Posted on

How to Change RabbitMQ Port and Set Up a Reverse Proxy with Nginx

RabbitMQ is a powerful message broker that supports various messaging protocols. By default, RabbitMQ listens on port 5672 for AMQP and 15672 for HTTP management UI. However, there are situations where you might want to change these ports or set up a reverse proxy using Nginx for enhanced security or easier access. This guide will walk you through the process.

Changing RabbitMQ Ports

To change the default ports used by RabbitMQ, you need to modify the RabbitMQ configuration file.

Locate the RabbitMQ Configuration File

RabbitMQ configuration can be managed using its configuration file (rabbitmq.conf) or the advanced configuration file (advanced.config). The default location of these files depends on your operating system:

  • Linux: /etc/rabbitmq/rabbitmq.conf
  • Windows: %APPDATA%\RabbitMQ\rabbitmq.conf

If the file doesn’t exist, you may need to create it.

Modify the Configuration File

To change the default ports, add the following entries to rabbitmq.conf:

listeners.tcp.default = 5673
management.listener.port = 15673

Here:

  • listeners.tcp.default changes the AMQP port.
  • management.listener.port changes the HTTP management UI port.

Restart RabbitMQ

After saving the configuration file, restart RabbitMQ to apply the changes:

sudo systemctl restart rabbitmq-server

Or, if you’re using Windows:

rabbitmq-service stop
rabbitmq-service start

Setting Up a Reverse Proxy with Nginx

Reverse proxies improve security, load balancing, and ease of access. With Nginx, you can configure RabbitMQ’s ports to be accessible through standard HTTP or HTTPS ports (80/443).

Install Nginx

Install Nginx if it’s not already installed:

  • On Ubuntu/Debian: 
    sudo apt update && sudo apt install nginx
  • On CentOS/RHEL: 
    sudo yum install nginx

Configure Nginx for RabbitMQ

Edit or create a new configuration file for RabbitMQ under /etc/nginx/sites-available/ or /etc/nginx/conf.d/.

server {
    listen 80;
    server_name rabbitmq.example.com;

    location / {
        proxy_pass http://127.0.0.1:15672;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    listen 443 ssl;
    server_name rabbitmq.example.com;

    ssl_certificate /path/to/ssl/certificate.crt;
    ssl_certificate_key /path/to/ssl/private.key;

    location / {
        proxy_pass http://127.0.0.1:15672;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

Enable the Nginx Configuration

For sites-available setups:

sudo ln -s /etc/nginx/sites-available/rabbitmq.conf /etc/nginx/sites-enabled/

Test the configuration:

sudo nginx -t

Reload Nginx:

sudo systemctl reload nginx

Testing Your Setup

To test if everything is set up correctly:

  • For HTTP: http://rabbitmq.example.com
  • For HTTPS: https://rabbitmq.example.com

Verify port changes by using netstat or ss:

sudo netstat -tuln | grep 5673

Conclusion

By changing the RabbitMQ ports and setting up a reverse proxy with Nginx, you can better secure and optimize access to RabbitMQ services. This setup is particularly useful in production environments where security and scalability are critical.

Posted on

Secure Connections (SSL/TLS) in MySQL

Securing connections to your MySQL database is crucial for protecting sensitive data during transmission. MySQL supports SSL/TLS encryption, which ensures that data sent between clients and the server is encrypted and safe from eavesdropping or tampering.

Why Use SSL/TLS?

  • Encrypts data transmitted between the client and server.
  • Prevents unauthorized access and man-in-the-middle attacks.
  • Ensures secure communication for remote connections.

Configuring SSL/TLS in MySQL

Follow these steps to enable SSL/TLS for your MySQL server:

Step 1: Generate SSL/TLS Certificates

Create the necessary certificates and keys for the server and clients. You can use tools like OpenSSL for this:

# Generate a private key
openssl genrsa 2048 > server-key.pem

# Create a certificate signing request (CSR)
openssl req -new -key server-key.pem -out server-csr.pem

# Generate a self-signed certificate
openssl x509 -req -in server-csr.pem -signkey server-key.pem -out server-cert.pem

Create similar certificates for the client and ensure proper trust between the client and server certificates.

Step 2: Configure MySQL Server

Edit your MySQL configuration file (my.cnf or my.ini) to enable SSL/TLS:

[mysqld]
ssl-ca=/path/to/ca-cert.pem
ssl-cert=/path/to/server-cert.pem
ssl-key=/path/to/server-key.pem

Restart the MySQL server to apply these changes.

Step 3: Configure MySQL Client

On the client side, ensure that it uses SSL/TLS for connections by specifying the appropriate certificates and keys:

mysql --host=your_server_ip --ssl-ca=/path/to/ca-cert.pem --ssl-cert=/path/to/client-cert.pem --ssl-key=/path/to/client-key.pem

Enforcing Secure Connections

To require all client connections to use SSL/TLS, update the user privileges:

ALTER USER 'username'@'host' REQUIRE SSL;

Verify the change using:

SHOW GRANTS FOR 'username'@'host';

Verifying SSL/TLS Connections

To confirm that a connection is encrypted, run the following command from a connected client:

SHOW STATUS LIKE 'Ssl_cipher';

If SSL/TLS is enabled, it will display the cipher in use.

Best Practices

  • Use certificates from a trusted Certificate Authority (CA) for production environments.
  • Regularly renew and update certificates to avoid expiration.
  • Limit access to the private keys to authorized administrators.
  • Test your SSL/TLS setup to ensure proper encryption.

By enabling SSL/TLS in MySQL, you can safeguard sensitive data and ensure secure communication between your database and clients.