# ====================================== # RabbbitMQ broker section # ====================================== ## Network Connectivity ## ==================== ## ## By default, RabbitMQ will listen on all interfaces, using ## the standard (reserved) AMQP port. ## # listeners.tcp.default = 5672 ## To listen on a specific interface, provide an IP address with port. ## For example, to listen only on localhost for both IPv4 and IPv6: ## # IPv4 # listeners.tcp.local = 127.0.0.1:5672 # IPv6 # listeners.tcp.local_v6 = ::1:5672 ## You can define multiple listeners using listener names # listeners.tcp.other_port = 5673 # listeners.tcp.other_ip = 10.10.10.10:5672 ## SSL listeners are configured in the same fashion as TCP listeners, ## including the option to control the choice of interface. ## # listeners.ssl.default = 5671 ## Number of Erlang processes that will accept connections for the TCP ## and SSL listeners. ## # num_acceptors.tcp = 10 # num_acceptors.ssl = 1 ## Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection ## and SSL handshake), in milliseconds. ## # handshake_timeout = 10000 ## Set to 'true' to perform reverse DNS lookups when accepting a ## connection. Hostnames will then be shown instead of IP addresses ## in rabbitmqctl and the management plugin. ## # reverse_dns_lookups = true ## ## Security / AAA ## ============== ## ## The default "guest" user is only permitted to access the server ## via a loopback interface (e.g. localhost). ## {loopback_users, [<<"guest">>]}, ## # loopback_users.guest = true ## Uncomment the following line if you want to allow access to the ## guest user from anywhere on the network. # loopback_users.guest = false ## Configuring SSL. ## See http://www.rabbitmq.com/ssl.html for full documentation. ## # ssl_options.verify = verify_peer # ssl_options.fail_if_no_peer_cert = false # ssl_options.cacertfile = /path/to/cacert.pem # ssl_options.certfile = /path/to/cert.pem # ssl_options.keyfile = /path/to/key.pem ## Select an authentication/authorisation backend to use. ## ## Alternative backends are provided by plugins, such as rabbitmq-auth-backend-ldap. ## ## NB: These settings require certain plugins to be enabled. ## See http://www.rabbitmq.com/plugins.html and http://rabbitmq.com/access-control.html ## for details. # auth_backends.1 = rabbit_auth_backend_internal ## uses separate backends for authentication and authorisation, ## see below. # auth_backends.1.authn = rabbit_auth_backend_ldap # auth_backends.1.authz = rabbit_auth_backend_internal ## The rabbitmq_auth_backend_ldap plugin allows the broker to ## perform authentication and authorisation by deferring to an ## external LDAP server. ## ## For more information about configuring the LDAP backend, see ## http://www.rabbitmq.com/ldap.html and http://rabbitmq.com/access-control.html. ## ## uses LDAP for both authentication and authorisation # auth_backends.1 = rabbit_auth_backend_ldap ## uses HTTP service for both authentication and ## authorisation # auth_backends.1 = rabbit_auth_backend_http ## uses two backends in a chain: HTTP first, then internal # auth_backends.1 = rabbit_auth_backend_http # auth_backends.2 = rabbit_auth_backend_internal ## Authentication ## The built-in mechanisms are 'PLAIN', ## 'AMQPLAIN', and 'EXTERNAL' Additional mechanisms can be added via ## plugins. ## ## See http://www.rabbitmq.com/authentication.html for more details. ## # auth_mechanisms.1 = PLAIN # auth_mechanisms.2 = AMQPLAIN ## The rabbitmq-auth-mechanism-ssl plugin makes it possible to ## authenticate a user based on the client's x509 (TLS) certificate. ## See http://www.rabbitmq.com/authentication.html for more info. ## ## To use auth-mechanism-ssl, the EXTERNAL mechanism should ## be enabled: ## # auth_mechanisms.1 = PLAIN # auth_mechanisms.2 = AMQPLAIN # auth_mechanisms.3 = EXTERNAL ## To force x509 certificate-based authentication on all clients, ## exclude all other mechanisms (note: this will disable password-based ## authentication even for the management UI!): ## # auth_mechanisms.1 = EXTERNAL ## This pertains to both the rabbitmq-auth-mechanism-ssl plugin and ## STOMP ssl_cert_login configurations. See the rabbitmq_stomp ## configuration section later in this file and the README in ## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further ## details. ## ## To use the SSL cert's CN instead of its DN as the username ## # ssl_cert_login_from = common_name ## SSL handshake timeout, in milliseconds. ## # ssl_handshake_timeout = 5000 ## Password hashing implementation. Will only affect newly ## created users. To recalculate hash for an existing user ## it's necessary to update her password. ## ## To use SHA-512, set to rabbit_password_hashing_sha512. ## # password_hashing_module = rabbit_password_hashing_sha256 ## When importing definitions exported from versions earlier ## than 3.6.0, it is possible to go back to MD5 (only do this ## as a temporary measure!) by setting this to rabbit_password_hashing_md5. ## # password_hashing_module = rabbit_password_hashing_md5 ## ## Default User / VHost ## ==================== ## ## On first start RabbitMQ will create a vhost and a user. These ## config items control what gets created. See ## http://www.rabbitmq.com/access-control.html for further ## information about vhosts and access control. ## # default_vhost = / # default_user = guest # default_pass = guest # default_permissions.configure = .* # default_permissions.read = .* # default_permissions.write = .* ## Tags for default user ## ## For more details about tags, see the documentation for the ## Management Plugin at http://www.rabbitmq.com/management.html. ## # default_user_tags.administrator = true ## Define other tags like this: # default_user_tags.management = true # default_user_tags.custom_tag = true ## ## Additional network and protocol related configuration ## ===================================================== ## ## Set the default AMQP 0-9-1 heartbeat interval (in seconds). ## See http://rabbitmq.com/heartbeats.html for more details. ## # heartbeat = 600 ## Set the max permissible size of an AMQP frame (in bytes). ## # frame_max = 131072 ## Set the max frame size the server will accept before connection ## tuning occurs ## # initial_frame_max = 4096 ## Set the max permissible number of channels per connection. ## 0 means "no limit". ## # channel_max = 128 ## Customising Socket Options. ## ## See (http://www.erlang.org/doc/man/inet.html#setopts-2) for ## further documentation. ## # tcp_listen_options.backlog = 128 # tcp_listen_options.nodelay = true # tcp_listen_options.exit_on_close = false ## ## Resource Limits & Flow Control ## ============================== ## ## See http://www.rabbitmq.com/memory.html for full details. ## Memory-based Flow Control threshold. ## # vm_memory_high_watermark.relative = 0.4 ## Alternatively, we can set a limit (in bytes) of RAM used by the node. ## # vm_memory_high_watermark.absolute = 1073741824 ## Or you can set absolute value using memory units (with RabbitMQ 3.6.0+). ## Absolute watermark will be ignored if relative is defined! ## # vm_memory_high_watermark.absolute = 2GB ## ## Supported units suffixes: ## ## kb, KB: kibibytes (2^10 bytes) ## mb, MB: mebibytes (2^20) ## gb, GB: gibibytes (2^30) ## Fraction of the high watermark limit at which queues start to ## page message out to disc in order to free up memory. ## ## Values greater than 0.9 can be dangerous and should be used carefully. ## # vm_memory_high_watermark_paging_ratio = 0.5 ## Interval (in milliseconds) at which we perform the check of the memory ## levels against the watermarks. ## # memory_monitor_interval = 2500 ## Set disk free limit (in bytes). Once free disk space reaches this ## lower bound, a disk alarm will be set - see the documentation ## listed above for more details. ## ## Absolute watermark will be ignored if relative is defined! # disk_free_limit.absolute = 50000 ## Or you can set it using memory units (same as in vm_memory_high_watermark) ## with RabbitMQ 3.6.0+. # disk_free_limit.absolute = 500KB # disk_free_limit.absolute = 50mb # disk_free_limit.absolute = 5GB ## Alternatively, we can set a limit relative to total available RAM. ## ## Values lower than 1.0 can be dangerous and should be used carefully. # disk_free_limit.relative = 2.0 ## ## Clustering ## ===================== ## # cluster_partition_handling = ignore ## pause_if_all_down strategy require additional configuration # cluster_partition_handling = pause_if_all_down ## Recover strategy. Can be either 'autoheal' or 'ignore' # cluster_partition_handling.pause_if_all_down.recover = ignore ## Node names to check # cluster_partition_handling.pause_if_all_down.nodes.1 = rabbit@localhost # cluster_partition_handling.pause_if_all_down.nodes.2 = hare@localhost ## Mirror sync batch size, in messages. Increasing this will speed ## up syncing but total batch size in bytes must not exceed 2 GiB. ## Available in RabbitMQ 3.6.0 or later. ## # mirroring_sync_batch_size = 4096 ## Make clustering happen *automatically* at startup - only applied ## to nodes that have just been reset or started for the first time. ## See http://www.rabbitmq.com/clustering.html#auto-config for ## further details. ## # cluster_nodes.disc.rabbit = rabbit@my.host.com ## You can define multiple nodes # cluster_nodes.disc.hare = hare@my.host.com ## There can be also ram nodes. ## Ram nodes should not be defined together with disk nodes # cluster_nodes.ram.rabbit = rabbit@my.host.com ## Interval (in milliseconds) at which we send keepalive messages ## to other cluster members. Note that this is not the same thing ## as net_ticktime; missed keepalive messages will not cause nodes ## to be considered down. ## # cluster_keepalive_interval = 10000 ## ## Statistics Collection ## ===================== ## ## Set (internal) statistics collection granularity. ## ## Can be none, coarse or fine # collect_statistics = none # collect_statistics = coarse ## Statistics collection interval (in milliseconds). Increasing ## this will reduce the load on management database. ## # collect_statistics_interval = 5000 ## ## Misc/Advanced Options ## ===================== ## ## NB: Change these only if you understand what you are doing! ## ## Explicitly enable/disable hipe compilation. ## # hipe_compile = false ## Timeout used when waiting for Mnesia tables in a cluster to ## become available. ## # mnesia_table_loading_timeout = 30000 ## Size in bytes below which to embed messages in the queue index. See ## http://www.rabbitmq.com/persistence-conf.html ## # queue_index_embed_msgs_below = 4096 ## You can also set this size in memory units ## # queue_index_embed_msgs_below = 4kb ## ---------------------------------------------------------------------------- ## Advanced Erlang Networking/Clustering Options. ## ## See http://www.rabbitmq.com/clustering.html for details ## ---------------------------------------------------------------------------- # ====================================== # Kernel section # ====================================== # kernel.net_ticktime = 60 ## ---------------------------------------------------------------------------- ## RabbitMQ Management Plugin ## ## See http://www.rabbitmq.com/management.html for details ## ---------------------------------------------------------------------------- # ======================================= # Management section # ======================================= ## Pre-Load schema definitions from the following JSON file. See ## http://www.rabbitmq.com/management.html#load-definitions ## # management.load_definitions = /path/to/schema.json ## Log all requests to the management HTTP API to a file. ## # management.http_log_dir = /path/to/access.log ## Change the port on which the HTTP listener listens, ## specifying an interface for the web server to bind to. ## Also set the listener to use SSL and provide SSL options. ## # QA: Maybe use IP type like in tcp_listener? # management.listeners.port = 12345 # management.listeners.ip = 127.0.0.1 # management.listeners.ssl = true # management.listeners.ssl_opts.cacertfile = /path/to/cacert.pem # management.listeners.ssl_opts.certfile = /path/to/cert.pem # management.listeners.ssl_opts.keyfile = /path/to/key.pem ## One of 'basic', 'detailed' or 'none'. See ## http://www.rabbitmq.com/management.html#fine-stats for more details. # management.rates_mode = basic ## Configure how long aggregated data (such as message rates and queue ## lengths) is retained. Please read the plugin's documentation in ## http://www.rabbitmq.com/management.html#configuration for more ## details. ## Your can use 'minute', 'hour' and '24hours' keys or integer key (in seconds) # management.sample_retention_policies.global.minute = 5 # management.sample_retention_policies.global.hour = 60 # management.sample_retention_policies.global.24hours = 1200 # management.sample_retention_policies.basic.minute = 5 # management.sample_retention_policies.basic.hour = 60 # management.sample_retention_policies.detailed.10 = 5 ## ---------------------------------------------------------------------------- ## RabbitMQ Shovel Plugin ## ## See http://www.rabbitmq.com/shovel.html for details ## ---------------------------------------------------------------------------- ## Shovel plugin config example is defined in additional.config file ## ---------------------------------------------------------------------------- ## RabbitMQ Stomp Adapter ## ## See http://www.rabbitmq.com/stomp.html for details ## ---------------------------------------------------------------------------- # ======================================= # STOMP section # ======================================= ## Network Configuration - the format is generally the same as for the broker ## # stomp.listeners.tcp.default = 61613 ## Same for ssl listeners ## # stomp.listeners.ssl.default = 61614 ## Number of Erlang processes that will accept connections for the TCP ## and SSL listeners. ## # stomp.num_acceptors.tcp = 10 # stomp.num_acceptors.ssl = 1 ## Additional SSL options ## Extract a name from the client's certificate when using SSL. ## # stomp.ssl_cert_login = true ## Set a default user name and password. This is used as the default login ## whenever a CONNECT frame omits the login and passcode headers. ## ## Please note that setting this will allow clients to connect without ## authenticating! ## # stomp.default_user = guest # stomp.default_pass = guest ## If a default user is configured, or you have configured use SSL client ## certificate based authentication, you can choose to allow clients to ## omit the CONNECT frame entirely. If set to true, the client is ## automatically connected as the default user or user supplied in the ## SSL certificate whenever the first frame sent on a session is not a ## CONNECT frame. ## # stomp.implicit_connect = true ## ---------------------------------------------------------------------------- ## RabbitMQ MQTT Adapter ## ## See https://github.com/rabbitmq/rabbitmq-mqtt/blob/stable/README.md ## for details ## ---------------------------------------------------------------------------- # ======================================= # MQTT section # ======================================= ## Set the default user name and password. Will be used as the default login ## if a connecting client provides no other login details. ## ## Please note that setting this will allow clients to connect without ## authenticating! ## # mqtt.default_user = guest # mqtt.default_pass = guest ## Enable anonymous access. If this is set to false, clients MUST provide ## login information in order to connect. See the default_user/default_pass ## configuration elements for managing logins without authentication. ## # mqtt.allow_anonymous = true ## If you have multiple chosts, specify the one to which the ## adapter connects. ## # mqtt.vhost = / ## Specify the exchange to which messages from MQTT clients are published. ## # mqtt.exchange = amq.topic ## Specify TTL (time to live) to control the lifetime of non-clean sessions. ## # mqtt.subscription_ttl = 1800000 ## Set the prefetch count (governing the maximum number of unacknowledged ## messages that will be delivered). ## # mqtt.prefetch = 10 ## TCP/SSL Configuration (as per the broker configuration). ## # mqtt.listeners.tcp.default = 1883 ## Same for ssl listener ## # mqtt.listeners.ssl.default = 1884 ## Number of Erlang processes that will accept connections for the TCP ## and SSL listeners. ## # mqtt.num_acceptors.tcp = 10 # mqtt.num_acceptors.ssl = 1 ## TCP/Socket options (as per the broker configuration). ## # mqtt.tcp_listen_options.backlog = 128 # mqtt.tcp_listen_options.nodelay = true ## ---------------------------------------------------------------------------- ## RabbitMQ AMQP 1.0 Support ## ## See https://github.com/rabbitmq/rabbitmq-amqp1.0/blob/stable/README.md ## for details ## ---------------------------------------------------------------------------- # ======================================= # AMQP_1 section # ======================================= ## Connections that are not authenticated with SASL will connect as this ## account. See the README