rabbitmq问题汇总
1、rabbitmq连不上,Connection reset原因:
- rabbitmq开启了ssl,但是客户端的rabbitmq配置没有开启ssl。
2、看rabbitmq配置的auth_mechanisms没有开启对应的身份验证方式。
rabbitmqctl status 可以看到rabbitmq的配置文件,以及开启的端口。
5671为开启了ssl的端口,5672为没有开启ssl使用的端口。
看mq的配置:
[{rabbit, [
{tcp_listeners, [5672]},
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile, "/data/rabbitmq-3.8.16/etc/rabbitmq/ssl/cacert.pem"},
{certfile,"/data/rabbitmq-3.8.16/etc/rabbitmq/ssl/rabbitmq-server.cert.pem"},
{keyfile,"/data/rabbitmq-3.8.16/etc/rabbitmq/ssl/rabbitmq-server.key.pem"},
{verify, verify_peer},
{fail_if_no_peer_cert, true},
{ciphers, [
"ECDHE-ECDSA-AES256-GCM-SHA384","ECDHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384","ECDHE-RSA-AES256-SHA384",
"ECDHE-ECDSA-DES-CBC3-SHA","ECDH-ECDSA-AES256-GCM-SHA384",
"ECDH-RSA-AES256-GCM-SHA384","ECDH-ECDSA-AES256-SHA384",
"ECDH-RSA-AES256-SHA384","DHE-DSS-AES256-GCM-SHA384",
"DHE-DSS-AES256-SHA256","AES256-GCM-SHA384",
"AES256-SHA256","ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256","ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256","ECDH-ECDSA-AES128-GCM-SHA256",
"ECDH-RSA-AES128-GCM-SHA256","ECDH-ECDSA-AES128-SHA256",
"ECDH-RSA-AES128-SHA256","DHE-DSS-AES128-GCM-SHA256",
"DHE-DSS-AES128-SHA256","AES128-GCM-SHA256",
"AES128-SHA256","ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA","DHE-DSS-AES256-SHA",
"ECDH-ECDSA-AES256-SHA","ECDH-RSA-AES256-SHA",
"AES256-SHA","ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA","DHE-DSS-AES128-SHA",
"ECDH-ECDSA-AES128-SHA","ECDH-RSA-AES128-SHA","AES128-SHA"
]}
]},
{auth_mechanisms,[ 'PLAIN','EXTERNAL']},
{ssl_cert_login_from,common_name}
]}
tcp_listeners:tcp监听的端口,若开启了ssl则这个端口可以不开放。
ssl_listeners:开启ssl监听的端口。
auth_mechanisms:rabbitmq身份认证机制:
RabbitMQ 支持多种身份验证机制,可以根据需要进行配置。以下是一些常见的身份验证机制:
-
PLAIN:这是最常见的身份验证机制,使用明文的用户名和密码进行认证。
-
AMQPLAIN:这是一种使用二进制编码的身份验证机制,使用用户名和密码进行认证。
-
EXTERNAL:这是一种使用客户端提供的外部证书进行认证的身份验证机制。适用于使用 TLS/SSL 连接的客户端。
-
LDAP:这是一种使用 LDAP(轻量级目录访问协议)进行认证的身份验证机制,可以与现有的 LDAP 目录集成。
-
OAUTH2:这是一种使用 OAuth 2.0 进行认证的身份验证机制,适用于与 OAuth 2.0 服务器集成。