Dar*_*dro 3 https nginx rabbitmq
我正在尝试使用nginx通过HTTPS/SSL访问RabbitMQ接口,我无法弄清楚我缺少什么.
这是我的rabbitmq.conf文件:
[
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
{rabbit, [
{reverse_dns_lookups, true},
{hipe_compile, true},
{tcp_listeners, [5672]},
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile, "/etc/ssl/certs/CA.pem"},
{certfile, "/etc/nginx/ssl/my_domain.crt"},
{keyfile, "/etc/nginx/ssl/my_domain.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}
]}
]
},
{rabbitmq_management, [
{listener, [
{port, 15671},
{ssl, true},
{ssl_opts, [
{cacertfile, "/etc/ssl/certs/CA.pem"},
{certfile, "/etc/nginx/ssl/my_domain.crt"},
{keyfile, "/etc/nginx/ssl/my_domain.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}
]}
]}
]}
].
当我重新启动rabbitmq-server时,一切正常
我的nginx文件如下所示:
location /rabbitmq/ {
if ($request_uri ~* "/rabbitmq/(.*)") {
proxy_pass https://example.com:15671/$1;
}
}
现在,我猜测ngnix配置无法解析HTTPS URL,因为我在尝试浏览时遇到504超时错误:
https://example.com/rabbitmq/
显然,这不是正确的FQDN,但SSL证书在没有/ rabbitmq /的情况下工作正常
有没有人能够通过FQDN和HTTPS在外部连接上使用RabbitMQ管理Web界面?
我是否需要在专用于15671端口的nginx配置中创建新的"服务器"块?
任何帮助将非常感激!
leo*_*zhu 16
我尝试了以下 nginx.conf
location /rabbitmq/ {
proxy_pass http://rabbitmq/;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
但是我无法获得 aqueue或的详细信息exchange。api 调用出现 404 错误。%2F网址中有一个,它是网址编码的/。
我们需要保留%2FAPI url 中的 并将其传递给 rabbitmq。
以下链接描述了如何保留编码的 url 部分并重写它。 没有url解码的Nginx pass_proxy子目录
所以我的解决方案是:
location /rabbitmq/api/ {
rewrite ^ $request_uri;
rewrite ^/rabbitmq/api/(.*) /api/$1 break;
return 400;
proxy_pass http://rabbitmq$uri;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /rabbitmq/ {
proxy_pass http://rabbitmq/;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
Dar*_*dro 12
我最终恢复到默认的rabbitmq.config文件,然后根据我现在找不到的另一个stackoverflow答案修改了我的nginx配置块到下面.
location ~* /rabbitmq/api/(.*?)/(.*) {
proxy_pass http://127.0.0.1:15672/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* /rabbitmq/(.*) {
rewrite ^/rabbitmq/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:15672;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
此外,我有JS文件的浏览器缓存,这导致问题,并已禁用它.
我将尝试逐个重新启用SSL,但现在让示例URL正常工作:
https://example.com/rabbitmq/
这对我有用
location /rabbitmq {
proxy_pass http://localhost:15672/;
rewrite ^/rabbitmq/(.*)$ /$1 break;
}
我不必使用任何其他指令。