dokcer部署rabbitmq | 程序员灯塔

创建工作目录

[root@localhost mongo]# mkdir -p /root/tools/rabbitmq/{data,conf,init}

创建初始用户脚本


[root@localhost init]# cat  /root/tools/rabbitmq/init/init.sh
#!/usr/bin/env bash
echo "Creating rabbitmq users..."
rabbitmqctl add_user root 123456
rabbitmqctl set_user_tags root administrator
rabbitmq-plugins enable rabbitmq_management

echo "rabbitmq users created."

赋予执行权限

[root@localhost init]# chmod +x /root/tools/rabbitmq/init/init.sh

创建配置文件

[root@localhost rabbitmq]# cat docker-compose.yml

version: '3'
services:
  rebbitmq:
    restart: always
    image: rabbitmq:3.5.7
    container_name: rabbitmq
    hostname: rabbitmq
    ports:
      - 5672:5672
      - 15672:15672
    environment:
      RABBITMQ_DEFAULT_USER: username
      RABBITMQ_DEFAULT_PASS: pwd
      TZ: Asia/Shanghai
    volumes:
      - /etc/localtime:/etc/localtime
      - /root/tools/rabbitmq/data:/var/lib/rabbitmq
      - /root/tools/rabbitmq/conf:/etc/rabbitmq
      - /root/tools/rabbitmq/init/:/docker-entrypoint-initdb.d/

创建服务

[root@localhost conf]# docker-compose up -d

执行初始化脚本

[root@localhost conf]# docker exec rabbitmq /docker-entrypoint-initdb.d/init.sh

登录验证

应对安全测评nessus扫描出的问题AMQP Cleartext Authentication

创建docker-compose文件，注意不要设置任何rabbitmq识别的环境变量，否则配置文件rabbitmq.config将会被重写

[root@localhost rabbitmq]# cat docker-compose.yml
version: '3'
services:
  rebbitmq:
    restart: always
    image: rabbitmq:3.5.7
    container_name: rabbitmq
    hostname: rabbitmq
    ports:
      - 5672:5672
      - 15672:15672
    environment:
      TZ: Asia/Shanghai
    volumes:
      - /etc/localtime:/etc/localtime
      - /root/tools/rabbitmq/data:/var/lib/rabbitmq
      - /root/tools/rabbitmq/conf:/etc/rabbitmq
      - /root/tools/rabbitmq/init/:/docker-entrypoint-initdb.d/

增加rabbitmq.config配置文件
[root@localhost conf]# cat rabbitmq.config

[
  {rabbit,
    [
      { tcp_listeners, [ 5672 ] },
      { ssl_listeners, [ ] },
      {default_user, <<"username">>},
      {default_pass, <<"pwd123">>},
       {auth_mechanisms,['EXTERNAL']},
      {loopback_users, []}
    ]
  }
].

启动服务
查看环境变量

root@rabbitmq:/# rabbitmqctl environment
Application environment of node rabbit@rabbitmq ...
[{amqp_client,[{prefer_ipv6,false},{ssl_options,[]}]},
 {inets,[]},
 {kernel,
     [{error_logger,tty},
      {inet_default_connect_options,[{nodelay,true}]},
      {inet_dist_listen_max,25672},
      {inet_dist_listen_min,25672}]},
 {mnesia,[{dir,"/var/lib/rabbitmq/mnesia/rabbit@rabbitmq"}]},
 {mochiweb,[]},
 {os_mon,
     [{start_cpu_sup,false},
      {start_disksup,false},
      {start_memsup,false},
      {start_os_sup,false}]},
 {rabbit,
     [{auth_backends,[rabbit_auth_backend_internal]},
      {auth_mechanisms,['EXTERNAL']},
      {backing_queue_module,rabbit_priority_queue},
      {channel_max,0},
      {cluster_keepalive_interval,10000},
      {cluster_nodes,{[],disc}},

{auth_mechanisms,['EXTERNAL'] 表示使用x509证书对等验证，客户端IP地址范围或类似的带外机制进行身份验证