This guide is written for RabbitMQ 3.9!

Configuring the RabbitMQ Server

For the configuration of the RabbitMQ server we will use a rabbitmq.conf and a definitions.json. I stored these files in a rabbitmq folder to keep my project folder structure clean. This setup is derived from sudos answer on StackOverflow

The rabbitmq.conf deactivates the default guest user and tells RabbitMQ to load the definition file.

loopback_users.guest = false
management.load_definitions = /etc/rabbitmq/definitions.json

In the definition file we can define our users, vhosts and permissions.

{
 "rabbit_version": "3.9",
 "users": [
  {
   "name": "local_jobs",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": ""
  },
  {
   "name": "adminuser",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": "administrator"
  }
 ],
 "vhosts": [
  {
   "name": "\/"
  },
 ],
 "permissions": [
  {
   "user": "local_jobs",
   "vhost": "\/",
   "configure": ".*",
   "write": ".*",
   "read": ".*"
  }
 ],
 "parameters": [],
 "policies": [],
 "queues": [],
 "exchanges": [],
 "bindings": []
}

To add the configurations to the RabbitMQ server they are added via the volumes options in the docker-compose.yml

  rabbitmq:
    hostname: rabbitmq
    image: rabbitmq:3.9-management
    command: rabbitmq-server
    ports:
      - "5672:5672"
      - "15672:15672"
    volumes:
      - ./rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
      - ./rabbitmq/definitions.json:/etc/rabbitmq/definitions.json:ro

Generating Password Hashs

In order to generate the password hashs I used the python script by Todd Lyons on StackOverflow

#!/usr/bin/env python3

# rabbitMQ password hashing algo as laid out in:
# http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-May/012765.html

from __future__ import print_function
import base64
import os
import hashlib
import struct
import sys

# This is the password we wish to encode
password = sys.argv[1]

# 1.Generate a random 32 bit salt:
# This will generate 32 bits of random data:
salt = os.urandom(4)

# 2.Concatenate that with the UTF-8 representation of the plaintext password
tmp0 = salt + password.encode('utf-8')

# 3. Take the SHA256 hash and get the bytes back
tmp1 = hashlib.sha256(tmp0).digest()

# 4. Concatenate the salt again:
salted_hash = salt + tmp1

# 5. convert to base64 encoding:
pass_hash = base64.b64encode(salted_hash)

print(pass_hash.decode("utf-8"))