Skip to content

ginsburgnm/rabbitmq-with-ssl-in-docker

 
 

Repository files navigation

RabbitMQ with SSL Configuration in Docker

RabbitMQ and SSL made easy for tests.

License

This repository aims at building a RabbitMQ container with SSL enabled. Generation of the server certificates, as well as server configuration, are performed during the image's build. A client certificate is generated when a container is created from this image.

It is recommended to mount a volume so that the client certificate can be reached from the host system. Client certificates are generated under the /home/client directory.

To use a dummy image

DO NOT USE THIS FOR PRODUCTION - private certs are baked in; this is purely available for testing purposes.

K cool. warned. ginsburgnm/rabbitmqssl

To build this image

Build with docker like anything else

docker build -t . rabbitmq-ssl

The generated image contains SSL certificates for the server side.

To run this image

mkdir -p /tmp/docker-test \
    && rm -rf /tmp/docker-test/* \
    && docker run -d --rm -p 5672:5672 -v /tmp/docker-test:/home/client rabbitmq-ssl:latest

Here, we bind the port 5672 from the container on port 5672 of the local host. We also share a local directory with the container, to retrieve the client certificate. You can verify client certificates were generated with ls /tmp/docker-test. This directory contains a key store and a trust store, both in the PKCS12 format.

To stop the container

docker stop <container-id> will stop the container. If you kept the --rm option, it will be deleted directly.

To run quick tests

cd tests && ./test.sh

To diagnose troubles

  • Verify the client certificates were correctly generated: ls -l /tmp/docker-test
  • Inspect the container: docker exec -ti <container-id> /bin/bash
  • Check the logs: docker logs <container-id>
  • Verify the SSL connection works: openssl s_client -connect 127.0.0.1:5672 -key /tmp/docker-test/key.pem This last command will result in Verify return code: 19 (self signed certificate in certificate chain), which is normal. We should specify the -CApath, which is inside the Docker container. This test is enough to verify SSL is enabled and the server is reachable from the host system.

Quick overview of the content

  • Dockerfile: the file with instructions to create a Docker image.
  • rabbitmq.conf: the configuration file for RabbitMQ.
  • openssl.cnf: a configuration file used during certificates creation.
  • prepare-server.sh: a script during the generation of the image and that deals with server certificates.
  • generate-client-keys.sh: a script that is run by default when a container is created from this image. It deals with the generation of client certificates.

About

RabbitMQ and SSL made easy for tests

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Shell 84.6%
  • Dockerfile 15.4%