Last active
August 31, 2018 17:16
-
-
Save rclayton-the-terrible/5475365 to your computer and use it in GitHub Desktop.
Build and Install RabbitMQ Web Stomp with SSL (from @jshiell's repo).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Make sure you have Mercurial and Git installed | |
| git clone https://github.com/rabbitmq/rabbitmq-public-umbrella.git | |
| cd rabbitmq-public-umbrella | |
| make co | |
| cd rabbitmq-web-stomp | |
| git clone https://github.com/jshiell/rabbitmq-web-stomp.git | |
| make | |
| cd dist | |
| # copy the rabbitmq_web_stomp-0.0.0.ez to rabbitmq-server/plugins directory | |
| # and rename to your server version: | |
| cp rabbitmq_web_stomp-0.0.0.ez \ | |
| /usr/lib/rabbitmq/lib/rabbitmq_server-3.0.1/plugins/rabbitmq_web_stomp-3.0.1.ez |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| {rabbit, [ {tcp_listeners, [5672] }, | |
| {ssl_listeners, [5673] }, | |
| {ssl_options, [ | |
| {cacertfile, "/etc/rabbitmq/ssl/ca/cacert.pem" }, | |
| {certfile, "/etc/rabbitmq/ssl/server/rabbit1.cert.pem" }, | |
| {keyfile, "/etc/rabbitmq/ssl/server/rabbit1.key.pem" }, | |
| {verify, verify_peer}, | |
| {fail_if_no_peer_cert, false }]} | |
| ]}, | |
| {rabbitmq_web_stomp, [ | |
| {ssl_enabled, true}, | |
| {https_port, 15678}, | |
| {ssl_key_file, "/etc/rabbitmq/ssl/server/rabbit1.key.pem"}, | |
| {ssl_key_password, "rabbit"}, | |
| {ssl_ca_certificate_file, "/etc/rabbitmq/ssl/ca/cacert.pem"}, | |
| {ssl_certificate_file, "/etc/rabbitmq/ssl/server/rabbit1.cert.pem"} | |
| ] }, | |
| {kernel, [{inet_dist_listen_min, 9100}, {inet_dist_listen_max, 9105}]} | |
| ]. |
I never got this comment. Did you figure it out?
Working the same issue myself, I can't get a purchased cert to complete the handshake
Same here... How do we get a commercial cert to work in this case? :(
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is it possible to specify a "bundle" certificate file that we also received from CA authority (godaddy)
We tried to add it as SslCertFile but it did not work.
He have the following files (all are PEM i guess):
site.com.crt
gd_bundle.crt
site.com.key
and for apache the config looks like this
SSLCertificateFile site.com.crt
SSLCertificateKeyFile site.com.key
SSLCertificateChainFile gd_bundle.crt
i am guessing we will have to modify this code and maybe change the the certfile param with cacerts:
cowboy:start_listener(https, 100,
cowboy_ssl_transport, [
{port, HttpsPort}, {certfile, SslCertFile},{keyfile, SslKeyFile},
{password, SslKeyPassword},{cacertfile, SslCaCertFile}, {max_connections, HttpsMaxConnections}],
cowboy_http_protocol, [{dispatch, Routes}]),
Could you point us in the right direction please?
Thank you