change the allowed ips from localhost (127.0.0.1) to 0.0.0.0
{
rabbit,
[{tcp_listeners, [{"0.0.0.0", 5672}, {"::", 5672}]},
{default_vhost, <<"/">>},
{default_user, <<"user">>},
{default_pass, <<"bitnami">>},
{default_permissions, [<<".*">>, <<".*">>, <<".*">>]}
}
What could be the problem here ?
Update
I have installed rabbitmq locally and everything works fine.
I doubt if the updates to config file is actually not getting reflected properly. This is how I did it.
updated the rabbitmq.config
rabbitmqctl stop_app
rabbitmqctl start_app
But still I see some difference under the 'Ports and contexts' section in the UI
localhost
gcp
Any pointers ? Or is it all looking fine and the problem is something different, like with GCP setup or something ?
After telnet-ing to the port and checking the port config through the GCP console I figured out that I did a mistake in setting the right tag name to the instance where I installed rabbitmq.
Please do verify that the 'target tag' mentioned in your firewall rule is indeed mapped to the vm instance where rabbitmq is installed
Otherwise the config mentioned in the question is enough to make it work from a remote client
I installed rabbit mq via docker image on a machine including the management and rabbitmq_auth_backend_ip_range plugins. I want to restrict access to the ports 5671/2 and 15672 to only allow certain IPs accessing them.
As 15672 is the web interface, I have not current solution for that. Any ideas on that?
For 5671/2 (which one is the secure one?) I want to use the plugin rabbitmq_auth_backend_ip_range because as far as I understood, that's its purpose.
My current rabbitmq.config looks like this:
[
{rabbit, [
{auth_backends, [{rabbit_auth_backend_ip_range}]}
]},
{rabbitmq_auth_backend_ip_range, [
{tag_masks,
[{'administrator', [<<"::FFFF:192.168.0.0/112">>]}]
}
]}
].
According to the documentation that allows access only for accounts tagged with administrator. But if I do a telnet nothing changed:
telnet ip-address 5672
I can access it. How do you pass over credentials via telnet? How is ip restriction done with rabbit mq?
rabbitmq-auth-backend-ip-range is only providing authentication mechanism to login/talk to rabbitmq server. That doesn't mean your 5672 port is not open.
You will still be able to telnet on 5672 but if some administrator user tries to connect particularly to RabbitMQ server than it should match with the given IP address otherwise authentication failed will return
For RabbitMQ Management you can define IP address something like this:
{rabbitmq_management, [
{listener, [{port, 15672}, {ip, "127.0.0.1"}]}
]}
Rabbitmq-auth-backend-ip-range link is community plugin for client authorization based on source IP address. With this community plugin, we can restrict access to client on the basis of IP address
Steps To configure plugin in rabbitmq version 3.6.X
wget https://dl.bintray.com/rabbitmq/community-plugins/3.6.x/rabbitmq_auth_backend_ip_range/rabbitmq_auth_backend_ip_range-20180116-3.6.x.zip
unzip content to /usr/lib/rabbitmq/lib/rabbitmq_server-3.x/plugins
Enable plugin:rabbitmq-plugins enable rabbitmq_auth_backend_ip_range
Set a custom tag to which this plugin will block for certain IP address
rabbitmqctl set_user_tags custom_user custom_tag
Configure rabbitmqctl configuration file
vi /etc/rabbitmq/rabbitmq.config
[
{rabbit, [
{tcp_listeners, [5672]},
{auth_backends, [
{rabbit_auth_backend_internal,
[rabbit_auth_backend_internal, rabbit_auth_backend_ip_range]
}
]
}
]},
{rabbitmq_auth_backend_ip_range, [
{tag_masks,
[{'customtag', [<<"::FFFF:172.xx.xx.xxx">>]}]},
{default_masks, [<<"::0/0">>]}
]}
].
this configuration will effect in such a way that the user with tag customtag will able to connect to rabbitmq server with IP address 172.xx.xx.xxx and all other tags can access from any IP address
sudo service rabbitmq-server restart
PS: As there is no valid link online to configure the rabbitmq_auth_backend_ip_range plugin, so I answered this question with the configuration steps
I installed Rabbitmq (v3.5.6) via brew.
