Skip to content

Deployment Overview of RabbitMQ on Server

Prerequisites and Basic Requirements

The deployment requires a server running the Ubuntu operating system. The installation process utilizes the apt package manager and requires root privileges to install system packages, configure services, and manage user permissions.

The following ports are utilized by the application and its management interface: - Port 15672: RabbitMQ Management Plugin (bound to 127.0.0.1 for local access only). - Port 5672: Default AMQP port for RabbitMQ client connections. - Port 443 and 80: Used by the Nginx reverse proxy for SSL termination and HTTP redirection.

File and Directory Structure

The application and its supporting services utilize the following directory structure: - /etc/rabbitmq/: Contains the main RabbitMQ configuration file, specifically rabbitmq.conf. - /root/nginx/: The working directory for the Nginx and Certbot Docker deployment, containing the compose.yml file. - /data/nginx/user_conf.d/: Stores custom Nginx configuration files, including host-specific configurations (e.g., {{ prefix }}{{ server_id }}.hostkey.in.conf). - /data/nginx/nginx-certbot.env: Environment file containing configuration variables for the Nginx container. - /etc/letsencrypt/: Mount point for SSL certificates managed by the Certbot container.

Application Installation Process

RabbitMQ is installed directly on the host operating system using the Ubuntu package repository. The installation process involves the following steps: 1. Update the local package index using apt. 2. Install the rabbitmq-server package. 3. Enable and start the rabbitmq-server service to ensure it runs on boot. 4. Enable the rabbitmq_management plugin to provide a web-based management interface. 5. Configure the management listener to bind to 127.0.0.1 on port 15672 by writing the configuration to /etc/rabbitmq/rabbitmq.conf. 6. Restart the rabbitmq-server service to apply configuration changes.

The Nginx reverse proxy is deployed using Docker Compose. The deployment script generates a compose.yml file in /root/nginx/ and executes docker compose up -d to start the services.

Access Rights and Security

Security is enforced through user management within RabbitMQ and network isolation for the management interface.

RabbitMQ User Management: - An administrative user is created using the rabbitmqctl add_user command with a specified username and password. - The administrator tag is assigned to this user using rabbitmqctl set_user_tags. - Permissions are granted to the administrator user for a specific virtual host (vhost) using rabbitmqctl set_permissions, allowing full access to configuration, write, and read operations (.* for all three). - A virtual host is created using rabbitmqctl add_vhost if it does not already exist.

Network Security: - The RabbitMQ management interface is restricted to localhost (127.0.0.1) only, preventing direct external access to the management port. - External access to the application is routed through the Nginx reverse proxy, which handles SSL/TLS encryption.

Databases

RabbitMQ utilizes its internal storage mechanism for message queues and exchanges. No external database connection is required for the core functionality described in the configuration. The data is stored within the default RabbitMQ data directories managed by the rabbitmq-server service.

Docker Containers and Their Deployment

The Nginx reverse proxy is deployed as a Docker container using the jonasal/nginx-certbot:latest image. The deployment is managed via a docker compose file located at /root/nginx/compose.yml.

Container Configuration: - Image: jonasal/nginx-certbot:latest - Restart Policy: unless-stopped - Network Mode: host - Environment Variables: - CERTBOT_EMAIL: Set to [email protected]. - Additional variables are loaded from /data/nginx/nginx-certbot.env. - Volumes: - nginx_secrets: An external volume mounted to /etc/letsencrypt for storing SSL certificates. - /data/nginx/user_conf.d: Mounted to /etc/nginx/user_conf.d to provide custom Nginx configurations.

The container is started using the command docker compose up -d executed from the /root/nginx directory.

Proxy Servers

Nginx acts as the reverse proxy for the application, handling SSL termination and routing traffic to the internal RabbitMQ instance or other backend services.

Configuration Details: - The proxy configuration is dynamically generated and stored in /data/nginx/user_conf.d/. - The proxy_pass directive is configured to forward requests to http://127.0.0.1:{{ internal_port }}. - SSL certificates are managed automatically by the Certbot component within the Docker container. - The nginx_secrets volume ensures that certificates are persisted across container restarts.

Permission Settings

File and directory permissions are set as follows during the deployment process: - /root/nginx/: Created with 0755 permissions, owned by root:root. - /root/nginx/compose.yml: Created with 0644 permissions, owned by root:root. - /etc/rabbitmq/rabbitmq.conf: Created with 0644 permissions, owned by root:root. - /data/nginx/user_conf.d/: Mounted into the container, permissions managed by the host filesystem.

Starting, Stopping, and Updating

RabbitMQ Service Management: - Start the service: systemctl start rabbitmq-server - Stop the service: systemctl stop rabbitmq-server - Restart the service: systemctl restart rabbitmq-server - Enable on boot: systemctl enable rabbitmq-server

Docker Container Management: - Start the Nginx container: docker compose up -d (executed from /root/nginx) - Stop the Nginx container: docker compose down (executed from /root/nginx) - Update the container: Pull the latest image using docker pull jonasal/nginx-certbot:latest and restart the container with docker compose up -d.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×