diff --git a/rabbitmq-env.conf b/rabbitmq-env.conf index da8357c..4594089 100644 --- a/rabbitmq-env.conf +++ b/rabbitmq-env.conf @@ -5,6 +5,18 @@ # combination. See the clustering on a single machine guide for details: # http://www.rabbitmq.com/clustering.html#single-machine #NODENAME=rabbit +# +# with the default SUSE epmd.socket we need to listen to localhost to +# properly activate the socket activation. In order to switch back to +# the clustering compatible listen to any address, run this prior removing +# this override: +# +# cat < /etc/systemd/system/epmd.socket.d/ports.conf +# [Socket] +# ListenStream= +# ListenStream=[::]:4369 +# EOF +NODENAME=rabbit@localhost # By default RabbitMQ will bind to all interfaces, on IPv4 and IPv6 if # available. Set this if you only want to bind to one network interface or# diff --git a/rabbitmq-server-3.6.16.tar.xz b/rabbitmq-server-3.6.16.tar.xz deleted file mode 100644 index c0e4138..0000000 --- a/rabbitmq-server-3.6.16.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:25b615426dc04863ed763ee92077e8544796f3963a206d3648d280678b069115 -size 1483368 diff --git a/rabbitmq-server-3.7.9.tar.xz b/rabbitmq-server-3.7.9.tar.xz new file mode 100644 index 0000000..7f41771 --- /dev/null +++ b/rabbitmq-server-3.7.9.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:388af73c950cbd38e1774ac7336c8b0a788512ebba6175ea16a674f252f8108d +size 2551456 diff --git a/rabbitmq-server.changes b/rabbitmq-server.changes index 1bf9483..319e7a0 100644 --- a/rabbitmq-server.changes +++ b/rabbitmq-server.changes @@ -1,7 +1,97 @@ +------------------------------------------------------------------- +Tue Jan 8 17:51:59 UTC 2019 - Jan Engelhardt + +- Avoid name repetition in summary. Trim filler wording from + descriptions. + +------------------------------------------------------------------- +Wed Jan 02 08:46:22 UTC 2019 - Gabriele Santomaggio + +- add the 3.7.x command line tools + +------------------------------------------------------------------- +Mon Dec 17 08:07:22 UTC 2018 - Dirk Mueller + +- switch to 3.7.x style rabbitmq-server.conf +- Remove sd_notify dependency and replace with socat as + followup to upstream change in + https://github.com/rabbitmq/rabbitmq-server/pull/666 + +------------------------------------------------------------------- +Sat Dec 15 20:48:46 UTC 2018 - Dirk Mueller + +- listen to localhost only by default to comply to the epmd.socket + which also only listens to localhost (bsc#1087270) + +------------------------------------------------------------------- +Tue Dec 4 12:38:49 UTC 2018 - matwey.kornilov@gmail.com + +- Fix Source0 URL + +------------------------------------------------------------------- +Fri Nov 16 15:36:12 UTC 2018 - matwey.kornilov@gmail.com + +- BuildRequire elixir +- Constrain required erlang versions: + https://www.rabbitmq.com/which-erlang.html (boo#1115169) +- Drop sysexists-in-ocf.patch: upstreamed +- Update to 3.7.9 (fate#322425, bsc#1115466) +- Changes for 3.7.9: + * Bug fixes + * Usability improvements +- Changes for 3.7.8: + * Bug fixes + * Usability improvements +- Changes for 3.7.7: + * Erlang 21 compatibility + * Bug fixes + * Usability improvements +- Changes for 3.7.6: + * Bug fixes + * Usability improvements +- Changes for 3.7.5: + * Bug fixes + * Usability improvements +- Changes for 3.7.4: + * Bug fixes + * Usability improvements +- Changes for 3.7.3: + * Bug fixes + * Usability improvements +- Changes for 3.7.2: + * Bug fix in the HTTP auth backend +- Changes for 3.7.1: + * Bug fixes +- Changes for 3.7.0: + * Minimum required Erlang version is now 19.3 + * Automation-friendly cluster formation + * Distributed management plugin, including minor breaking HTTP API + changes. + * Simpler, ini-style configuration format + * Per-vhost limits + * Operator policies + * Topic-based authorisation + * Cross-protocol Shovel (currently supports AMQP 0.9.1 and AMQP 1.0) + * Command-line tools are extensible via plugins + * Message store multi-tenancy + * Proxy protocol support + * Web STOMP no longer supports WebSocket emulation + * Java and .NET client releases no longer track RabbitMQ server + releases + * .NET client now supports .NET Core. + * Management plugin extensions now must target Cowboy 2.0 + * Java client for RabbitMQ HTTP API + +------------------------------------------------------------------- +Tue Sep 11 06:26:01 UTC 2018 - dmueller@suse.com + +- update config.template to use channel_max to 0 (old default, + mitigate breakage in 3.6.16 change) + ------------------------------------------------------------------- Mon Sep 10 12:46:56 UTC 2018 - dmueller@suse.com -- update to 3.6.16: +- update to 3.6.16 (bsc#1109991): Bug fixes: + Queue master locator min-masters incorrectly calculated the number of masters. + Maximum supported number of queue priorities (255) is now enforced @@ -12,6 +102,12 @@ shuts down or is otherwise considered to be unavailable by peers + Default max number of channels allowed on a connection (a.k.a. channel_max) has been lowered from 65535 to 2047. The new default is much safer and will reduce the effect application channel leaks have on node resource consumption. This is a potentially breaking change. +------------------------------------------------------------------- +Tue Jun 12 09:56:10 UTC 2018 - jtomasiak@suse.com + +- Add sysexits-in-ocf.patch to handle new rabbitmqctl exit codes + (bsc#1093046) + ------------------------------------------------------------------- Mon May 28 13:08:15 UTC 2018 - bwiedemann@suse.com @@ -51,12 +147,12 @@ Wed Dec 13 12:13:03 UTC 2017 - vuntz@suse.com Tue Dec 12 12:26:10 UTC 2017 - ilausuch@suse.com - modified logrotate to use rabbitmqctl to force the creation of the - log file after logrotation + log file after logrotation ------------------------------------------------------------------- Thu Nov 23 13:53:44 UTC 2017 - rbrown@suse.com -- Replace references to /var/adm/fillup-templates with new +- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- @@ -328,7 +424,7 @@ Wed Jan 21 16:12:13 UTC 2015 - dmueller@suse.com * prevent /api/* from returning text/html error messages which could act as an XSS vector (since 2.1.0) * fix response-splitting vulnerability in /api/downloads (since 2.1.0) - * do not trust X-Forwarded-For header when enforcing 'loopback_users' + * do not trust X-Forwarded-For header when enforcing 'loopback_users' (CVE-2014-9494) * disable SSLv3 by default to prevent the POODLE attack @@ -340,7 +436,7 @@ Wed Jan 21 16:12:13 UTC 2015 - dmueller@suse.com ------------------------------------------------------------------- Mon Nov 24 11:52:42 UTC 2014 - dmueller@suse.com -- ignore stop errors in %preun +- ignore stop errors in %preun ------------------------------------------------------------------- Sun Sep 14 17:18:01 UTC 2014 - tbechtold@suse.com @@ -370,7 +466,7 @@ Mon May 5 12:49:05 UTC 2014 - dmueller@suse.com ------------------------------------------------------------------- Wed Apr 30 00:08:33 UTC 2014 - dmueller@suse.com -- do not install init script on systemd distros +- do not install init script on systemd distros ------------------------------------------------------------------- Thu Apr 10 10:25:08 UTC 2014 - matwey.kornilov@gmail.com @@ -413,7 +509,7 @@ Fri Jan 24 09:17:00 UTC 2014 - dmueller@suse.com ------------------------------------------------------------------- Thu Jan 23 12:29:39 UTC 2014 - dmueller@suse.com -- install a config file by default +- install a config file by default add fix-syntax-error-in-example-conf.patch ------------------------------------------------------------------- @@ -432,7 +528,7 @@ Tue Jan 7 09:43:57 UTC 2014 - matwey.kornilov@gmail.com ------------------------------------------------------------------- Fri Sep 20 13:26:43 UTC 2013 - dmueller@suse.com -- fix syntax error in wrapper script +- fix syntax error in wrapper script ------------------------------------------------------------------- Fri Sep 13 19:22:37 UTC 2013 - dmueller@suse.com @@ -636,4 +732,3 @@ Tue Jun 12 00:00:00 CEST 2007 - hubert@lshift.net Mon May 21 00:00:00 CEST 2007 - hubert@lshift.net - Initial build of server library of RabbitMQ package - diff --git a/rabbitmq-server.service b/rabbitmq-server.service index 3b60465..fdda01a 100644 --- a/rabbitmq-server.service +++ b/rabbitmq-server.service @@ -1,7 +1,7 @@ [Unit] Description=RabbitMQ broker -After=syslog.target network.target -Requires=epmd.service +After=syslog.target network.target epmd.service +BindsTo=epmd.service [Service] Type=notify diff --git a/rabbitmq-server.spec b/rabbitmq-server.spec index d17080d..ec41b65 100644 --- a/rabbitmq-server.spec +++ b/rabbitmq-server.spec @@ -1,7 +1,7 @@ # # spec file for package rabbitmq-server # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -33,13 +33,13 @@ %define _make_args DESTDIR="%{buildroot}" PREFIX="%{_prefix}" RMQ_ROOTDIR=%{_rabbit_libdir} RMQ_ERLAPP_DIR=%{_rabbit_erllibdir} MAN_INSTALL_PATH="%{_mandir}" DOC_INSTALL_DIR=%{buildroot}/%{_docdir} VERSION=%{version} V=1 Name: rabbitmq-server -Version: 3.6.16 +Version: 3.7.9 Release: 0 -Summary: The RabbitMQ Server +Summary: A message broker supporting AMQP, STOMP and MQTT License: MPL-1.1 Group: System/Daemons Url: http://www.rabbitmq.com/ -Source: https://github.com/rabbitmq/rabbitmq-server/releases/download/rabbitmq_v3_6_16/rabbitmq-server-%{version}.tar.xz +Source: https://github.com/rabbitmq/rabbitmq-server/releases/download/v%{version}/rabbitmq-server-%{version}.tar.xz Source1: rabbitmq-server.init # This comes from: http://hg.rabbitmq.com/rabbitmq-server/raw-file/2da625c0a436/packaging/common/rabbitmq-script-wrapper Source2: rabbitmq-script-wrapper @@ -49,8 +49,12 @@ Source5: rabbitmq-server.sysconfig Source6: rabbitmq-server.service Source7: rabbitmq-server.tmpfiles.d.conf Source8: README.SUSE -Source9: rabbitmq.config.example -BuildRequires: erlang +# from https://raw.githubusercontent.com/rabbitmq/rabbitmq-server/v3.7.x/docs/rabbitmq.conf.example +Source9: rabbitmq.conf.example +BuildRequires: elixir +# https://www.rabbitmq.com/which-erlang.html +BuildRequires: erlang < 22 +BuildRequires: erlang >= 19.3.6.4 BuildRequires: erlang-src BuildRequires: fdupes BuildRequires: libxslt @@ -74,7 +78,7 @@ Requires(pre): %insserv_prereq BuildRequires: systemd %{?systemd_requires} %define have_systemd 1 -Requires: erlang-sd_notify +Requires: socat %else Requires: %fillup_prereq Requires: %insserv_prereq @@ -83,9 +87,8 @@ Requires: %insserv_prereq #BuildArch: noarch %description -RabbitMQ is an implementation of AMQP, the emerging standard for high -performance enterprise messaging. The RabbitMQ server is a robust and -scalable implementation of an AMQP broker. +RabbitMQ is an implementation of an AMQP broker. AMQP is an emerging +standard for messaging. %package plugins Summary: Plugins for the RabbitMQ server @@ -93,11 +96,10 @@ Group: System/Daemons Requires: rabbitmq-server = %{version} %description plugins -RabbitMQ is an implementation of AMQP, the emerging standard for high -performance enterprise messaging. The RabbitMQ server is a robust and -scalable implementation of an AMQP broker. +RabbitMQ is an implementation of an AMQP broker. AMQP is an emerging +standard for messaging. -This package includes some plugins for the RabbitMQ server +This package includes some plugins for the RabbitMQ server. %package -n erlang-rabbitmq-client Summary: RabbitMQ AMQP language bindings for Erlang @@ -106,9 +108,8 @@ Requires: erlang Provides: erlang-gen_server2 = %{version} %description -n erlang-rabbitmq-client -RabbitMQ is an implementation of AMQP, the emerging standard for high -performance enterprise messaging. The RabbitMQ server is a robust and -scalable implementation of an AMQP broker. +RabbitMQ is an implementation of an AMQP broker. AMQP is an emerging +standard for messaging. This package includes the RabbitMQ AMQP language bindings for Erlang. @@ -117,9 +118,13 @@ This package includes the RabbitMQ AMQP language bindings for Erlang. cp %{SOURCE8} . %build +# Make elixir happy with Unicode +export LANG=en_US.UTF-8 make all %{_make_args} %{?_smp_mflags} %install +# Make elixir happy with Unicode +export LANG=en_US.UTF-8 make install %{_make_args} mkdir -p %{buildroot}%{_sbindir} @@ -143,11 +148,12 @@ sed -i 's|@RABBITMQ_ROOT@|%{_rabbit_erllibdir}/|' %{_rabbit_wrapper} install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmqctl install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmq-server install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmq-plugins +install -p -D -m 0755 %{_rabbit_wrapper} %{buildroot}%{_sbindir}/rabbitmq-diagnostics install -p -D -m 0755 scripts/rabbitmq-server.ocf %{buildroot}%{_exec_prefix}/lib/ocf/resource.d/rabbitmq/rabbitmq-server install -p -D -m 0755 scripts/rabbitmq-server-ha.ocf %{buildroot}%{_exec_prefix}/lib/ocf/resource.d/rabbitmq/rabbitmq-server-ha # install config files -install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.config +install -p -D -m 0644 %{SOURCE9} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq.conf install -p -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/rabbitmq/rabbitmq-env.conf # Copy all necessary lib files etc. @@ -224,6 +230,7 @@ systemd-tmpfiles --create --clean /usr/lib/tmpfiles.d/rabbitmq-server.conf %{_sbindir}/rabbitmq-server %{_sbindir}/rabbitmqctl %{_sbindir}/rcrabbitmq-server +%{_sbindir}/rabbitmq-diagnostics # %dir /usr/lib/ocf/ %dir /usr/lib/ocf/resource.d/ diff --git a/rabbitmq.conf.example b/rabbitmq.conf.example new file mode 100644 index 0000000..71effad --- /dev/null +++ b/rabbitmq.conf.example @@ -0,0 +1,892 @@ +# ====================================== +# RabbitMQ broker section +# ====================================== + +## Related doc guide: http://rabbitmq.com/configure.html. See +## http://rabbitmq.com/documentation.html for documentation ToC. + +## Networking +## ==================== +## +## Related doc guide: http://rabbitmq.com/networking.html. +## +## By default, RabbitMQ will listen on all interfaces, using +## the standard (reserved) AMQP 0-9-1 and 1.0 port. +## +# listeners.tcp.default = 5672 + + +## To listen on a specific interface, provide an IP address with port. +## For example, to listen only on localhost for both IPv4 and IPv6: +## +# IPv4 +# listeners.tcp.local = 127.0.0.1:5672 +# IPv6 +# listeners.tcp.local_v6 = ::1:5672 + +## You can define multiple listeners using listener names +# listeners.tcp.other_port = 5673 +# listeners.tcp.other_ip = 10.10.10.10:5672 + + +## TLS listeners are configured in the same fashion as TCP listeners, +## including the option to control the choice of interface. +## +# listeners.ssl.default = 5671 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# num_acceptors.tcp = 10 +# num_acceptors.ssl = 1 + + +## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection +## and TLS handshake), in milliseconds. +## +# handshake_timeout = 10000 + +## Set to 'true' to perform reverse DNS lookups when accepting a +## connection. Hostnames will then be shown instead of IP addresses +## in rabbitmqctl and the management plugin. +## +# reverse_dns_lookups = true + +## +## Security, Access Control +## ============== +## + +## Related doc guide: http://rabbitmq.com/access-control.html. + +## The default "guest" user is only permitted to access the server +## via a loopback interface (e.g. localhost). +## {loopback_users, [<<"guest">>]}, +## +# loopback_users.guest = true + +## Uncomment the following line if you want to allow access to the +## guest user from anywhere on the network. +# loopback_users.guest = false + +## TLS configuration. +## +## Related doc guide: http://rabbitmq.com/ssl.html. +## +# ssl_options.verify = verify_peer +# ssl_options.fail_if_no_peer_cert = false +# ssl_options.cacertfile = /path/to/cacert.pem +# ssl_options.certfile = /path/to/cert.pem +# ssl_options.keyfile = /path/to/key.pem +# +# ssl_options.honor_cipher_order = true +# ssl_options.honor_ecc_order = true + +# ssl_options.