Skip to main content

Config RabbitMQ

Official Tutorials Index

Opened Port if firewall is used

  • 4369: epmd, a peer discovery service used by RabbitMQ nodes and CLI tools
  • 5672, 5671: used by AMQP 0-9-1 and 1.0 clients without and with TLS
  • 25672: used for inter-node and CLI tools communication (Erlang distribution server port) and is allocated from a dynamic range (limited to a single port by default, computed as AMQP port + 20000). Unless external connections on these ports are really necessary (e.g. the cluster uses federation or CLI tools are used on machines outside the subnet), these ports should not be publicly exposed. See networking guide for details.
  • 35672-35682: used by CLI tools (Erlang distribution client ports) for communication with nodes and is allocated from a dynamic range (computed as server distribution port + 10000 through server distribution port + 10010). See networking guide for details.
  • 15672: HTTP API clients, management UI and rabbitmqadmin (only if the management plugin is enabled)
  • 61613, 61614: STOMP clients without and with TLS (only if the STOMP plugin is enabled)
  • 1883, 8883: MQTT clients without and with TLS, if the MQTT plugin is enabled
  • 15674: STOMP-over-WebSockets clients (only if the Web STOMP plugin is enabled)
  • 15675: MQTT-over-WebSockets clients (only if the Web MQTT plugin is enabled)
  • 15692: Prometheus metrics (only if the Prometheus plugin is enabled)

Users and Permissions

Default User Access

The broker creates a user guest with password guest. Unconfigured clients will in general use these credentials. By default, these credentials can only be used when connecting to the broker as localhost so you will need to take action before connecting from any other machine.

See the documentation on access control for information on how to create more users and delete the guest user.

Adding/Listing/Deleting Users

## Adding Users
# will prompt for password, only use this option interactively
rabbitmqctl add_user "username"

# Password is provided via standard input.
# Note that certain characters such as $, &, &, #, and so on must be escaped to avoid
# special interpretation by the shell.
echo '2a55f70a841f18b97c3a7db939b7adc9e34a0f1b' | rabbitmqctl add_user 'username'

 Password is provided as a command line argument.
# Note that certain characters such as $, &, &, #, and so on must be escaped to avoid
# special interpretation by the shell.
rabbitmqctl add_user 'username' '2a55f70a841f18b97c3a7db939b7adc9e34a0f1b'

## Listing User
rabbitmqctl list_users
rabbitmqctl list_users --formatter=json

## Deleting a user
rabbitmqctl delete_user 'username'

## Verifying a user
rabbitmqctl authenticate_user "a-username" "a-password"

Granting Permissions to a User

# First ".*" for configure permission on every entity
# Second ".*" for write permission on every entity
# Third ".*" for read permission on every entity
rabbitmqctl set_permissions -p "custom-vhost" "username" ".*" ".*" ".*"

## Verifying the permission
# => Listing permissions for vhost "/" ...
# => user    configure   write   read
# => user2   .*  .*  .*
# => guest   .*  .*  .*
# => temp-user   .*  .*  .*
rabbitmqctl list_permissions --vhost /
rabbitmqctl list_permissions --vhost gw1

Clearing Permissions of a User in a Virtual Host

# Revokes permissions in a virtual host
rabbitmqctl clear_permissions -p "custom-vhost" "username"

Operations on Multiple Virtual Hosts

# Assumes a Linux shell.
# Grants a user permissions to all virtual hosts.
for v in $(rabbitmqctl list_vhosts --silent); do rabbitmqctl set_permissions -p $v "a-user" ".*" ".*" ".*"; done

Virtual Hosts

Creating a Virtual Host

## Using CLI Tools
rabbitmqctl add_vhost qa1

## Using HTTP API
curl -u userename:pa$sw0rD -X PUT http://rabbitmq.local:15672/api/vhosts/vh1

Deleting a Virtual Host

## Using CLI Tools
rabbitmqctl delete_vhost qa1

## Using HTTP API
curl -u userename:pa$sw0rD -X DELETE http://rabbitmq.local:15672/api/vhosts/vh1

Operating System Kernel Limits

RabbitMQ nodes are most commonly affected by the maximum open file handle limit. Default limit value on most Linux distributions is usually 1024, which is very low for a messaging broker (or generally, any data service). See Production Checklist for recommended values.

With systemd (Modern Linux Distributions)

新增: /etc/systemd/system/rabbitmq-server.service.d/limits.conf

[Service]
LimitNOFILE=64000

Restart the service

systemctl daemon-reload
systemctl stop rabbitmq-server
systemctl start rabbitmq-server

Verify the change

ps -ef | grep rabbitmq

rabbitmq  460668  460654  0 11:43 ?        00:00:00 erl_child_setup 64000 <====

 

Q & A

How to Find Config File Location

1. Check the Log File

node           : rabbit@example
home dir       : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/advanced.config
               : /etc/rabbitmq/rabbitmq.conf

2. The comand rabbitmq-diagnostics 

rabbitmq-diagnostics status
rabbitmq-diagnostics status -n [node name]

不同平台的路徑位置

Platform Default Configuration File Directory Example Configuration File Paths
Generic binary package $RABBITMQ_HOME/etc/rabbitmq/ $RABBITMQ_HOME/etc/rabbitmq/rabbitmq.conf, $RABBITMQ_HOME/etc/rabbitmq/advanced.config
Debian and Ubuntu /etc/rabbitmq/ /etc/rabbitmq/rabbitmq.conf, /etc/rabbitmq/advanced.config
RPM-based Linux /etc/rabbitmq/ /etc/rabbitmq/rabbitmq.conf, /etc/rabbitmq/advanced.config
Windows %APPDATA%\RabbitMQ\ %APPDATA%\RabbitMQ\rabbitmq.conf, %APPDATA%\RabbitMQ\advanced.config
MacOS Homebrew Formula ${install_prefix}/etc/rabbitmq/, and the Homebrew cellar prefix is usually /usr/local ${install_prefix}/etc/rabbitmq/rabbitmq.conf, ${install_prefix}/etc/rabbitmq/advanced.config