# enable plugins and restart
rabbitmq-plugins enable rabbitmq_management
rabbitmq-plugins enable rabbitmq_mqtt
rabbitmq-plugins enable rabbitmq_web_stomp
rabbitmq-plugins enable rabbitmq_shovel
rabbitmq-plugins enable rabbitmq_management_visualiser
rabbitmq-plugins enable rabbitmq_recent_history_exchange
rabbitmq-plugins enable rabbitmq_top
rabbitmq-plugins enable rabbitmq_tracing
# install and enable mqtt over websockets
cd /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.5/plugins
wget http://www.rabbitmq.com/community-plugins/v3.6.x/rabbitmq_web_mqtt-3.6.x-3b6a09bb.ez
rabbitmq-plugins enable rabbitmq_web_mqtt
/etc/init.d/rabbitmq-server restart
#change default passwrd
rabbitmqctl change_password guest s0m3p4ssw0rd
#configure new user
rabbitmqctl add_user newadmin s0m3p4ssw0rd
rabbitmqctl set_user_tags newadmin administrator
rabbitmqctl set_permissions -p / newadmin ".*" ".*" ".*"
Generate SSL/TLS chain
Edit /etc/rabbitmq/rabbitmq.config
[
{rabbit,
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile, "/opt/rabbitmq-ssl/testca/cacert.pem"},
{certfile, "/opt/rabbitmq-ssl/server/cert.pem"},
{keyfile, "/opt/rabbitmq-ssl/server/key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, false}]}
]},
{rabbitmq_mqtt,
{default_user, <<"guest">>},
{default_pass, <<"guest">>},
{allow_anonymous, true},
{tcp_listeners, [1883]},
{ssl_listeners, [8883]}
]},
].
Restart server
/etc/init.d/rabbitmq-server restart
#Test TLS
openssl s_client -connect 127.0.0.1:5671 -tls1
# Test MQTT
mosquitto_sub -h localhost -v -t '#'
mosquitto_pub -h localhost -t 'test' -m 'msg'
# Test MQTT with TLS
mosquitto_sub -h localhost -p 8883 -v -t '#' \
--key /opt/rabbitmq-ssl/client/key.pem \
--cert /opt/rabbitmq-ssl/client/cert.pem \
--cafile /opt/rabbitmq-ssl/testca/cacert.pem
mosquitto_pub -h localhost -p 8883 -t 'test' -m 'msg' \
--key /opt/rabbitmq-ssl/client/key.pem \
--cert /opt/rabbitmq-ssl/client/cert.pem \
--cafile /opt/rabbitmq-ssl/testca/cacert.pem
No comments:
Post a Comment