RabbitMQ connection through Nginx

Question

I am trying to setup rabbitmq it can be accessed externally (from non-localhost) through nginx.

nginx-rabbitmq.conf:

server {
    listen       5672;
    server_name  x.x.x.x;
    location / {
        proxy_pass http://localhost:55672/;
    }
}

rabbitmq.conf:

[
 {rabbit,
  [
   {tcp_listeners, [{"127.0.0.1", 55672}]}
  ]
 }
]

By default guest user can only interact from localhost, so we need to create another user with required permissions, like so:

sudo rabbitmqctl add_user my_user my_password
sudo rabbitmqctl set_permissions my_user ".*" ".*" ".*"

However, when I attempt a connection to rabbitmq through pika I get ConnectionClosed exception

import pika
credentials = pika.credentials.PlainCredentials('my_username', 'my_password')
pika.BlockingConnection(
    pika.ConnectionParameters(host=ip_address, port=55672, credentials=credentials)
)

--[raises ConnectionClosed exception]--

If I use the same parameters but change host to localhost and port to 5672 then I connect ok: pika.ConnectionParameters(host=ip_address, port=55672, credentials=credentials)

I have opened port 5672 on the GCE web console, and communication through nginx is happening: nginx access.log file shows

[30/Apr/2014:22:59:41 +0000] "AMQP\x00\x00\x09\x01" 400 172 "-" "-" "-"

Which shows a 400 status code response (bad request).

So by the looks the request fails when going through nginx, but works when we request rabbitmq directly.

Has anyone else had similar problems/got rabbitmq working for external users through nginx? Is there a rabbitmq log file where I can see each request and help further troubleshooting?

Answer 1

Since nginx 1.9 there is stream module for the tcp or udp (not compiled with by default).

I configured my nginx (1.13.3) with ssl stream

stream {
    upstream rabbitmq_backend {
        server rabbitmq.server:5672
    }

    server {
        listen      5671 ssl;

        ssl_protocols           TLSv1.2 TLSv1.1 TLSv1;
        ssl_ciphers             RC4:HIGH:!aNULL:!MD5;
        ssl_handshake_timeout   30s;

        ssl_certificate       /path/to.crt;
        ssl_certificate_key   /path/to.key;

        proxy_connect_timeout 1s;
        proxy_pass rabbitmq_backend;
    }
}

https://docs.nginx.com/nginx/admin-guide/security-controls/terminating-ssl-tcp/

Answer 2

You have configured nginx as an HTTP reverse proxy, however rabbitmq is configured to use the AMQP protocol (see description of tcp_listeners at https://www.rabbitmq.com/configure.html)

In order for nginx to do anything meaningful you will need to reconfigure rabbitmq to use HTTP - for example http://www.rabbitmq.com/web-stomp.html.

Of course, this may have a ripple effect because any clients that are accessing rabbitmq via AMQP must be reconfigured/redesigned to use HTTP.

Answer 3

You can try and proxy to tcp, installing a tcp-proxy module for nginx to work with AMQP.

https://github.com/yaoweibin/nginx_tcp_proxy_module

Give it a go.