发布于2016年12月09日浏览:3896次
重置serverX-a
1.yum update -y
reboot
2.yum install -y rabbitmq-server.noarch --安装rabbitmq
3.systemctl start rabbitmq-server --重启服务
4.rabbitmqctl delete_user guest --删除guest
5.rabbitmqctl add_user rabbitmqauth redhat --添加用户和密码
6.rabbitmqctl set_permissions rabbitmqauth ".*" ".*" ".*" --设置权限(给了configure,write,和read权限,对应的是rabbitmq有权访问所有virtual host 队列
Setting permissions for user "rabbitmqauth" in vhost "/" ... --显示结果
...done.
7.rabbitmqctl set_user_tags rabbitmqauth administrator --授予后台管理员权限
Setting tags for user "rabbitmqauth" to [administrator] ... --显示结果
...done.
8.rabbitmqctl list_users --查看用户
9.创建一个本地ca
mkdir /etc/rabbitmq/testca
cd /etc/rabbitmq/testca
mkdir certs private
chmod 700 private/
echo 01 > serial
touch index.txt
10.wget -P /etc/rabbitmq/testca/ http://classroom.example.com/materials/openssl.cnf
--下载openssl.cnf 到testca目录
11.openssl req -x509 -config openssl.cnf -newkey rsa:2048 -days 365 -out cacert.pem -outform PEM -subj /CN=MyTestCA/ -nodes --创建ca的私钥key
openssl x509 -in cacert.pem -out cacert.cer -outform DER --创建ca的公钥cer
12.mkdir -p /etc/rabbitmq/server --创建server的公钥私钥
cd /etc/rabbitmq/server
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=server/ -nodes
13.mkdir -p /etc/rabbitmq/client --创建client的公钥私钥
cd /etc/rabbitmq/client
openssl genrsa -out key.pem 2048
openssl req -new -key key.pem -out req.pem -outform PEM -subj /CN=$(hostname)/O=client/ -nodes
14.cd ../testca/ --标识服务器证书请求并导出成为p12格式
openssl ca -config openssl.cnf -in ../server/req.pem -out ../server/cert.pem -notext -batch -extensions client_ca_extensions
cd ../server/
openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword
15.cd ../testca/ --标识客户端证书请求并导出成为p12格式
openssl ca -config openssl.cnf -in ../client/req.pem -out ../client/cert.pem -notext -batch -extensions client_ca_extensions
../client/
openssl pkcs12 -export -out keycert.p12 -in cert.pem -inkey key.pem -passout pass:MySecretPassword
note:吊销证书
cd /etc/rabbitmq/testca
openssl ca revoke certs/index_number.pem
16.wget -P /etc/rabbitmq/ http://classroom.example.com/materials/rabbitmq.config --下载rabbitmq.config 配置文件到/etc/rabbitmq/
17.firewall-cmd --add-port=5672/tcp --permanent --添加防火墙策略
firewall-cmd --add-port=5671/tcp --permanent
firewall-cmd –reload
18.systemctl restart rabbitmq-server
19.grep -i SSL /var/log/rabbitmq/* --查看日志中SSL 监听5671端口是否有记录
/var/log/rabbitmq/rabbit@server20-a.log:started SSL Listener on [::]:5671
/var/log/rabbitmq/rabbit@server20-a.log:stopped SSL Listener on [::]:5671
/var/log/rabbitmq/rabbit@server20-a.log:started SSL Listener on [::]:5671
20.netstat -nlp |grep 567* --查看网络端口是否开启
tcp6 0 0 :::5671 :::* LISTEN 2225/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 2225/beam.smp
21.systemctl enable rabbitmq-server.service --开机启动
此文出自东方瑞通李岳老师,转载需注明出处。