我正在尝试使用 nginx 通过 HTTPS/SSL 访问 RabbitMQ 接口,但我不知道我错过了什么。
这是我的rabbitmq.conf 文件:
[
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
{rabbit, [
{reverse_dns_lookups, true},
{hipe_compile, true},
{tcp_listeners, [5672]},
{ssl_listeners, [5671]},
{ssl_options, [
{cacertfile, "/etc/ssl/certs/CA.pem"},
{certfile, "/etc/nginx/ssl/my_domain.crt"},
{keyfile, "/etc/nginx/ssl/my_domain.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}
]}
]
},
{rabbitmq_management, [
{listener, [
{port, 15671},
{ssl, true},
{ssl_opts, [
{cacertfile, "/etc/ssl/certs/CA.pem"},
{certfile, "/etc/nginx/ssl/my_domain.crt"},
{keyfile, "/etc/nginx/ssl/my_domain.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}
]}
]}
]}
].
重新启动rabbitmq-server后一切正常
我的 nginx 文件如下所示:
location /rabbitmq/ {
if ($request_uri ~* "/rabbitmq/(.*)") {
proxy_pass https://example.com:15671/$1;
}
}
现在,我猜测 ngnix 配置有些问题无法解析 HTTPS URL,因为我在尝试浏览时收到 504 超时错误:
https://example.com/rabbitmq/
显然,这不是正确的 FQDN,但 SSL 证书在没有 /rabbitmq/
的情况下也可以正常工作有人能够通过 FQDN 和 HTTPS 在外部连接上使用 RabbitMQ 管理 Web 界面吗?
我需要在 nginx 配置中创建一个新的“服务器”块专用于 15671 端口吗?
任何帮助将不胜感激!
我最终恢复到默认的rabbitmq.config文件,然后根据我现在找不到的另一个stackoverflow答案将我的nginx配置块修改为以下内容。
location ~* /rabbitmq/api/(.*?)/(.*) {
proxy_pass http://127.0.0.1:15672/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* /rabbitmq/(.*) {
rewrite ^/rabbitmq/(.*)$ /$1 break;
proxy_pass http://127.0.0.1:15672;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
此外,我还对 JS 文件进行了浏览器缓存,这导致了问题,因此已将其禁用。
我将尝试逐段重新启用 SSL,但示例 URL 目前可以正常工作:
https://example.com/rabbitmq/
我尝试了以下nginx.conf
location /rabbitmq/ {
proxy_pass http://rabbitmq/;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
但是我无法获取
queueexchange%2F/我们需要保留API url中的
%2F下面的链接描述了如何保留编码后的url部分并重写它。 Nginx pass_proxy子目录不带url解码
所以我的解决方案是:
location /rabbitmq/api/ {
rewrite ^ $request_uri;
rewrite ^/rabbitmq/api/(.*) /api/$1 break;
return 400;
proxy_pass http://rabbitmq$uri;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /rabbitmq/ {
proxy_pass http://rabbitmq/;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
这对我有用
location /rabbitmq {
proxy_pass http://localhost:15672/;
rewrite ^/rabbitmq/(.*)$ /$1 break;
}
我不必使用任何其他指令。
如果有人正在寻找 Apache (2.4) 的解决方案:
<VirtualHost *:443>
ServerName rabbitmq.your-domain.com
AllowEncodedSlashes NoDecode
... // rest of the settings
<Location "/">
Require all granted
ProxyPass http://localhost:15672/
ProxyPassReverse http://localhost:15672/
</Location>
<Location "/api">
Require all granted
ProxyPass http://localhost:15672/api nocanon
</Location>
</VirtualHost>
其实有2个要素非常重要:
这对我有用,我不需要任何其他标题设置。这是@user3142747 的答案的变体:
location /rabbitmq/ {
# Strip off the "/rabbitmq" prefix
rewrite ^/rabbitmq/(.*) /$1 break;
# Do NOT suffix proxy_pass path with a trailing "/". This allows NGINX to pass the client request completely unchanged.
# - see http://mailman.nginx.org/pipermail/nginx/2009-November/016577.html
proxy_pass $scheme://localhost:15672;
}
我知道可能有点晚了,但 RabbitMQ 有一个子路径配置,你可以使用 Path Prefix
轻松设置它这是一个在 Nginx 代理后面的 docker compose 暴露的 RabbitMQ:
version: "3"
services:
rabbitmq:
hostname: 'rmq'
image: rabbitmq:management
container_name: 'rmq'
restart: always
environment:
- RABBITMQ_DEFAULT_USER=rmq-usr
- RABBITMQ_DEFAULT_PASS=burFPso0ULwPMp_w3lkg4QT6-a2H6
ports:
- "5672:5672"
- "127.0.0.1:15672:15672"
volumes:
- ./data:/var/lib/rabbitmq/
- ./rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf
rabbitmq.conf 文件:
management.path_prefix = /rmq
和 Nginx server.conf 块:
upstream rmq {
server 127.0.0.1:15672 fail_timeout=0;
}
server {
listen 443 ssl http2;
server_name example.com;
error_page 497 https://example.com$request_uri;
ssl_certificate /etc/ssl/certs/example.pem;
ssl_certificate_key /etc/ssl/private/example.key;
location /rmq {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_intercept_errors on;
proxy_buffering off;
proxy_redirect off;
proxy_pass http://rmq;
allow my.trusted.ip.addresses1;
allow my.trusted.ip.addresses2;
deny all;
}
}