Libove Blog

Personal Blog about anything - mostly programming, cooking and random thoughts

  • on GitHub
  • on Mastodon

    • Setup Rabbitmq With Users for Docker Compose

    # Published: by h4kor

    This guide is written for RabbitMQ 3.9!

    Configuring the RabbitMQ Server

    For the configuration of the RabbitMQ server we will use a rabbitmq.conf and a definitions.json. I stored these files in a rabbitmq folder to keep my project folder structure clean. This setup is derived from sudos answer on StackOverflow

    The rabbitmq.conf deactivates the default guest user and tells RabbitMQ to load the definition file.

    loopback_users.guest = false
management.load_definitions = /etc/rabbitmq/definitions.json

    In the definition file we can define our users, vhosts and permissions.

    {
 "rabbit_version": "3.9",
 "users": [
  {
   "name": "local_jobs",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": ""
  },
  {
   "name": "adminuser",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": "administrator"
  }
 ],
 "vhosts": [
  {
   "name": "\/"
  },
 ],
 "permissions": [
  {
   "user": "local_jobs",
   "vhost": "\/",
   "configure": ".*",
   "write": ".*",
   "read": ".*"
  }
 ],
 "parameters": [],
 "policies": [],
 "queues": [],
 "exchanges": [],
 "bindings": []
}

    To add the configurations to the RabbitMQ server they are added via the volumes options in the docker-compose.yml

      rabbitmq:
    hostname: rabbitmq
    image: rabbitmq:3.9-management
    command: rabbitmq-server
    ports:
      - "5672:5672"
      - "15672:15672"
    volumes:
      - ./rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
      - ./rabbitmq/definitions.json:/etc/rabbitmq/definitions.json:ro

    Generating Password Hashs

    In order to generate the password hashs I used the python script by Todd Lyons on StackOverflow

    #!/usr/bin/env python3

# rabbitMQ password hashing algo as laid out in:
# http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-May/012765.html

from __future__ import print_function
import base64
import os
import hashlib
import struct
import sys

# This is the password we wish to encode
password = sys.argv[1]

# 1.Generate a random 32 bit salt:
# This will generate 32 bits of random data:
salt = os.urandom(4)

# 2.Concatenate that with the UTF-8 representation of the plaintext password
tmp0 = salt + password.encode('utf-8')

# 3. Take the SHA256 hash and get the bytes back
tmp1 = hashlib.sha256(tmp0).digest()

# 4. Concatenate the salt again:
salted_hash = salt + tmp1

# 5. convert to base64 encoding:
pass_hash = base64.b64encode(salted_hash)

print(pass_hash.decode("utf-8"))