Config RabbitMQ
Official Tutorials Index
Opened Port if firewall is used
- 4369: epmd, a peer discovery service used by RabbitMQ nodes and CLI tools
- 5672, 5671: used by AMQP 0-9-1 and 1.0 clients without and with TLS
- 25672: used for inter-node and CLI tools communication (Erlang distribution server port) and is allocated from a dynamic range (limited to a single port by default, computed as AMQP port + 20000). Unless external connections on these ports are really necessary (e.g. the cluster uses federation or CLI tools are used on machines outside the subnet), these ports should not be publicly exposed. See networking guide for details.
- 35672-35682: used by CLI tools (Erlang distribution client ports) for communication with nodes and is allocated from a dynamic range (computed as server distribution port + 10000 through server distribution port + 10010). See networking guide for details.
- 15672: HTTP API clients, management UI and rabbitmqadmin (only if the management plugin is enabled)
- 61613, 61614: STOMP clients without and with TLS (only if the STOMP plugin is enabled)
- 1883, 8883: MQTT clients without and with TLS, if the MQTT plugin is enabled
- 15674: STOMP-over-WebSockets clients (only if the Web STOMP plugin is enabled)
- 15675: MQTT-over-WebSockets clients (only if the Web MQTT plugin is enabled)
- 15692: Prometheus metrics (only if the Prometheus plugin is enabled)
Listener Port
Change the default port 5672
Edit: /etc/rabbitmq/rabbitmq.conf
## Networking
## ====================
##
## Related doc guide: https://rabbitmq.com/networking.html.
##
## By default, RabbitMQ will listen on all interfaces, using
## the standard (reserved) AMQP 0-9-1 and 1.0 port.
##
# listeners.tcp.default = 5672
listeners.tcp.default = 15690
Restart the RabbitMQ Service
# Using systemctl
systemctl stop rabbitmq-server
systemctl start rabbitmq-server
# Alternatively, using rabbitmqctl
rabbitmqctl stop_app
rabbitmqctl start_app
Users and Permissions
Default User Access
The broker creates a user guest
with password guest
. Unconfigured clients will in general use these credentials. By default, these credentials can only be used when connecting to the broker as localhost so you will need to take action before connecting from any other machine.
See the documentation on access control for information on how to create more users and delete the guest user.
Adding/Listing/Deleting Users
## Adding Users
# will prompt for password, only use this option interactively
rabbitmqctl add_user "username"
# Password is provided via standard input.
# Note that certain characters such as $, &, &, #, and so on must be escaped to avoid
# special interpretation by the shell.
echo '2a55f70a841f18b97c3a7db939b7adc9e34a0f1b' | rabbitmqctl add_user 'username'
Password is provided as a command line argument.
# Note that certain characters such as $, &, &, #, and so on must be escaped to avoid
# special interpretation by the shell.
rabbitmqctl add_user 'username' '2a55f70a841f18b97c3a7db939b7adc9e34a0f1b'
## Listing User
rabbitmqctl list_users
rabbitmqctl list_users --formatter=json
## Deleting a user
rabbitmqctl delete_user 'username'
## Verifying a user
rabbitmqctl authenticate_user "a-username" "a-password"
Granting Permissions to a User
# First ".*" for configure permission on every entity
# Second ".*" for write permission on every entity
# Third ".*" for read permission on every entity
rabbitmqctl set_permissions -p "custom-vhost" "username" ".*" ".*" ".*"
# tag the user with "administrator" for full management UI and HTTP API access
rabbitmqctl set_user_tags username administrator
## Verifying the permission
# => Listing permissions for vhost "/" ...
# => user configure write read
# => user2 .* .* .*
# => guest .* .* .*
# => temp-user .* .* .*
rabbitmqctl list_permissions --vhost /
rabbitmqctl list_permissions --vhost gw1
Clearing Permissions of a User in a Virtual Host
# Revokes permissions in a virtual host
rabbitmqctl clear_permissions -p "custom-vhost" "username"
Operations on Multiple Virtual Hosts
# Assumes a Linux shell.
# Grants a user permissions to all virtual hosts.
for v in $(rabbitmqctl list_vhosts --silent); do rabbitmqctl set_permissions -p $v "a-user" ".*" ".*" ".*"; done
Virtual Hosts
Creating a Virtual Host
## Using CLI Tools
rabbitmqctl add_vhost qa1
## Using HTTP API
curl -u userename:pa$sw0rD -X PUT http://rabbitmq.local:15672/api/vhosts/vh1
Deleting a Virtual Host
## Using CLI Tools
rabbitmqctl delete_vhost qa1
## Using HTTP API
curl -u userename:pa$sw0rD -X DELETE http://rabbitmq.local:15672/api/vhosts/vh1
Kernel Limits
RabbitMQ nodes are most commonly affected by the maximum open file handle limit. Default limit value on most Linux distributions is usually 1024, which is very low for a messaging broker (or generally, any data service). See Production Checklist for recommended values.
With systemd (Modern Linux Distributions)
新增: /etc/systemd/system/rabbitmq-server.service.d/limits.conf
[Service]
LimitNOFILE=64000
Restart the service
systemctl daemon-reload
systemctl stop rabbitmq-server
systemctl start rabbitmq-server
Verify the change
ps -ef | grep rabbitmq
rabbitmq 460668 460654 0 11:43 ? 00:00:00 erl_child_setup 64000 <====
TLS Connection
Q & A
How to Find Config File Location
1. Check the Log File
node : rabbit@example
home dir : /var/lib/rabbitmq
config file(s) : /etc/rabbitmq/advanced.config
: /etc/rabbitmq/rabbitmq.conf
2. The comand rabbitmq-diagnostics
rabbitmq-diagnostics status
rabbitmq-diagnostics status -n [node name]
不同平台的路徑位置
Platform | Default Configuration File Directory | Example Configuration File Paths |
Generic binary package | $RABBITMQ_HOME/etc/rabbitmq/ |
$RABBITMQ_HOME/etc/rabbitmq/rabbitmq.conf, $RABBITMQ_HOME/etc/rabbitmq/advanced.config |
Debian and Ubuntu | /etc/rabbitmq/ |
/etc/rabbitmq/rabbitmq.conf , /etc/rabbitmq/advanced.config |
RPM-based Linux | /etc/rabbitmq/ |
/etc/rabbitmq/rabbitmq.conf , /etc/rabbitmq/advanced.config |
Windows | %APPDATA%\RabbitMQ\ |
%APPDATA%\RabbitMQ\rabbitmq.conf , %APPDATA%\RabbitMQ\advanced.config |
MacOS Homebrew Formula | ${install_prefix}/etc/rabbitmq/ , and the Homebrew cellar prefix is usually /usr/local |
${install_prefix}/etc/rabbitmq/rabbitmq.conf , ${install_prefix}/etc/rabbitmq/advanced.config |