Sunday, January 11, 2015

Sample config for rabbitmq_auth_mechanism_ssl that works

This is a sample rabbitmq.config for enabling both client-side certificate and ssl authentication.

[
    {rabbit, [{auth_mechanisms, ['EXTERNAL']},
              {ssl_listeners, [5671]},
              {ssl_cert_login_from, common_name},
              {ssl_options, [{cacertfile,"/path/to/ca-cert"},
                             {certfile,"/path/to/client-cert"},
                             {keyfile,"/path/to/client-key"},
                             {verify,verify_peer},
                             {fail_if_no_peer_cert,true}                           
              ]}  
    ]}  
].

Notes:
  1. Make sure that you enabled rabbitmq_auth_mechanism_ssl plugin with 
    rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl. It will be target for the EXTERNAL auth mechanim.
  2.  In your process of creating client certificate, set your rabbitmq client username as CN. i.e. CN=client_username. You don't need to provide client's login name anymore when creating rabbitmq connection in your client code.
Tested with RabbitMQ version 3.4.2

Wednesday, January 7, 2015

[Docker] Look inside running container

docker exec -t -i <container-name> /bin/bash

For looking inside an image, use

docker run -t -i <image-name> /bin/bash

Config number of file descriptors on Linux

Check file descriptor limit for a process. Vary depending on owner of the process $ cat /proc/{process-id}/limits Check current number of...