Unmanarc Lightweight HTTPS Web Message Queue
Author: Aaron Mizrachi (unmanarc) <[email protected]>
Main License: LGPLv3
- Manual build guide
- COPR Packages (Fedora/CentOS/RHEL/etc):
- Proceed to activate our repo's and download/install uLightWMQ:
# NOTE: for RHEL7 replace dnf by yum
dnf copr enable amizrachi/unmanarc
dnf -y install uLightWMQ
- Once installed, you can continue by activating/enabling the service:
systemctl enable --now uLightWMQ
- Don't forget to open the firewall:
# Add Website port:
firewall-cmd --zone=public --permanent --add-port 60443/tcp
# Reload Firewall rules
firewall-cmd --reload
- First, replace the ca.crt/web_snakeoil.key/web_snakeoil.crt with your own X.509 certs.
- (re)Start the program in background
- Create certificates for you own endpoints (client X.509 certs)
- Every endpoint should start executing /pop to create their own database.
- put the hostname (in this case webserver) to /etc/hosts or your own DNS.
After that, you can deliver/push messages like this (eg. from alice to bob):
# Alice is only telling bob something (reply is not required):
curl --data-binary "Are you sure?" -H "Content-Type: application/octet-stream" --cert issued/alice.crt --key private/alice.key --cacert ca.crt -v 'https://webserver:60443/push?dst=bob&reqReply=0'
# Alice is asking bob if he is sure about something...
curl --data-binary "Are you sure?" -H "Content-Type: application/octet-stream" --cert issued/alice.crt --key private/alice.key --cacert ca.crt -v 'https://webserver:60443/push?dst=bob&reqReply=1'
# Then, the HTTP response will be the message ID in the bob (dst) queue.
Then, someone can use the /front (or /get) command to get the messages from his queue:
# As bob, Load the private/public key that authenticate with the ca.crt:
curl --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/front?wait=0'
# Front can also receive some other parameters:
# /front?wait=0 > default behaviour: will not wait, if there is no message the connection will return immediatly
# /front?wait=1 > will wait online for some seconds until bob receives a new message in his queue,
# On /front you can also use removeAfterRead for non-answerable messages like this, the message will be immediatle removed:
curl --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/front?removeAfterRead=1&wait=0'
# Also you can use /get to get messages as a list (not as queue)
curl --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/get?msgId=897'
Supposing that the ID is 897 and bob wants to answer the alice "Are you sure?" question, then it can be done with /reply:
# Reply the message by his Id.
curl --data-binary "YES" -H "Content-Type: application/octet-stream" --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/reply?msgId=897'
# after that, the web server will deliver the reply to the listener.
If you want to wait for any reply on any of your sent messages:
# This is the way you get message reply, it will wait (or timeout) until bob answer the message
curl --data-binary "YES" -H "Content-Type: application/octet-stream" --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/waitForReply?msgId=897dst=bob&removeAfterRead=1'
# after that, the message will be displayed and the message registry will be dropped
Finally, For removing a message from my own queue, you can use /remove:
# Removing the message
curl --data-binary "YES" -H "Content-Type: application/octet-stream" --cert issued/bob.crt --key private/bob.key --cacert ca.crt -v 'https://webserver:60443/remove?msgId=109'
First, after you start the server, the user database will be created in /var/lib/ulightwmq/users.db
there you can create users with an alternate authentication method (http basic user/pass).
- first create the SHA256 password:
# Command:
read -s -p 'Pass: ' PASS ; echo; (echo -n $PASS | sha256sum | awk '{print $1}'); PASS=
# Expected Answer for testing123:
## pass:
## b822f1cd2dcfc685b47e83e3980289fd5d8e3ff3a82def24d7d1d68bb272eb32
- then you insert into the database using
sqlite3 /var/lib/ulightwmq/users.db
insert into users(user,hash) values('testing','b822f1cd2dcfc685b47e83e3980289fd5d8e3ff3a82def24d7d1d68bb272eb32');
And now you can use this authentication with every server URL like this (beware that ps may expose your password):
# Pushing a message for bob:
curl --data-binary "Hello Bob" -H "Content-Type: application/octet-stream" --cacert ca.crt -v 'https://testing:testing123@webserver:60443/push?dst=bob'
- For a queue to exist for any other user, you must execute a front or remove operation with the user certificate or password. If not, nobody will be able to send messages to the queue
- Both user/pass and X.509 methods can coexist in the same server
- Both authentications have the same queue backend, you can push using user/pass and retrieve using x509
- libMantids
- openssl
- sqlite3
- cmake3
- C++11 Compatible Compiler (like GCC >=5)