for more information. ## ## Please note that setting this will allow clients to connect without ## authenticating! ## # amqp1_0.default_user = guest ## Enable protocol strict mode. See the README for more information. ## # amqp1_0.protocol_strict_mode = false ## Lager controls logging. ## See https://github.com/basho/lager for more documentation ## ## Log direcrory, taken from the RABBITMQ_LOG_BASE env variable by default. ## # log.dir = /var/log/rabbitmq ## Logging to console (can be true or false) ## # log.console = false ## Loglevel to log to console ## # log.console.level = info ## Logging to file. Can be false or filename. ## Default: # log.file = rabbit.log ## To turn off: # log.file = false ## Loglevel to log to file ## # log.file.level = info ## File rotation config. No rotation by defualt. ## DO NOT SET rotation date to ''. Leave unset if require "" value # log.file.rotation.date = $D0 # log.file.rotation.size = 0 ## QA: Config for syslog logging # log.syslog = false # log.syslog.identity = rabbitmq # log.syslog.level = info # log.syslog.facility = daemon ## ---------------------------------------------------------------------------- ## RabbitMQ LDAP Plugin ## ## See http://www.rabbitmq.com/ldap.html for details. ## ## ---------------------------------------------------------------------------- # ======================================= # LDAP section # ======================================= ## ## Connecting to the LDAP server(s) ## ================================ ## ## Specify servers to bind to. You *must* set this in order for the plugin ## to work properly. ## # ldap.servers.1 = your-server-name-goes-here ## You can define multiple servers # ldap.servers.2 = your-other-server ## Connect to the LDAP server using SSL ## # ldap.use_ssl = false ## Specify the LDAP port to connect to ## # ldap.port = 389 ## LDAP connection timeout, in milliseconds or 'infinity' ## # ldap.timeout = infinity ## Or number # ldap.timeout = 500 ## Enable logging of LDAP queries. ## One of ## - false (no logging is performed) ## - true (verbose logging of the logic used by the plugin) ## - network (as true, but additionally logs LDAP network traffic) ## ## Defaults to false. ## # ldap.log = false ## Also can be true or network # ldap.log = true # ldap.log = network ## ## Authentication ## ============== ## ## Pattern to convert the username given through AMQP to a DN before ## binding ## # ldap.user_dn_pattern = cn=${username},ou=People,dc=example,dc=com ## Alternatively, you can convert a username to a Distinguished ## Name via an LDAP lookup after binding. See the documentation for ## full details. ## When converting a username to a dn via a lookup, set these to ## the name of the attribute that represents the user name, and the ## base DN for the lookup query. ## # ldap.dn_lookup_attribute = userPrincipalName # ldap.dn_lookup_base = DC=gopivotal,DC=com ## Controls how to bind for authorisation queries and also to ## retrieve the details of users logging in without presenting a ## password (e.g., SASL EXTERNAL). ## One of ## - as_user (to bind as the authenticated user - requires a password) ## - anon (to bind anonymously) ## - {UserDN, Password} (to bind with a specified user name and password) ## ## Defaults to 'as_user'. ## # ldap.other_bind = as_user ## Or can be more complex: # ldap.other_bind.user_dn = User # ldap.other_bind.password = Password ## If user_dn and password defined - other options is ignored. # ----------------------------- # Too complex section of LDAP # ----------------------------- ## ## Authorisation ## ============= ## ## The LDAP plugin can perform a variety of queries against your ## LDAP server to determine questions of authorisation. See ## http://www.rabbitmq.com/ldap.html#authorisation for more ## information. ## Following configuration should be defined in additional.config file ## DO NOT UNCOMMENT THIS LINES! ## Set the query to use when determining vhost access ## ## {vhost_access_query, {in_group, ## "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}}, ## Set the query to use when determining resource (e.g., queue) access ## ## {resource_access_query, {constant, true}}, ## Set queries to determine which tags a user has ## ## {tag_queries, []} # ]}, # -----------------------------