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384 +# ssl_options.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.3 = ECDHE-ECDSA-AES256-SHA384 +# ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384 +# ssl_options.ciphers.5 = ECDH-ECDSA-AES256-GCM-SHA384 +# ssl_options.ciphers.6 = ECDH-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.7 = ECDH-ECDSA-AES256-SHA384 +# ssl_options.ciphers.8 = ECDH-RSA-AES256-SHA384 +# ssl_options.ciphers.9 = DHE-RSA-AES256-GCM-SHA384 +# ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384 +# ssl_options.ciphers.11 = DHE-RSA-AES256-SHA256 +# ssl_options.ciphers.12 = DHE-DSS-AES256-SHA256 +# ssl_options.ciphers.13 = ECDHE-ECDSA-AES128-GCM-SHA256 +# ssl_options.ciphers.14 = ECDHE-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.15 = ECDHE-ECDSA-AES128-SHA256 +# ssl_options.ciphers.16 = ECDHE-RSA-AES128-SHA256 +# ssl_options.ciphers.17 = ECDH-ECDSA-AES128-GCM-SHA256 +# ssl_options.ciphers.18 = ECDH-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.19 = ECDH-ECDSA-AES128-SHA256 +# ssl_options.ciphers.20 = ECDH-RSA-AES128-SHA256 +# ssl_options.ciphers.21 = DHE-RSA-AES128-GCM-SHA256 +# ssl_options.ciphers.22 = DHE-DSS-AES128-GCM-SHA256 +# ssl_options.ciphers.23 = DHE-RSA-AES128-SHA256 +# ssl_options.ciphers.24 = DHE-DSS-AES128-SHA256 +# ssl_options.ciphers.25 = ECDHE-ECDSA-AES256-SHA +# ssl_options.ciphers.26 = ECDHE-RSA-AES256-SHA +# ssl_options.ciphers.27 = DHE-RSA-AES256-SHA +# ssl_options.ciphers.28 = DHE-DSS-AES256-SHA +# ssl_options.ciphers.29 = ECDH-ECDSA-AES256-SHA +# ssl_options.ciphers.30 = ECDH-RSA-AES256-SHA +# ssl_options.ciphers.31 = ECDHE-ECDSA-AES128-SHA +# ssl_options.ciphers.32 = ECDHE-RSA-AES128-SHA +# ssl_options.ciphers.33 = DHE-RSA-AES128-SHA +# ssl_options.ciphers.34 = DHE-DSS-AES128-SHA +# ssl_options.ciphers.35 = ECDH-ECDSA-AES128-SHA +# ssl_options.ciphers.36 = ECDH-RSA-AES128-SHA + +## Select an authentication/authorisation backend to use. +## +## Alternative backends are provided by plugins, such as rabbitmq-auth-backend-ldap. +## +## NB: These settings require certain plugins to be enabled. +## +## Related doc guides: +## +## * http://rabbitmq.com/plugins.html +## * http://rabbitmq.com/access-control.html +## + +# auth_backends.1 = rabbit_auth_backend_internal + +## uses separate backends for authentication and authorisation, +## see below. +# auth_backends.1.authn = rabbit_auth_backend_ldap +# auth_backends.1.authz = rabbit_auth_backend_internal + +## The rabbitmq_auth_backend_ldap plugin allows the broker to +## perform authentication and authorisation by deferring to an +## external LDAP server. +## +## Relevant doc guides: +## +## * http://rabbitmq.com/ldap.html +## * http://rabbitmq.com/access-control.html +## +## uses LDAP for both authentication and authorisation +# auth_backends.1 = rabbit_auth_backend_ldap + +## uses HTTP service for both authentication and +## authorisation +# auth_backends.1 = rabbit_auth_backend_http + +## uses two backends in a chain: HTTP first, then internal +# auth_backends.1 = rabbit_auth_backend_http +# auth_backends.2 = rabbit_auth_backend_internal + +## Authentication +## The built-in mechanisms are 'PLAIN', +## 'AMQPLAIN', and 'EXTERNAL' Additional mechanisms can be added via +## plugins. +## +## Related doc guide: http://rabbitmq.com/authentication.html. +## +# auth_mechanisms.1 = PLAIN +# auth_mechanisms.2 = AMQPLAIN + +## The rabbitmq-auth-mechanism-ssl plugin makes it possible to +## authenticate a user based on the client's x509 (TLS) certificate. +## Related doc guide: http://rabbitmq.com/authentication.html. +## +## To use auth-mechanism-ssl, the EXTERNAL mechanism should +## be enabled: +## +# auth_mechanisms.1 = PLAIN +# auth_mechanisms.2 = AMQPLAIN +# auth_mechanisms.3 = EXTERNAL + +## To force x509 certificate-based authentication on all clients, +## exclude all other mechanisms (note: this will disable password-based +## authentication even for the management UI!): +## +# auth_mechanisms.1 = EXTERNAL + +## This pertains to both the rabbitmq-auth-mechanism-ssl plugin and +## STOMP ssl_cert_login configurations. See the RabbitMQ STOMP plugin +## configuration section later in this file and the README in +## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further +## details. +## +## To use the TLS cert's CN instead of its DN as the username +## +# ssl_cert_login_from = common_name + +## TLS handshake timeout, in milliseconds. +## +# ssl_handshake_timeout = 5000 + + +## Password hashing implementation. Will only affect newly +## created users. To recalculate hash for an existing user +## it's necessary to update her password. +## +## To use SHA-512, set to rabbit_password_hashing_sha512. +## +# password_hashing_module = rabbit_password_hashing_sha256 + +## When importing definitions exported from versions earlier +## than 3.6.0, it is possible to go back to MD5 (only do this +## as a temporary measure!) by setting this to rabbit_password_hashing_md5. +## +# password_hashing_module = rabbit_password_hashing_md5 + +## +## Default User / VHost +## ==================== +## + +## On first start RabbitMQ will create a vhost and a user. These +## config items control what gets created. +## Relevant doc guide: http://rabbitmq.com/access-control.html +## +# default_vhost = / +# default_user = guest +# default_pass = guest + +# default_permissions.configure = .* +# default_permissions.read = .* +# default_permissions.write = .* + +## Tags for default user +## +## For more details about tags, see the documentation for the +## Management Plugin at http://rabbitmq.com/management.html. +## +# default_user_tags.administrator = true + +## Define other tags like this: +# default_user_tags.management = true +# default_user_tags.custom_tag = true + +## +## Additional network and protocol related configuration +## ===================================================== +## + +## Set the default AMQP 0-9-1 heartbeat interval (in seconds). +## Related doc guides: +## +## * http://rabbitmq.com/heartbeats.html +## * http://rabbitmq.com/networking.html +## +# heartbeat = 60 + +## Set the max permissible size of an AMQP frame (in bytes). +## +# frame_max = 131072 + +## Set the max frame size the server will accept before connection +## tuning occurs +## +# initial_frame_max = 4096 + +## Set the max permissible number of channels per connection. +## 0 means "no limit". +## +# channel_max = 128 + +## Customising TCP Listener (Socket) Configuration. +## +## Related doc guides: +## +## * http://rabbitmq.com/networking.html +## * http://www.erlang.org/doc/man/inet.html#setopts-2 +## + +# tcp_listen_options.backlog = 128 +# tcp_listen_options.nodelay = true +# tcp_listen_options.exit_on_close = false +# +# tcp_listen_options.keepalive = true +# tcp_listen_options.send_timeout = 15000 +# +# tcp_listen_options.buffer = 196608 +# tcp_listen_options.sndbuf = 196608 +# tcp_listen_options.recbuf = 196608 + +## +## Resource Limits & Flow Control +## ============================== +## +## Related doc guide: http://rabbitmq.com/memory.html. + +## Memory-based Flow Control threshold. +## +# vm_memory_high_watermark.relative = 0.4 + +## Alternatively, we can set a limit (in bytes) of RAM used by the node. +## +# vm_memory_high_watermark.absolute = 1073741824 + +## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). +## Absolute watermark will be ignored if relative is defined! +## +# vm_memory_high_watermark.absolute = 2GB +## +## Supported units suffixes: +## +## kb, KB: kibibytes (2^10 bytes) +## mb, MB: mebibytes (2^20) +## gb, GB: gibibytes (2^30) + + + +## Fraction of the high watermark limit at which queues start to +## page message out to disc in order to free up memory. +## For example, when vm_memory_high_watermark is set to 0.4 and this value is set to 0.5, +## paging can begin as early as when 20% of total available RAM is used by the node. +## +## Values greater than 1.0 can be dangerous and should be used carefully. +## +## One alternative to this is to use durable queues and publish messages +## as persistent (delivery mode = 2). With this combination queues will +## move messages to disk much more rapidly. +## +## Another alternative is to configure queues to page all messages (both +## persistent and transient) to disk as quickly +## as possible, see http://rabbitmq.com/lazy-queues.html. +## +# vm_memory_high_watermark_paging_ratio = 0.5 + +## Selects Erlang VM memory consumption calculation strategy. Can be `allocated`, `rss` or `legacy` (aliased as `erlang`), +## Introduced in 3.6.11. `rss` is the default as of 3.6.12. +## See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background. +# vm_memory_calculation_strategy = rss + +## Interval (in milliseconds) at which we perform the check of the memory +## levels against the watermarks. +## +# memory_monitor_interval = 2500 + +## The total memory available can be calculated from the OS resources +## - default option - or provided as a configuration parameter. +# total_memory_available_override_value = 2GB + +## Set disk free limit (in bytes). Once free disk space reaches this +## lower bound, a disk alarm will be set - see the documentation +## listed above for more details. +## +## Absolute watermark will be ignored if relative is defined! +# disk_free_limit.absolute = 50000 + +## Or you can set it using memory units (same as in vm_memory_high_watermark) +## with RabbitMQ 3.6.0+. +# disk_free_limit.absolute = 500KB +# disk_free_limit.absolute = 50mb +# disk_free_limit.absolute = 5GB + +## Alternatively, we can set a limit relative to total available RAM. +## +## Values lower than 1.0 can be dangerous and should be used carefully. +# disk_free_limit.relative = 2.0 + +## +## Clustering +## ===================== +## +# cluster_partition_handling = ignore + +## pause_if_all_down strategy require additional configuration +# cluster_partition_handling = pause_if_all_down + +## Recover strategy. Can be either 'autoheal' or 'ignore' +# cluster_partition_handling.pause_if_all_down.recover = ignore + +## Node names to check +# cluster_partition_handling.pause_if_all_down.nodes.1 = rabbit@localhost +# cluster_partition_handling.pause_if_all_down.nodes.2 = hare@localhost + +## Mirror sync batch size, in messages. Increasing this will speed +## up syncing but total batch size in bytes must not exceed 2 GiB. +## Available in RabbitMQ 3.6.0 or later. +## +# mirroring_sync_batch_size = 4096 + +## Make clustering happen *automatically* at startup. Only applied +## to nodes that have just been reset or started for the first time. +## +## Relevant doc guide: http://rabbitmq.com//cluster-formation.html +## + +# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_classic_config +# +# cluster_formation.classic_config.nodes.1 = rabbit1@hostname +# cluster_formation.classic_config.nodes.2 = rabbit2@hostname +# cluster_formation.classic_config.nodes.3 = rabbit3@hostname +# cluster_formation.classic_config.nodes.4 = rabbit4@hostname + +## DNS-based peer discovery. This backend will list A records +## of the configured hostname and perform reverse lookups for +## the addresses returned. + +# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_dns +# cluster_formation.dns.hostname = discovery.eng.example.local + +## This node's type can be configured. If you are not sure +## what node type to use, always use 'disc'. +# cluster_formation.node_type = disc + +## Interval (in milliseconds) at which we send keepalive messages +## to other cluster members. Note that this is not the same thing +## as net_ticktime; missed keepalive messages will not cause nodes +## to be considered down. +## +# cluster_keepalive_interval = 10000 + +## +## Statistics Collection +## ===================== +## + +## Set (internal) statistics collection granularity. +## +## Can be none, coarse or fine +# collect_statistics = none + +# collect_statistics = coarse + +## Statistics collection interval (in milliseconds). Increasing +## this will reduce the load on management database. +## +# collect_statistics_interval = 5000 + +## +## Misc/Advanced Options +## ===================== +## +## NB: Change these only if you understand what you are doing! +## + +## Explicitly enable/disable hipe compilation. +## +# hipe_compile = false + +## Timeout used when waiting for Mnesia tables in a cluster to +## become available. +## +# mnesia_table_loading_retry_timeout = 30000 + +## Retries when waiting for Mnesia tables in the cluster startup. Note that +## this setting is not applied to Mnesia upgrades or node deletions. +## +# mnesia_table_loading_retry_limit = 10 + +## Size in bytes below which to embed messages in the queue index. +## Related doc guide: http://rabbitmq.com/persistence-conf.html +## +# queue_index_embed_msgs_below = 4096 + +## You can also set this size in memory units +## +# queue_index_embed_msgs_below = 4kb + +## Whether or not to enable background periodic forced GC runs for all +## Erlang processes on the node in "waiting" state. +## +## Disabling background GC may reduce latency for client operations, +## keeping it enabled may reduce median RAM usage by the binary heap +## (see https://www.erlang-solutions.com/blog/erlang-garbage-collector.html). +## +## Before trying this option, please take a look at the memory +## breakdown (http://www.rabbitmq.com/memory-use.html). +## +# background_gc_enabled = false + +## Target (desired) interval (in milliseconds) at which we run background GC. +## The actual interval will vary depending on how long it takes to execute +## the operation (can be higher than this interval). Values less than +## 30000 milliseconds are not recommended. +## +# background_gc_target_interval = 60000 + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to AMQP clients, other protocols +## like MQTT or STOMP have their own setting to enable proxy protocol. +## See the plugins documentation for more information. +## +# proxy_protocol = false + +## ---------------------------------------------------------------------------- +## Advanced Erlang Networking/Clustering Options. +## +## Related doc guide: http://rabbitmq.com/clustering.html +## ---------------------------------------------------------------------------- + +# ====================================== +# Kernel section +# ====================================== + +## Timeout used to detect peer unavailability, including CLI tools. +## Related doc guide: https://www.rabbitmq.com/nettick.html. +## +# net_ticktime = 60 + +## Inter-node communication port range. +## Related doc guide: https://www.rabbitmq.com/networking.html#epmd-inet-dist-port-range. +## +# inet_dist_listen_min = 25672 +# inet_dist_listen_max = 25692 + +## ---------------------------------------------------------------------------- +## RabbitMQ Management Plugin +## +## Related doc guide: http://rabbitmq.com/management.html. +## ---------------------------------------------------------------------------- + +# ======================================= +# Management section +# ======================================= + +## Preload schema definitions from the following JSON file. +## Related doc guide: http://rabbitmq.com/management.html#load-definitions. +## +# management.load_definitions = /path/to/exported/definitions.json + +## Log all requests to the management HTTP API to a file. +## +# management.http_log_dir = /path/to/access.log + +## Change the port on which the HTTP listener listens, +## specifying an interface for the web server to bind to. +## Also set the listener to use TLS and provide TLS options. +## + +# management.listener.port = 15672 +# management.listener.ip = 127.0.0.1 +# management.listener.ssl = true + +# management.listener.ssl_opts.cacertfile = /path/to/cacert.pem +# management.listener.ssl_opts.certfile = /path/to/cert.pem +# management.listener.ssl_opts.keyfile = /path/to/key.pem + +## One of 'basic', 'detailed' or 'none'. See +## http://rabbitmq.com/management.html#fine-stats for more details. +# management.rates_mode = basic + +## Configure how long aggregated data (such as message rates and queue +## lengths) is retained. Please read the plugin's documentation in +## http://rabbitmq.com/management.html#configuration for more +## details. +## Your can use 'minute', 'hour' and 'day' keys or integer key (in seconds) +# management.sample_retention_policies.global.minute = 5 +# management.sample_retention_policies.global.hour = 60 +# management.sample_retention_policies.global.day = 1200 + +# management.sample_retention_policies.basic.minute = 5 +# management.sample_retention_policies.basic.hour = 60 + +# management.sample_retention_policies.detailed.10 = 5 + +## ---------------------------------------------------------------------------- +## RabbitMQ Shovel Plugin +## +## Related doc guide: http://rabbitmq.com/shovel.html +## ---------------------------------------------------------------------------- + +## Shovel plugin config example is defined in additional.config file + + +## ---------------------------------------------------------------------------- +## RabbitMQ STOMP Plugin +## +## Related doc guide: http://rabbitmq.com/stomp.html +## ---------------------------------------------------------------------------- + +# ======================================= +# STOMP section +# ======================================= + +## Network Configuration. The format is generally the same as for the core broker. +## +# stomp.listeners.tcp.default = 61613 + +## Same for ssl listeners +## +# stomp.listeners.ssl.default = 61614 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# stomp.num_acceptors.tcp = 10 +# stomp.num_acceptors.ssl = 1 + +## Additional TLS options + +## Extract a name from the client's certificate when using TLS. +## +# stomp.ssl_cert_login = true + +## Set a default user name and password. This is used as the default login +## whenever a CONNECT frame omits the login and passcode headers. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# stomp.default_user = guest +# stomp.default_pass = guest + +## If a default user is configured, or you have configured use TLS client +## certificate based authentication, you can choose to allow clients to +## omit the CONNECT frame entirely. If set to true, the client is +## automatically connected as the default user or user supplied in the +## TLS certificate whenever the first frame sent on a session is not a +## CONNECT frame. +## +# stomp.implicit_connect = true + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to STOMP clients, other protocols +## like MQTT or AMQP have their own setting to enable proxy protocol. +## See the plugins or broker documentation for more information. +## +# stomp.proxy_protocol = false + +## ---------------------------------------------------------------------------- +## RabbitMQ MQTT Adapter +## +## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md +## for details +## ---------------------------------------------------------------------------- + +# ======================================= +# MQTT section +# ======================================= + +## Set the default user name and password used for anonymous connections (when client +## provides no credentials). Anonymous connections are highly discouraged! +## +# mqtt.default_user = guest +# mqtt.default_pass = guest + +## Enable anonymous connections. If this is set to false, clients MUST provide +## credentials in order to connect. See also the mqtt.default_user/mqtt.default_pass +## keys. Anonymous connections are highly discouraged! +## +# mqtt.allow_anonymous = true + +## If you have multiple vhosts, specify the one to which the +## adapter connects. +## +# mqtt.vhost = / + +## Specify the exchange to which messages from MQTT clients are published. +## +# mqtt.exchange = amq.topic + +## Specify TTL (time to live) to control the lifetime of non-clean sessions. +## +# mqtt.subscription_ttl = 1800000 + +## Set the prefetch count (governing the maximum number of unacknowledged +## messages that will be delivered). +## +# mqtt.prefetch = 10 + +## TCP/SSL Configuration (as per the broker configuration). +## +# mqtt.listeners.tcp.default = 1883 + +## Same for ssl listener +## +# mqtt.listeners.ssl.default = 1884 + +## Number of Erlang processes that will accept connections for the TCP +## and TLS listeners. +## +# mqtt.num_acceptors.tcp = 10 +# mqtt.num_acceptors.ssl = 10 + +## TCP listener options (as per the broker configuration). +## +# mqtt.tcp_listen_options.backlog = 128 +# mqtt.tcp_listen_options.nodelay = true + +## Whether or not to enable proxy protocol support. +## Once enabled, clients cannot directly connect to the broker +## anymore. They must connect through a load balancer that sends the +## proxy protocol header to the broker at connection time. +## This setting applies only to STOMP clients, other protocols +## like STOMP or AMQP have their own setting to enable proxy protocol. +## See the plugins or broker documentation for more information. +## +# mqtt.proxy_protocol = false + +## ---------------------------------------------------------------------------- +## RabbitMQ AMQP 1.0 Support +## +## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md. +## ---------------------------------------------------------------------------- + +# ======================================= +# AMQP 1.0 section +# ======================================= + + +## Connections that are not authenticated with SASL will connect as this +## account. See the README for more information. +## +## Please note that setting this will allow clients to connect without +## authenticating! +## +# amqp1_0.default_user = guest + +## Enable protocol strict mode. See the README for more information. +## +# amqp1_0.protocol_strict_mode = false + +## Logging settings. +## +## See http://rabbitmq.com/logging.html and https://github.com/erlang-lager/lager for details. +## + +## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. +## +# log.dir = /var/log/rabbitmq + +## Logging to file. Can be false or a filename. +## Default: +# log.file = rabbit.log + +## To disable logging to a file +# log.file = false + +## Log level for file logging +## +# log.file.level = info + +## File rotation config. No rotation by default. +## DO NOT SET rotation date to ''. Leave the value unset if "" is the desired value +# log.file.rotation.date = $D0 +# log.file.rotation.size = 0 + +## Logging to console (can be true or false) +## +# log.console = false + +## Log level for console logging +## +# log.console.level = info + +## Logging to the amq.rabbitmq.log exchange (can be true or false) +## +# log.exchange = false + +## Log level to use when logging to the amq.rabbitmq.log exchange +## +# log.exchange.level = info + + + +## ---------------------------------------------------------------------------- +## RabbitMQ LDAP Plugin +## +## Related doc guide: http://rabbitmq.com/ldap.html. +## +## ---------------------------------------------------------------------------- + +# ======================================= +# LDAP section +# ======================================= + +## +## Connecting to the LDAP server(s) +## ================================ +## + +## Specify servers to bind to. You *must* set this in order for the plugin +## to work properly. +## +# auth_ldap.servers.1 = your-server-name-goes-here + +## You can define multiple servers +# auth_ldap.servers.2 = your-other-server + +## Connect to the LDAP server using TLS +## +# auth_ldap.use_ssl = false + +## Specify the LDAP port to connect to +## +# auth_ldap.port = 389 + +## LDAP connection timeout, in milliseconds or 'infinity' +## +# auth_ldap.timeout = infinity + +## Or number +# auth_ldap.timeout = 500 + +## Enable logging of LDAP queries. +## One of +## - false (no logging is performed) +## - true (verbose logging of the logic used by the plugin) +## - network (as true, but additionally logs LDAP network traffic) +## +## Defaults to false. +## +# auth_ldap.log = false + +## Also can be true or network +# auth_ldap.log = true +# auth_ldap.log = network + +## +## Authentication +## ============== +## + +## Pattern to convert the username given through AMQP to a DN before +## binding +## +# auth_ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com + +## Alternatively, you can convert a username to a Distinguished +## Name via an LDAP lookup after binding. See the documentation for +## full details. + +## When converting a username to a dn via a lookup, set these to +## the name of the attribute that represents the user name, and the +## base DN for the lookup query. +## +# auth_ldap.dn_lookup_attribute = userPrincipalName +# auth_ldap.dn_lookup_base = DC=gopivotal,DC=com + +## Controls how to bind for authorisation queries and also to +## retrieve the details of users logging in without presenting a +## password (e.g., SASL EXTERNAL). +## One of +## - as_user (to bind as the authenticated user - requires a password) +## - anon (to bind anonymously) +## - {UserDN, Password} (to bind with a specified user name and password) +## +## Defaults to 'as_user'. +## +# auth_ldap.other_bind = as_user + +## Or can be more complex: +# auth_ldap.other_bind.user_dn = User +# auth_ldap.other_bind.password = Password + +## If user_dn and password defined - other options is ignored. + +# ----------------------------- +# Too complex section of LDAP +# ----------------------------- + +## +## Authorisation +## ============= +## + +## The LDAP plugin can perform a variety of queries against your +## LDAP server to determine questions of authorisation. +## +## Related doc guide: http://rabbitmq.com/ldap.html#authorisation. + +## Following configuration should be defined in additional.config file +## DO NOT UNCOMMENT THIS LINES! + +## Set the query to use when determining vhost access +## +## {vhost_access_query, {in_group, +## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, + +## Set the query to use when determining resource (e.g., queue) access +## +## {resource_access_query, {constant, true}}, + +## Set queries to determine which tags a user has +## +## {tag_queries, []} +# ]}, +# ----------------------------- diff --git a/rabbitmq.config.example b/rabbitmq.config.example deleted file mode 100644 index 1a55401..0000000 --- a/rabbitmq.config.example +++ /dev/null @@ -1,594 +0,0 @@ -%% -*- mode: erlang -*- -%% ---------------------------------------------------------------------------- -%% RabbitMQ Sample Configuration File. -%% -%% See http://www.rabbitmq.com/configure.html for details. -%% ---------------------------------------------------------------------------- -[ - {rabbit, - [%% - %% Network Connectivity - %% ==================== - %% - - %% By default, RabbitMQ will listen on all interfaces, using - %% the standard (reserved) AMQP port. - %% - %% {tcp_listeners, [5672]}, - - %% To listen on a specific interface, provide a tuple of {IpAddress, Port}. - %% For example, to listen only on localhost for both IPv4 and IPv6: - %% - %% {tcp_listeners, [{"127.0.0.1", 5672}, - %% {"::1", 5672}]}, - - %% SSL listeners are configured in the same fashion as TCP listeners, - %% including the option to control the choice of interface. - %% - %% {ssl_listeners, [5671]}, - - %% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection - %% and SSL handshake), in milliseconds. - %% - %% {handshake_timeout, 10000}, - - %% Log levels (currently just used for connection logging). - %% One of 'debug', 'info', 'warning', 'error' or 'none', in decreasing - %% order of verbosity. Defaults to 'info'. - %% - %% {log_levels, [{connection, info}, {channel, info}]}, - - %% Set to 'true' to perform reverse DNS lookups when accepting a - %% connection. Hostnames will then be shown instead of IP addresses - %% in rabbitmqctl and the management plugin. - %% - %% {reverse_dns_lookups, true}, - - %% - %% Security / AAA - %% ============== - %% - - %% The default "guest" user is only permitted to access the server - %% via a loopback interface (e.g. localhost). - %% {loopback_users, [<<"guest">>]}, - %% - %% Uncomment the following line if you want to allow access to the - %% guest user from anywhere on the network. - %% {loopback_users, []}, - - %% Configuring SSL. - %% See http://www.rabbitmq.com/ssl.html for full documentation. - %% - %% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"}, - %% {certfile, "/path/to/server/cert.pem"}, - %% {keyfile, "/path/to/server/key.pem"}, - %% {verify, verify_peer}, - %% {fail_if_no_peer_cert, false}]}, - - %% Choose the available SASL mechanism(s) to expose. - %% The two default (built in) mechanisms are 'PLAIN' and - %% 'AMQPLAIN'. Additional mechanisms can be added via - %% plugins. - %% - %% See http://www.rabbitmq.com/authentication.html for more details. - %% - %% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']}, - - %% Select an authentication database to use. RabbitMQ comes bundled - %% with a built-in auth-database, based on mnesia. - %% - %% {auth_backends, [rabbit_auth_backend_internal]}, - - %% Configurations supporting the rabbitmq_auth_mechanism_ssl and - %% rabbitmq_auth_backend_ldap plugins. - %% - %% NB: These options require that the relevant plugin is enabled. - %% See http://www.rabbitmq.com/plugins.html for further details. - - %% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to - %% authenticate a user based on the client's SSL certificate. - %% - %% To use auth-mechanism-ssl, add to or replace the auth_mechanisms - %% list with the entry 'EXTERNAL'. - %% - %% {auth_mechanisms, ['EXTERNAL']}, - - %% The rabbitmq_auth_backend_ldap plugin allows the broker to - %% perform authentication and authorisation by deferring to an - %% external LDAP server. - %% - %% For more information about configuring the LDAP backend, see - %% http://www.rabbitmq.com/ldap.html. - %% - %% Enable the LDAP auth backend by adding to or replacing the - %% auth_backends entry: - %% - %% {auth_backends, [rabbit_auth_backend_ldap]}, - - %% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and - %% STOMP ssl_cert_login configurations. See the rabbitmq_stomp - %% configuration section later in this file and the README in - %% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further - %% details. - %% - %% To use the SSL cert's CN instead of its DN as the username - %% - %% {ssl_cert_login_from, common_name}, - - %% SSL handshake timeout, in milliseconds. - %% - %% {ssl_handshake_timeout, 5000}, - - %% - %% Default User / VHost - %% ==================== - %% - - %% On first start RabbitMQ will create a vhost and a user. These - %% config items control what gets created. See - %% http://www.rabbitmq.com/access-control.html for further - %% information about vhosts and access control. - %% - %% {default_vhost, <<"/">>}, - %% {default_user, <<"guest">>}, - %% {default_pass, <<"guest">>}, - %% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]}, - - %% Tags for default user - %% - %% For more details about tags, see the documentation for the - %% Management Plugin at http://www.rabbitmq.com/management.html. - %% - %% {default_user_tags, [administrator]}, - - %% - %% Additional network and protocol related configuration - %% ===================================================== - %% - - %% Set the default AMQP heartbeat delay (in seconds). - %% - %% {heartbeat, 600}, - - %% Set the max permissible size of an AMQP frame (in bytes). - %% - %% {frame_max, 131072}, - - %% Set the max permissible number of channels per connection. - %% 0 means "no limit". - %% - %% {channel_max, 128}, - - %% Customising Socket Options. - %% - %% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for - %% further documentation. - %% - %% {tcp_listen_options, [binary, - %% {packet, raw}, - %% {reuseaddr, true}, - %% {backlog, 128}, - %% {nodelay, true}, - %% {exit_on_close, false}]}, - - %% - %% Resource Limits & Flow Control - %% ============================== - %% - %% See http://www.rabbitmq.com/memory.html for full details. - - %% Memory-based Flow Control threshold. - %% - %% {vm_memory_high_watermark, 0.4}, - - %% Alternatively, we can set a limit (in bytes) of RAM used by the node. - %% - %% {vm_memory_high_watermark, {absolute, 1073741824}}, - - %% Fraction of the high watermark limit at which queues start to - %% page message out to disc in order to free up memory. - %% - %% {vm_memory_high_watermark_paging_ratio, 0.5}, - - %% Set disk free limit (in bytes). Once free disk space reaches this - %% lower bound, a disk alarm will be set - see the documentation - %% listed above for more details. - %% - %% {disk_free_limit, 50000000}, - - %% Alternatively, we can set a limit relative to total available RAM. - %% - %% {disk_free_limit, {mem_relative, 1.0}}, - - %% - %% Misc/Advanced Options - %% ===================== - %% - %% NB: Change these only if you understand what you are doing! - %% - - %% To announce custom properties to clients on connection: - %% - %% {server_properties, []}, - - %% How to respond to cluster partitions. - %% See http://www.rabbitmq.com/partitions.html for further details. - %% - %% {cluster_partition_handling, ignore}, - - %% Make clustering happen *automatically* at startup - only applied - %% to nodes that have just been reset or started for the first time. - %% See http://www.rabbitmq.com/clustering.html#auto-config for - %% further details. - %% - %% {cluster_nodes, {['rabbit@my.host.com'], disc}}, - - %% Interval (in milliseconds) at which we send keepalive messages - %% to other cluster members. Note that this is not the same thing - %% as net_ticktime; missed keepalive messages will not cause nodes - %% to be considered down. - %% - %% {cluster_keepalive_interval, 10000}, - - %% Set (internal) statistics collection granularity. - %% - %% {collect_statistics, none}, - - %% Statistics collection interval (in milliseconds). - %% - %% {collect_statistics_interval, 5000}, - - %% Explicitly enable/disable hipe compilation. - %% - %% {hipe_compile, true}, - - %% Timeout used when waiting for Mnesia tables in a cluster to - %% become available. - %% - %% {mnesia_table_loading_timeout, 30000}, - - %% Size in bytes below which to embed messages in the queue index. See - %% http://www.rabbitmq.com/persistence-conf.html - %% - %% {queue_index_embed_msgs_below, 4096} - - ]}, - - %% ---------------------------------------------------------------------------- - %% Advanced Erlang Networking/Clustering Options. - %% - %% See http://www.rabbitmq.com/clustering.html for details - %% ---------------------------------------------------------------------------- - {kernel, - [%% Sets the net_kernel tick time. - %% Please see http://erlang.org/doc/man/kernel_app.html and - %% http://www.rabbitmq.com/nettick.html for further details. - %% - %% {net_ticktime, 60} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ Management Plugin - %% - %% See http://www.rabbitmq.com/management.html for details - %% ---------------------------------------------------------------------------- - - {rabbitmq_management, - [%% Pre-Load schema definitions from the following JSON file. See - %% http://www.rabbitmq.com/management.html#load-definitions - %% - %% {load_definitions, "/path/to/schema.json"}, - - %% Log all requests to the management HTTP API to a file. - %% - %% {http_log_dir, "/path/to/access.log"}, - - %% Change the port on which the HTTP listener listens, - %% specifying an interface for the web server to bind to. - %% Also set the listener to use SSL and provide SSL options. - %% - %% {listener, [{port, 12345}, - %% {ip, "127.0.0.1"}, - %% {ssl, true}, - %% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"}, - %% {certfile, "/path/to/cert.pem"}, - %% {keyfile, "/path/to/key.pem"}]}]}, - - %% One of 'basic', 'detailed' or 'none'. See - %% http://www.rabbitmq.com/management.html#fine-stats for more details. - %% {rates_mode, basic}, - - %% Configure how long aggregated data (such as message rates and queue - %% lengths) is retained. Please read the plugin's documentation in - %% http://www.rabbitmq.com/management.html#configuration for more - %% details. - %% - %% {sample_retention_policies, - %% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]}, - %% {basic, [{60, 5}, {3600, 60}]}, - %% {detailed, [{10, 5}]}]} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ Shovel Plugin - %% - %% See http://www.rabbitmq.com/shovel.html for details - %% ---------------------------------------------------------------------------- - - {rabbitmq_shovel, - [{shovels, - [%% A named shovel worker. - %% {my_first_shovel, - %% [ - - %% List the source broker(s) from which to consume. - %% - %% {sources, - %% [%% URI(s) and pre-declarations for all source broker(s). - %% {brokers, ["amqp://user:password@host.domain/my_vhost"]}, - %% {declarations, []} - %% ]}, - - %% List the destination broker(s) to