Quickly set up Drupal connection to RabbitMQ using SSL

Submitted by Tim on 21 Aug 2013 - 14:29

In this post I will list the steps to take to create an SSL rabbitmq server connection from Drupal using the message_broker module. I am doing this under Ubuntu but these steps should be similar under every Linux distribution. This is quite a long description but if you follow step by step it's very easy to set up.

Quick Install of RabbitMQ

(skip this if you already have a rabbitMQ server running) At the time of writing the Ubuntu repositories have an old version of RabbitMQ. Since I want something more recent I add the repositories of RabbitMQ Add the following line to /etc/apt/sources.list

deb http://www.rabbitmq.com/debian/ testing main

Add trusted key of RabbitMQ

wget -qO - http://www.rabbitmq.com/rabbitmq-signing-key-public.asc | sudo apt-key add -

and run

sudo apt-get update
sudo apt-get install rabbitmq-server

If you get:

rabbitmq-server : Depends: erlang-nox (>= 1:12.b.3) but it is not going to be installed or
                            esl-erlang but it is not installable

You will have to download and install latest version of erlang for your distribution from: https://www.erlang-solutions.com/downloads/download-erlang-otp

dpkg -i yourjustdownloaderlang.deb

Install missing dependencies

apt-get install -f

 

Generate SSL Certificate For the certificates I use CACERT http://www.cacert.org . It's free to use, included in Debian/Ubuntu repositories and since I am not dealing with end-users it's fine to use certificate's that are not included in all browsers. Make sure you add your domain to CACERT before you do the new serve Certificate Signing Request. To generate the certificate server side I use the CSRGenerator from CACERT

 

wget http://svn.cacert.org/CAcert/Software/CSRGenerator/csr
sh csr

And fill in your details here

Private Key and Certificate Signing Request Generator
This script was designed to suit the request format needed by
the CAcert Certificate Authority. www.CAcert.org

Short Hostname (ie. imap big_srv www2): rabbitmq
FQDN/CommonName (ie. www.example.com) : rabbitmq.timdejong.nl
Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish
SubjectAltName: DNS:
Running OpenSSL...
Generating a 2048 bit RSA private key
.....

copy the certificate request and paste it the cacert server certificate Save the returned certificate as /etc/rabbitmq/ssl/rabbitmq.pem copy the privatekey which the above script generated to /etc/rabbitmq/ssl/rabbitmq_privatekey.key and change owner to rabbitmq

chown rabbitmq.rabbitmq /etc/rabbitmq/ssl/rabbitmq_privatekey.pem

Add to the following to /etc/rabbitmq/rabbitmq.config

[
  {rabbit, [
     {default_user, <<"admin">>},
     {default_pass, <<"SET_A_PASSWORD">>},
     {ssl_listeners, [5671]},
     {ssl_options, [{cacertfile,"/etc/ssl/certs/cacert.org.pem"},
                    {certfile,"/etc/rabbitmq/ssl/rabbitmq.pem"},
                    {keyfile,"/etc/rabbitmq/ssl/rabbitmq_privatekey.pem"},
                    {verify,verify_peer},
                    {fail_if_no_peer_cert,false}]}
   ]}
].

I like to manage rabbitMQ over http. To install rabbitMQ management plugin

rabbitmq-plugins enable rabbitmq_management
/etc/init.d/rabbitmq restart

You can then login on http://yourip:15672/ with your password above

Drupal: Installing and configuring message_broker

Download necessery module for drupal


drush dl message_broker xautoload libraries

git clone https://github.com/videlalvaro/php-amqplib.git sites/all/libraries/phpamqp

drush en message_broker_amqp

SSL create a certificate by running the csr script again and create a CSR for the first client (the drupal installation)

sh csr
Private Key and Certificate Signing Request Generator
This script was designed to suit the request format needed by
the CAcert Certificate Authority. www.CAcert.org

Short Hostname (ie. imap big_srv www2): client1
FQDN/CommonName (ie. www.example.com) : client1.timdejong.nl
Type SubjectAltNames for the certificate, one per line. Enter a blank line to finish
SubjectAltName: DNS:
Running OpenSSL...
Generating a 2048 bit RSA private key

copy the certificate request and paste it the cacert server certificate For the client certificate we combine the privatekey and the signed request in one file. So paste the received certificate in together with the contents of client1_privatekey.pem on your Drupal server as client1.pem. Please make sure you do save this outside of your webroot Now we will configure message_broker to connect the RabbitMQ server:

  • go to admin/config/system/message_broker and select AMQP
  • go to admin/config/system/message_broker_amqp fill your rabbitmq server. Change port to 5671 (SSL) fill in your login details for rabbitMQ and point to the json file where the exchange and queues are defined. See https://drupal.org/node/1828112
  • Check "use SSL for this connection"
  • Fill in the path for CA file (CAcert default is /etc/ssl/certs/cacert.org/pem) please check the repositories of your distribution if it's not there or download from http://www.cacert.org/index.php?id=3
  • Fill in path name of client cert file and you should be all set.

you can test if the connetion works by typing

drush cons

If everything is set up correct it will try to connect and mention that there are no consumers available.

Add new comment

The content of this field is kept private and will not be shown publicly.
About text formats

Filtered HTML

  • Web page addresses and email addresses turn into links automatically.
  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.