I can use command (/usr/local/Cellar/rabbitmq/sbin/rabbitmq-server) to start server,
and I can use http://localhost:15672/ to browse the management page.
I guess I install Rabbitmq successfully.
I want to change the AMQP port to 5673, and I follow the document,
edit /usr/local/etc/rabbitmq/rabbitmq.config as below, but fail.
[
{rabbit, [{tcp_listeners, [5673]}]}
].
The port still is 5673. However, I can use this file to set mqtt port to 11883 (default 1883).
What happens?
Yes, the file should be
/etc/rabbitmq/rabbitmq.conf
I thing that your problem is that you are not rebooting your server/computer.
To apply the changes in your configuration file you have to reboot your server.
For testing purposes I need ActiveMQ and RabbitMQ running on the same Windows machine. I have both installed, but I can't run them together: I need to stop one service in order to have the other one running.
This is the error I get trying to start RabbitMQ having ActiveMQ running:
=INFO REPORT==== 17-Feb-2015::14:24:00 ===
Error description:
{could_not_start,rabbit,
{bad_return,
{{rabbit,start,[normal,[]]},
{'EXIT',
{rabbit,failure_during_boot,
{boot_step,networking,
{case_clause,
{error,
{{shutdown,
{failed_to_start_child,tcp_listener,
{cannot_listen,{0,0,0,0,0,0,0,0},5672,eacces}}},
{child,undefined,'rabbit_tcp_listener_sup_:::5672',
{tcp_listener_sup,start_link,
[{0,0,0,0,0,0,0,0},
5672,
[inet6,binary,
{packet,raw},
{reuseaddr,true},
{backlog,128},
{nodelay,true},
{linger,{true,0}},
{exit_on_close,false}],
{rabbit_networking,tcp_listener_started,[amqp]},
{rabbit_networking,tcp_listener_stopped,[amqp]},
{rabbit_networking,start_client,[]},
"TCP Listener"]},
transient,infinity,supervisor,
[tcp_listener_sup]}}}}}}}}}}
And this is the error I get trying to start ActiveMQ with RabbitMQ already running:
jvm 1 | INFO | Listening for connections at: tcp://BROKER:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600
jvm 1 | INFO | Connector openwire started
jvm 1 | ERROR | Failed to start Apache ActiveMQ ([localhost, ID:DEV-BROKER01-56290-1424197666199-0:1], java.io.IOException: Transport Connector could not be registered in JMX: java.io.IOException: Failed to bind to server socket: amqp://0.0.0.0:5672?maximumConnections=1000&wireFormat.maxFrameSize=104857600 due to:
java.net.BindException: Address already in use: JVM_Bind)
jvm 1 | INFO | Apache ActiveMQ 5.11.0 (localhost, ID:DEV-BROKER01-56290-1424197666199-0:1) is shutting down
That "Address already in use" is the key I guess.
Any way to sort this out? Thanks
this is the problem:
java.net.BindException: Address already in use: JVM_Bind)
both the brokers use the 5672 port (amqp default port).
just change the port for one broker, for example in rabbitmq check this link:
https://www.rabbitmq.com/configure.html
The configuration file rabbitmq.config allows the RabbitMQ core
application, Erlang services and RabbitMQ plugins to be configured. It
is a standard Erlang configuration file, documented on the Erlang
Config Man Page.
An example configuration file follows:
[
{rabbit, [{tcp_listeners, [5673]}]}
].
This example will the port RabbitMQ listens on from 5672 to 5673.
This configuration file is not the same as rabbitmq-env.conf, which
can be used to set environment variables on non-windows systems.