Unable to connect to RabbitMQ via TLS in AWS

Keywords: RabbitMQ - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 9c527537-b94e-cd9a-d238-00b12f0a2855
Description:
I am trying to configure RabbitMQ so that services on other EC2 instances within our VPC can connect via TLS. So far, I haven’t been able to connect via TLS (5671), but have been able to connect via TCP (on port 5672). (The connections are made using pika in python).

I think the issue is related to the configuration. The config file at /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.config has been modified to look like this:

[
  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile, "/opt/bitnami/rabbitmq/ca_certificate.pem"},
                    {certfile,   "/opt/bitnami/rabbitmq/server_certificate.pem"},
                    {keyfile,    "/opt/bitnami/rabbitmq/server_key.pem"},
                    {password, "password"},
                    {verify,     verify_peer},
                    {fail_if_no_peer_cert, false}]},
     {tcp_listeners, [5672]},
     {disk_free_limit, {mem_relative, 1.0} },
     {cluster_partition_handling, ignore },
     {default_vhost, <<"/">>},
     {default_user, <<"user">>},
     {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}
    ]
 },
 {rabbitmq_management,
  [
    {listener, [{port, 15672 }, {ip, "0.0.0.0"}]}
  ]
 }
].

I can connect to RabbitMQ via port 5671 using this config on my local machine. In the RabbitMQ log on my local machine it has a line indicating that it is listening on port 5671:

2020-12-05 22:39:43.434 [info] <0.786.0> started TLS (SSL) listener on [::]:5671

I don’t see this line in the log file on the AWS instance, so I think that I either need to adjust the config for this context, or need to adjust how RabbitMQ is invoked.

Thanks for the help.

Hi @crussell,

Thank you for using Bitnami. The RabbitMQ conf looks fine (https://www.rabbitmq.com/ssl.html), can you confirm you restarted the service after applying the change? I do not see any reference to the port 5671 in the log file as you mentioned.

sudo /opt/bitnami/ctlscript.sh restart

Please note that you also need to open the port in the firewall if you are accessing the app remotely

https://docs.bitnami.com/aws/faq/administration/use-firewall/

Thanks

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.