publish to. - %% {destinations, - %% [%% A singular version of the 'brokers' element. - %% {broker, "amqp://"}, - %% {declarations, []} - %% ]}, - - %% Name of the queue to shovel messages from. - %% - %% {queue, <<"your-queue-name-goes-here">>}, - - %% Optional prefetch count. - %% - %% {prefetch_count, 10}, - - %% when to acknowledge messages: - %% - no_ack: never (auto) - %% - on_publish: after each message is republished - %% - on_confirm: when the destination broker confirms receipt - %% - %% {ack_mode, on_confirm}, - - %% Overwrite fields of the outbound basic.publish. - %% - %% {publish_fields, [{exchange, <<"my_exchange">>}, - %% {routing_key, <<"from_shovel">>}]}, - - %% Static list of basic.properties to set on re-publication. - %% - %% {publish_properties, [{delivery_mode, 2}]}, - - %% The number of seconds to wait before attempting to - %% reconnect in the event of a connection failure. - %% - %% {reconnect_delay, 2.5} - - %% ]} %% End of my_first_shovel - ]} - %% Rather than specifying some values per-shovel, you can specify - %% them for all shovels here. - %% - %% {defaults, [{prefetch_count, 0}, - %% {ack_mode, on_confirm}, - %% {publish_fields, []}, - %% {publish_properties, [{delivery_mode, 2}]}, - %% {reconnect_delay, 2.5}]} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ Stomp Adapter - %% - %% See http://www.rabbitmq.com/stomp.html for details - %% ---------------------------------------------------------------------------- - - {rabbitmq_stomp, - [%% Network Configuration - the format is generally the same as for the broker - - %% Listen only on localhost (ipv4 & ipv6) on a specific port. - %% {tcp_listeners, [{"127.0.0.1", 61613}, - %% {"::1", 61613}]}, - - %% Listen for SSL connections on a specific port. - %% {ssl_listeners, [61614]}, - - %% Additional SSL options - - %% Extract a name from the client's certificate when using SSL. - %% - %% {ssl_cert_login, true}, - - %% Set a default user name and password. This is used as the default login - %% whenever a CONNECT frame omits the login and passcode headers. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, [{login, "guest"}, - %% {passcode, "guest"}]}, - - %% If a default user is configured, or you have configured use SSL client - %% certificate based authentication, you can choose to allow clients to - %% omit the CONNECT frame entirely. If set to true, the client is - %% automatically connected as the default user or user supplied in the - %% SSL certificate whenever the first frame sent on a session is not a - %% CONNECT frame. - %% - %% {implicit_connect, true} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ MQTT Adapter - %% - %% See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md - %% for details - %% ---------------------------------------------------------------------------- - - {rabbitmq_mqtt, - [%% Set the default user name and password. Will be used as the default login - %% if a connecting client provides no other login details. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, <<"guest">>}, - %% {default_pass, <<"guest">>}, - - %% Enable anonymous access. If this is set to false, clients MUST provide - %% login information in order to connect. See the default_user/default_pass - %% configuration elements for managing logins without authentication. - %% - %% {allow_anonymous, true}, - - %% If you have multiple chosts, specify the one to which the - %% adapter connects. - %% - %% {vhost, <<"/">>}, - - %% Specify the exchange to which messages from MQTT clients are published. - %% - %% {exchange, <<"amq.topic">>}, - - %% Specify TTL (time to live) to control the lifetime of non-clean sessions. - %% - %% {subscription_ttl, 1800000}, - - %% Set the prefetch count (governing the maximum number of unacknowledged - %% messages that will be delivered). - %% - %% {prefetch, 10}, - - %% TCP/SSL Configuration (as per the broker configuration). - %% - %% {tcp_listeners, [1883]}, - %% {ssl_listeners, []}, - - %% TCP/Socket options (as per the broker configuration). - %% - %% {tcp_listen_options, [binary, - %% {packet, raw}, - %% {reuseaddr, true}, - %% {backlog, 128}, - %% {nodelay, true}]} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ AMQP 1.0 Support - %% - %% See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md - %% for details - %% ---------------------------------------------------------------------------- - - {rabbitmq_amqp1_0, - [%% Connections that are not authenticated with SASL will connect as this - %% account. See the README for more information. - %% - %% Please note that setting this will allow clients to connect without - %% authenticating! - %% - %% {default_user, "guest"}, - - %% Enable protocol strict mode. See the README for more information. - %% - %% {protocol_strict_mode, false} - ]}, - - %% ---------------------------------------------------------------------------- - %% RabbitMQ LDAP Plugin - %% - %% See http://www.rabbitmq.com/ldap.html for details. - %% - %% ---------------------------------------------------------------------------- - - {rabbitmq_auth_backend_ldap, - [%% - %% Connecting to the LDAP server(s) - %% ================================ - %% - - %% Specify servers to bind to. You *must* set this in order for the plugin - %% to work properly. - %% - %% {servers, ["your-server-name-goes-here"]}, - - %% Connect to the LDAP server using SSL - %% - %% {use_ssl, false}, - - %% Specify the LDAP port to connect to - %% - %% {port, 389}, - - %% LDAP connection timeout, in milliseconds or 'infinity' - %% - %% {timeout, infinity}, - - %% Enable logging of LDAP queries. - %% One of - %% - false (no logging is performed) - %% - true (verbose logging of the logic used by the plugin) - %% - network (as true, but additionally logs LDAP network traffic) - %% - %% Defaults to false. - %% - %% {log, false}, - - %% - %% Authentication - %% ============== - %% - - %% Pattern to convert the username given through AMQP to a DN before - %% binding - %% - %% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"}, - - %% Alternatively, you can convert a username to a Distinguished - %% Name via an LDAP lookup after binding. See the documentation for - %% full details. - - %% When converting a username to a dn via a lookup, set these to - %% the name of the attribute that represents the user name, and the - %% base DN for the lookup query. - %% - %% {dn_lookup_attribute, "userPrincipalName"}, - %% {dn_lookup_base, "DC=gopivotal,DC=com"}, - - %% Controls how to bind for authorisation queries and also to - %% retrieve the details of users logging in without presenting a - %% password (e.g., SASL EXTERNAL). - %% One of - %% - as_user (to bind as the authenticated user - requires a password) - %% - anon (to bind anonymously) - %% - {UserDN, Password} (to bind with a specified user name and password) - %% - %% Defaults to 'as_user'. - %% - %% {other_bind, as_user}, - - %% - %% Authorisation - %% ============= - %% - - %% The LDAP plugin can perform a variety of queries against your - %% LDAP server to determine questions of authorisation. See - %% http://www.rabbitmq.com/ldap.html#authorisation for more - %% information. - - %% Set the query to use when determining vhost access - %% - %% {vhost_access_query, {in_group, - %% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, - - %% Set the query to use when determining resource (e.g., queue) access - %% - %% {resource_access_query, {constant, true}}, - - %% Set queries to determine which tags a user has - %% - %% {tag_queries, []} - ]} -].