RabbitMQ and SSL made easy for tests.
This repository aims at building a RabbitMQ container with SSL enabled. Generation of the server certificates, as well as server configuration, are performed during the image's build. A client certificate is generated when a container is created from this image.
It is recommended to mount a volume so that the client certificate can be reached from the host system. Client certificates are generated under the /home/client directory.
DO NOT USE THIS FOR PRODUCTION - private certs are baked in; this is purely available for testing purposes.
K cool. warned.
ginsburgnm/rabbitmqssl
Build with docker like anything else
docker build -t . rabbitmq-ssl
The generated image contains SSL certificates for the server side.
mkdir -p /tmp/docker-test \
&& rm -rf /tmp/docker-test/* \
&& docker run -d --rm -p 5672:5672 -v /tmp/docker-test:/home/client rabbitmq-ssl:latest
Here, we bind the port 5672 from the container on port 5672 of the local host.
We also share a local directory with the container, to retrieve the client certificate.
You can verify client certificates were generated with ls /tmp/docker-test
. This directory contains
a key store and a trust store, both in the PKCS12 format.
docker stop <container-id>
will stop the container.
If you kept the --rm
option, it will be deleted directly.
cd tests && ./test.sh
- Verify the client certificates were correctly generated:
ls -l /tmp/docker-test
- Inspect the container:
docker exec -ti <container-id> /bin/bash
- Check the logs:
docker logs <container-id>
- Verify the SSL connection works:
openssl s_client -connect 127.0.0.1:5672 -key /tmp/docker-test/key.pem
This last command will result inVerify return code: 19 (self signed certificate in certificate chain)
, which is normal. We should specify the -CApath, which is inside the Docker container. This test is enough to verify SSL is enabled and the server is reachable from the host system.
- Dockerfile: the file with instructions to create a Docker image.
- rabbitmq.conf: the configuration file for RabbitMQ.
- openssl.cnf: a configuration file used during certificates creation.
- prepare-server.sh: a script during the generation of the image and that deals with server certificates.
- generate-client-keys.sh: a script that is run by default when a container is created from this image. It deals with the generation of client certificates.