我已经为RabbitMQ rabbitmq.config文件配置了新的端口号,即带有SSL的5671.
现在我要禁用默认端口,即5672.
配置文件如下: -
[
{rabbit, [
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
现在它在端口5671和5672上工作.但是我需要禁用端口5672.给出一些意见或建议.
提前致谢.
小智 23
要禁用标准RabbitMQ 5672端口添加{tcp_listeners, []}到您的rabbitmq.conf:
[
{rabbit, [
{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
它适用于RabbitMQ 3.1.5
看来要禁用新文件格式的非 ssl 侦听,您可以执行以下操作:
listeners.tcp = none
这与其他 3.7 答案具有相同的效果,但无需在 advance.config 中执行此操作。
以下是如何使用RabbitMQ 3.7 中引入的新配置文件格式:
在 rabbitmq.conf 中设置 SSL 侦听器:
listeners.ssl.1 = 5671
ssl_options.cacertfile = /path/to/testca/cacert.pem
ssl_options.certfile = /path/to/server/cert.pem
ssl_options.keyfile = /path/to/server/key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false
在advanced.config 中禁用非SSL 侦听器:
[
{rabbit,
[{tcp_listeners, []}
]}
].