Unable to connect to RabbitMQ via TLS in AWS

Keywords: RabbitMQ - AWS - Technical issue - Secure Connections (SSL/HTTPS)
bnsupport ID: 9c527537-b94e-cd9a-d238-00b12f0a2855
I am trying to configure RabbitMQ so that services on other EC2 instances within our VPC can connect via TLS. So far, I haven’t been able to connect via TLS (5671), but have been able to connect via TCP (on port 5672). (The connections are made using pika in python).

I think the issue is related to the configuration. The config file at /opt/bitnami/rabbitmq/etc/rabbitmq/rabbitmq.config has been modified to look like this:

  {rabbit, [
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile, "/opt/bitnami/rabbitmq/ca_certificate.pem"},
                    {certfile,   "/opt/bitnami/rabbitmq/server_certificate.pem"},
                    {keyfile,    "/opt/bitnami/rabbitmq/server_key.pem"},
                    {password, "password"},
                    {verify,     verify_peer},
                    {fail_if_no_peer_cert, false}]},
     {tcp_listeners, [5672]},
     {disk_free_limit, {mem_relative, 1.0} },
     {cluster_partition_handling, ignore },
     {default_vhost, <<"/">>},
     {default_user, <<"user">>},
     {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}
    {listener, [{port, 15672 }, {ip, ""}]}

I can connect to RabbitMQ via port 5671 using this config on my local machine. In the RabbitMQ log on my local machine it has a line indicating that it is listening on port 5671:

2020-12-05 22:39:43.434 [info] <0.786.0> started TLS (SSL) listener on [::]:5671

I don’t see this line in the log file on the AWS instance, so I think that I either need to adjust the config for this context, or need to adjust how RabbitMQ is invoked.

Thanks for the help.

Hi @crussell,

Thank you for using Bitnami. The RabbitMQ conf looks fine (https://www.rabbitmq.com/ssl.html), can you confirm you restarted the service after applying the change? I do not see any reference to the port 5671 in the log file as you mentioned.

sudo /opt/bitnami/ctlscript.sh restart

Please note that you also need to open the port in the firewall if you are accessing the app remotely



This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.