Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misc fixes #1

Open
wants to merge 3 commits into
base: old-docker-poc
Choose a base branch
from
Open

Misc fixes #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2ceaa29
Misc fixes
lukebakken Apr 24, 2024
514bbdd
More fixes
lukebakken Apr 24, 2024
ea6fde4
No need for `match_fun`
lukebakken Apr 24, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
39 changes: 30 additions & 9 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,35 +1,56 @@
.PHONY: all
all: setup start

.PHONY: perms
perms:
sudo chown -R "$$(id -u):$$(id -g)" .

.PHONY: setup
setup:
@echo "Setup git submodules"
git submodule update --init
@echo "Setup certificates"
cd ./tls-gen/basic; \
make CN=rabbitmq.mydomain.local
make -C $(CURDIR)/tls-gen/basic CN=rabbitmq.mydomain.local
chmod 666 $(CURDIR)/tls-gen/basic/result/*
sudo chown root:root $(CURDIR)/docker/config/00-rabbitmq-sudo

.PHONY: start
start:
docker compose up --build

.PHONY: stop
stop:
docker compose down

.PHONY: start_recreated
start_recreated:
docker compose up --build --force-recreate

.PHONY: test_erlang25_rmq312
test_erlang25:
openssl s_client -connect localhost:25272 || true
test_erlang25_rmq312:
echo Q | openssl s_client -connect localhost:25272 \
-CAfile $(CURDIR)/tls-gen/basic/result/ca_certificate.pem \
-cert $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_certificate.pem \
-key $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_key.pem \
-servername rabbitmq.mydomain.local

.PHONY: test_erlang26_rmq312
test_erlang26:
openssl s_client -connect localhost:26272 || true
test_erlang26_rmq312:
echo Q | openssl s_client -connect localhost:26272 \
-CAfile $(CURDIR)/tls-gen/basic/result/ca_certificate.pem \
-cert $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_certificate.pem \
-key $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_key.pem \
-servername rabbitmq.mydomain.local

.PHONY: test_erlang26_rmq313
test_erlang26:
openssl s_client -connect localhost:36272 || true
test_erlang26_rmq313:
echo Q | openssl s_client -connect localhost:36272 \
-CAfile $(CURDIR)/tls-gen/basic/result/ca_certificate.pem \
-cert $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_certificate.pem \
-key $(CURDIR)/tls-gen/basic/result/client_rabbitmq.mydomain.local_key.pem \
-servername rabbitmq.mydomain.local

.PHONY: clean
clean:
docker compose down
cd tls_gen && git clean -xfd
cd tls-gen && git clean -xfd
15 changes: 6 additions & 9 deletions docker-compose.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,23 +7,24 @@ services:
ERLANG_VERSION: 1:25.3.2.11-1
container_name: rabbitmq312-erlang25
hostname: rabbitmq.mydomain.com
environment:
ERL_SSL_PATH: /usr/lib/erlang/lib/ssl-10.9.1.3/ebin
ports:
- "2572:5672"
- "2571:5671"
- "25171:15671"
- "25172:15672"
- "25272:25672"
volumes: &rabbitmq_volumes
- ./docker/config/00-rabbitmq-sudo:/etc/sudoers.d/00-rabbitmq-sudo:ro
- ./docker/config/advanced.config:/etc/rabbitmq/advanced.config:ro
- ./docker/config/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
- ./docker/config/rabbitmq-env.conf:/etc/rabbitmq/rabbitmq-env.conf:ro
- ./docker/config/inter_node_tls.config:/etc/rabbitmq/inter_node_tls.config:ro
- ./docker/config/management_definitions.json:/etc/rabbitmq/management_definitions.json:ro
- ./tls-gen/basic/result/server_rabbitmq.mydomain.local_certificate.pem:/etc/rabbitmq/tls/rabbitmq.crt:ro
- ./tls-gen/basic/result/server_rabbitmq.mydomain.local_key.pem:/etc/rabbitmq/tls/rabbitmq.key:ro
- ./tls-gen/basic/result/ca_certificate.pem:/etc/rabbitmq/tls/rabbitmq.ca:ro
- ./tls-gen/basic/result/server_rabbitmq.mydomain.local_certificate.pem:/etc/rabbitmq/tls/server_rabbitmq.pem:ro
- ./tls-gen/basic/result/server_rabbitmq.mydomain.local_key.pem:/etc/rabbitmq/tls/server_rabbitmq.key:ro
- ./tls-gen/basic/result/client_rabbitmq.mydomain.local_certificate.pem:/etc/rabbitmq/tls/client_rabbitmq.pem:ro
- ./tls-gen/basic/result/client_rabbitmq.mydomain.local_key.pem:/etc/rabbitmq/tls/client_rabbitmq.key:ro
- ./tls-gen/basic/result/ca_certificate.pem:/etc/rabbitmq/tls/ca_certificate.pem:ro

rabbitmq312-erlang26:
build:
Expand All @@ -33,8 +34,6 @@ services:
ERLANG_VERSION: 1:26.2.4-1
container_name: rabbitmq312-erlang26
hostname: rabbitmq.mydomain.com
environment:
ERL_SSL_PATH: /usr/lib/erlang/lib/ssl-11.1.3/ebin
ports:
- "2672:5672"
- "2671:5671"
Expand All @@ -51,8 +50,6 @@ services:
ERLANG_VERSION: 1:26.2.4-1
container_name: rabbitmq313-erlang26
hostname: rabbitmq.mydomain.com
environment:
ERL_SSL_PATH: /usr/lib/erlang/lib/ssl-11.1.3/ebin
ports:
- "3672:5672"
- "3671:5671"
Expand Down
9 changes: 7 additions & 2 deletions docker/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,11 @@ RUN apt-get update && \
apt-get install -y \
curl \
gnupg \
vim-tiny \
sudo \
iputils-ping \
apt-transport-https


