I am planning to implement SSL connection with RPC structure in RabbitMQ, where I have RPC server and one RPC client. My understanding is not very clear about the SSL certificate exchange in RabbitMQ. I refered https://www.rabbitmq.com/ssl.html before. My questions are:
Do I have to make connection in my RPCServer as well as in RPCClient code?
Will RPCServer and RPCClient both act as my RabbitMQ clients? If yes, then will I have to create different certificates for both?
Please help me on this as soon as possible.
Related
I am designing a system where a huge number of real-time data generated from devices is to be transferred to subscribers preferably over websockets. I have decided to use Spring STOMP Websockets as it was quicker to set-up, understand and had a few things supported out of the box like RabbitMQ and Security. And also because the plan is to use Spring for another REST API so Spring as a choice of tech stack. RabbitMQ is the message broker that I have decided on. However I can not find good amount of guidance on how to scale such a system.
The possible solution I am thinking of is:
To add HAProxy in front of STOMP broker instances and also between
STOMP Brokers and a RabbitMQ cluster, HAProxy will act as a
load-balancer in both cases. Spring STOMP broker will then be pointing to the HAProxy as broker relay host. The requirement is to have high availability and no data loss.
As I do not have prior experience with Websockets, I would like to get guidance on if this solution sounds correct or if there is anything that I am missing here?
Note: In this system, both the message producers and consumers are actually websocket Java clients. I took the sample code from https://github.com/nickebbutt/stomp-websockets-java-client and created two separate clients - One that only sends the messages i.e. device data(Producers) and other that subscribes to these messages(Consumer). Thus both connect using same websocket URL to same STOMP broker. With above system implementation the clients will point to HAProxy for websocket connection.
Just an updated on this, I did experimentation by creating the above set-up and it worked i.e. I was able to connect to websocket stomp server/send/receive data with RabbitMQ broker and use of HAProxy load balancing as described. The broker host/port configured in Spring was pointing to HAProxy which in turn was forwarding requests to RabbitMQ backend. Similarly, the websocket clients were connecting to Spring STOMP websocket server application via HAProxy.
I'm kind of new to these protocols, and just started exploring Message brokers like Apache Apollo and RabbitMQ.
So my broker receives MQTT messages from a publisher. And I would like to convert it into AMQP (preferably) or STOMP protocol to send to a web server. But I've so far been unable to do so.
I looked into RabbitMQ, and tried enabling the MQTT plugin, but when I do load it, I'm unable to start the server.
I was wondering if anyone can guide me here? Is there an API that can help me? And I'm very confused about RabbitMQ. I've been able to load other plugins easily,like stomp, management utilities etc.
I'm 100% sure it is doable. I am doing it right now with robomq.io broker. One cause could be sometimes bugs in your client library restrict you doing so.
Another thing you should be aware of is that internally, RabbitMQ MQTT adapter is mapped into amq.topic exchange by default, so on your STOMP peer, you should subscribe or send to /topic/yourTopic; on your AMQP peer, bind your queue to amq.topic exchange or publish to that exchange.
Follow this example code and documentation to build your client.
If you can't figure out your server, just get a free trial from robomq.io. It saves you time and money.
The development tool I am using is robomq.io broker, producers in Python (AMQP library: pika, MQTT library: paho, STOMP library: stompest), consumer in Node.js (library: amqplib).
Hope it helps!
Well, I'm not sure if this question should be taken down. But if it has to be I leave it to the discretion of the moderators and the stackOverflow community in general.
btw, I use Ubuntu 14.04.
About the RabbitMQ broker
So Mosquitto was running un the background occupying the port 1883 normally used for MQTT. I could have changed the port for RabbitMQ, but decided against it and tried to kill the Mosquitto process. But for some reason, I could NOT.
For now, my quick fix was removing Mosquitto completely and this freed the port, enabling RabbitMQ to use it.
About the protocols
I've used Paho and the RabbitMQ libraries provided to code out simple programs that can publish and receive messages in AMQP/MQTT via the RabbitMQ broker.
(My Googling needs to be better!)
Still haven't converted one to the other. But that shouldn't be too big a step to achieve.
Still would be nice to know if there's an API or something that can help me achieve the conversion in a very simple manner. Of course, if there's not, I'll figure it out ASAP
Any suggestions/comments are heartily welcome. I'm brand new to all this and could really use advice from all you seasoned pros :)
I am trying to use Apache ActiveMQ as my MQTT broker. Everything is straightforward and i can send messages from JMS broker to MQTT client and vice versa.
I've got a question which i couldn't found anywhere. Is there a method or mechanism available which lets MQTT client to define "message selector" like JMS clients and consumers.
Regards,
Sam
The only way for MQTT Clients do decide what Messages to get is by subscriptions.
These can either be a concrete Topic ("Aaaa/Bbbb/Cccc") or a Wildcard Topic string ("aa/#/cc" or "aa/bb/+/cc")
Yes, you can create ACL file in which you can define certain Topics on which client can subscribe...
And you can do one more thing.. you can also define topic on user authentication bases .. it means different users are permitted on different topics accordingly.
I am trying to demonstrate to others that my queue is using SSL, however from the RabbitMQ web management tools there seems to be no distinction over which queues are using SSL and which are not.
Using RabbitMQ management on localhost, I am able to see all my queues. I have set up SSL on port 5671 successfully using the troubleshooting from RabbitMQ website.
Using MassTransit I have configured my incoming bus to use localhost:5671/my_queue_name with a client certificate and all is working successfully - I just can't confirm to others that the queue is secure. If I get a message from the queue using the web management tools, I can read the (JSON) message in plain text. Any ideas how I can prove my messages are secure?
I've attempted using BusDriver to peek the queues but get nothing back (independent of whether is SSL or not).
SSL is used to secure connections, not to encrypt queue contents.
What SSL gives you is that communication from clients to RabbitMQ will be encrypted, so you could theoretically be sure that nobody tampered with your messages.
Also if you need to validate that the sender of the message is a particular user, you could use this RabbitMQ extension: http://www.rabbitmq.com/validated-user-id.html
As the title says - i have 3 servers:
server-1 [wcf services]
server-2 [wcf services]
server-3 [esb using rhino.esb]
So -
server 1 publishes message to server-3 esb
server 2 subscribes to messages from server 1 via server-3 esb
do they all need to be in the same domain or anything?
For security there is no difference between public and private queues - "public" just means published in Active Directory.
Also, you need to differentiate between "different domain" and "different forest". I assume you mean the latter. Two domains in the same forest share the same security database so would not be a problem.
Do not regard Access Control Lists on queues as being a robust form of security. A message can be sent with the SID of any account to get round the queue permissions. Authentication with internel (MSMQ) or external certificates is a much better alternative if security is an issue.
How to send authenticated MSMQ messages without using a domain account
Authenticating MSMQ messages between forests
Cross-forest MSMQ? You need to be trusting
"How do I send MSMQ messages between domains?"
Understanding how MSMQ security blocks RPC traffic
Cheers
John Breakwell
No. But its less secure or more complicated. Depending if you are using no security ( everyone has access) or certificates.
Look at Securing Messages Using Transport Security.
Private queues are just accessed via a TCP port, so there is no need for the hosting server to even be on a domain for the MSMQ queue to be accessible. However, I would recommend that you apply transport-level security at the network layer (i.e. firewalls) to prevent any unauthorised traffic from putting messages on / retrieving from the queues.