Create a container (SSL)#
- First, create a new working directory and prepare your certificate files:
mkdir gcs-rabbit-ssl
cd gcs-secure-rabbit
mkdir certs
# Copy your certificates to gcs-secure-rabbit/certs:
# - ca.crt
# - mid-ca.crt
# - server-001.crt
# - server-001.key
- Set 644 to these certificate
- Create a
rabbitmq.conf (gcs-secure-rabbit/rabbitmq.conf):
# RabbitMQ Configuration File
# Disable non-SSL listeners
listeners.tcp = none
listeners.ssl.default = 5671
# SSL configuration
ssl_options.cacertfile = /etc/rabbitmq/ssl/ca-bundle.crt
ssl_options.certfile = /etc/rabbitmq/ssl/server.crt
ssl_options.keyfile = /etc/rabbitmq/ssl/server.key
ssl_options.verify = verify_peer
ssl_options.depth = 2
ssl_options.fail_if_no_peer_cert = true
# Management SSL configuration
management.ssl.port = 15671
management.ssl.cacertfile = /etc/rabbitmq/ssl/ca-bundle.crt
management.ssl.certfile = /etc/rabbitmq/ssl/server.crt
management.ssl.keyfile = /etc/rabbitmq/ssl/server.key
- Create a
Dockerfile (e.g., gcs-secure-rabbit/DockerFile):
FROM rabbitmq:3.11.10-management
# Create SSL directory
RUN mkdir -p /etc/rabbitmq/ssl
# Copy certificates
COPY ca.crt mid-ca.crt /etc/rabbitmq/ssl/
COPY server-001.crt /etc/rabbitmq/ssl/server.crt
COPY server-001.key /etc/rabbitmq/ssl/server.key
# Create bundle certificate
RUN cat /etc/rabbitmq/ssl/mid-ca.crt /etc/rabbitmq/ssl/ca.crt > /etc/rabbitmq/ssl/ca-bundle.crt
# Copy config file
COPY rabbitmq.conf /etc/rabbitmq/rabbitmq.conf
# Expose SSL ports
EXPOSE 5671 15671
CMD ["rabbitmq-server"]
- Build and run the container:
# Build the image
sudo docker build -t gcs-secure-rabbit:latest .
# Run the container
sudo docker run -d --hostname secure-rabbit --name secure-rabbit \
-p 15671:15671 \
-p 5671:5671 \
--restart always \
gcs-secure-rabbit:latest
- Check the container logs after running it:
sudo docker logs secure-rabbit
See also:#
RabbitMQ Container - HTTP
Upload Docker an Image to ECR