RUN curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | apt-key add \
&& \
curl -1sLf https://dl.cloudsmith.io/public/rabbitmq/rabbitmq-server/gpg.9F4587F226208342.key | apt-key add \
Expand All @@ -32,6 +34,8 @@ Pin: version ${RABBITMQ_VERSION} \n\
Pin-Priority: 1001 \n\
" > /etc/apt/preferences.d/rabbitmq

ENV ELIXIR_ERL_OPTIONS="+fnu"

RUN apt-get install -y \
erlang=${ERLANG_VERSION} \
erlang-asn1=${ERLANG_VERSION} \
Expand All @@ -41,7 +45,8 @@ RUN apt-get install -y \
rabbitmq-server=${RABBITMQ_VERSION}

RUN rabbitmq-plugins enable --offline rabbitmq_management
RUN groupadd admin && usermod --groups admin --append rabbitmq

WORKDIR /var/lib/rabbitmq
USER rabbitmq
ENTRYPOINT ["rabbitmq-server"]
ENTRYPOINT ["rabbitmq-server"]
1 change: 1 addition & 0 deletions docker/config/00-rabbitmq-sudo
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
rabbitmq ALL=(ALL) NOPASSWD: ALL
23 changes: 9 additions & 14 deletions docker/config/inter_node_tls.config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,17 @@
[
{server, [
{cacertfile, "/etc/rabbitmq/tls/rabbitmq.ca"},
{certfile, "/etc/rabbitmq/tls/rabbitmq.crt"},
{keyfile, "/etc/rabbitmq/tls/rabbitmq.key"},
{cacertfile, "/etc/rabbitmq/tls/ca_certificate.pem"},
{certfile, "/etc/rabbitmq/tls/server_rabbitmq.pem"},
{keyfile, "/etc/rabbitmq/tls/server_rabbitmq.key"},
{secure_renegotiate, true},
{verify, verify_peer},
{fail_if_no_peer_cert, true},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}
{fail_if_no_peer_cert, true}
]},
{client, [
{cacertfile, "/etc/rabbitmq/tls/rabbitmq.ca"},
{certfile, "/etc/rabbitmq/tls/rabbitmq.crt"},
{keyfile, "/etc/rabbitmq/tls/rabbitmq.key"},
{verify, verify_peer},
{customize_hostname_check, [
{match_fun, public_key:pkix_verify_hostname_match_fun(https)}
]}
{cacertfile, "/etc/rabbitmq/tls/ca_certificate.pem"},
{certfile, "/etc/rabbitmq/tls/client_rabbitmq.pem"},
{keyfile, "/etc/rabbitmq/tls/client_rabbitmq.key"},
{secure_renegotiate, true},
{verify, verify_none}
]}
].
21 changes: 9 additions & 12 deletions docker/config/rabbitmq-env.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,10 @@
#!/bin/sh
# set -x
export ELIXIR_ERL_OPTIONS="+fnu"
USE_LONGNAME=true
RABBITMQ_USE_LONGNAME=true
NODENAME=rabbit@$HOSTNAME
RABBITMQ_NODENAME=rabbit@$HOSTNAME
HOME=/var/lib/rabbitmq
SERVER_ADDITIONAL_ERL_ARGS="
-pa $ERL_SSL_PATH
-proto_dist inet_tls
-ssl_dist_optfile /etc/rabbitmq/inter_node_tls.config"
RABBITMQ_CTL_ERL_ARGS="
-pa $ERL_SSL_PATH
-proto_dist inet_tls
-ssl_dist_optfile /etc/rabbitmq/inter_node_tls.config"
NODENAME="rabbit@$HOSTNAME"
HOME='/var/lib/rabbitmq'
eval "$(erl -noinput -eval 'io:format("ERL_SSL_PATH=~s~n", [filename:dirname(code:which(inet_tls_dist))])' -s init stop)"
SERVER_ADDITIONAL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter_node_tls.config"
CTL_ERL_ARGS="-pa $ERL_SSL_PATH -proto_dist inet_tls -ssl_dist_optfile /etc/rabbitmq/inter_node_tls.config"
RABBITMQ_CTL_ERL_ARGS="$CTL_ERL_ARGS"
12 changes: 6 additions & 6 deletions docker/config/rabbitmq.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@ log.console = true
## === TLS ===
listeners.tcp = none
listeners.ssl.default = 5671
ssl_options.certfile = /etc/rabbitmq/tls/rabbitmq.crt
ssl_options.keyfile = /etc/rabbitmq/tls/rabbitmq.key
ssl_options.cacertfile = /etc/rabbitmq/tls/rabbitmq.ca
ssl_options.certfile = /etc/rabbitmq/tls/server_rabbitmq.pem
ssl_options.keyfile = /etc/rabbitmq/tls/server_rabbitmq.key
ssl_options.cacertfile = /etc/rabbitmq/tls/ca_certificate.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true
ssl_options.versions.1 = tlsv1.2
Expand All @@ -19,7 +19,7 @@ ssl_options.versions.2 = tlsv1.3

## === Management UI ===
management.ssl.port = 15671
management.ssl.certfile = /etc/rabbitmq/tls/rabbitmq.crt
management.ssl.keyfile = /etc/rabbitmq/tls/rabbitmq.key
management.ssl.cacertfile = /etc/rabbitmq/tls/rabbitmq.ca
management.ssl.certfile = /etc/rabbitmq/tls/server_rabbitmq.pem
management.ssl.keyfile = /etc/rabbitmq/tls/server_rabbitmq.key
management.ssl.cacertfile = /etc/rabbitmq/tls/ca_certificate.pem
management.load_definitions = /etc/rabbitmq/management_definitions.json