Cannot connect to rabbitmq management console when ssl is enabled - centos docker container

2
votes

I installed rabbitmq in a docker container. I used centos:latest image to create this container. Steps I followed to install rabbitmq is as follows,

  1. yum -y update && yum -y install epel-release && yum -y install wget logrotate
  2. wget https://www.rabbitmq.com/releases/rabbitmq-server/v3.6.1/rabbitmq-server-3.6.1-1.noarch.rpm
  3. rpm --import https://www.rabbitmq.com/rabbitmq-signing-key-public.asc
  4. yum install rabbitmq-server-3.6.1-1.noarch.rpm
  5. service rabbitmq-server start
  6. rabbitmqctl add_user admin admin
  7. rabbitmqctl set_user_tags admin administrator
  8. rabbitmqctl set_permissions -p / admin "." "." ".*"
  9. rabbitmq-plugins enable rabbitmq_management

at this point I can access to management console without aby problem using the url http://localhost:15672

then I added a custom configuration /etc/rabbitmq/rabbitmq.config file. Content if that file is as follows,

[
{ rabbit, [
    { loopback_users, [ ] },
    { tcp_listeners, [ ] },
    { ssl_listeners, [ 5671 ] },
    { ssl_options, [
        { cacertfile, "/path/to/cacert" },
        { certfile, "/path/to/cert" },
        { fail_if_no_peer_cert, false },
        { keyfile, "/path/to/key" },
        { verify, verify_peer }
    ] },
    { hipe_compile, false }
] },
{ rabbitmq_management, [ { listener, [
    { port, 15672 },
    { ssl, true },
    { ssl_opts, [
        { cacertfile, "/path/to/cacert" },
        { certfile, "/path/to/cert" },
        { keyfile, "/path/to/key.pem" },
        { fail_if_no_peer_cert, false },
        { verify, verify_none }
    ] }
] } ] }
].

then I restarted the rabbitmq-service and tried to connect, using url https://localhost:15672. But it is not connecting,

Following error logs were there in rabbitmq log file,

=ERROR REPORT==== 6-Jul-2018::07:35:18 ===
application: mochiweb
"Accept failed error"
"{'EXIT',\n    {{function_clause,\n         [{ssl_cipher,hash_algorithm,\"\\b\",\n              [{file,\"ssl_cipher.erl\"},{line,1175}]},\n          {ssl_handshake,'-dec_hello_extensions/2-blc$^0/1-1-',1,\n              [{file,\"ssl_handshake.erl\"},{line,1649}]},\n          {ssl_handshake,'-dec_hello_extensions/2-blc$^0/1-1-',1,\n              [{file,\"ssl_handshake.erl\"},{line,1650}]},\n          {ssl_handshake,dec_hello_extensions,2,\n              [{file,\"ssl_handshake.erl\"},{line,1649}]},\n          {tls_handshake,decode_handshake,3,\n              [{file,\"tls_handshake.erl\"},{line,182}]},\n          {tls_handshake,get_tls_handshake_aux,3,\n              [{file,\"tls_handshake.erl\"},{line,153}]},\n          {tls_connection,next_state,4,\n              [{file,\"tls_connection.erl\"},{line,454}]},\n          {gen_fsm,handle_msg,7,[{file,\"gen_fsm.erl\"},{line,505}]}]},\n     {gen_fsm,sync_send_all_state_event,[<0.500.0>,{start,20000},infinity]}}}"

What can be the reason for this error ? any idea. Thanks in advance.

1
dockerrabbitmqerlangcentos7
Why RabbitMQ version 3.6.1? It is very old, no longer supported and the current version is 3.7.7. Also, you don't mention how you are installing Erlang or the version of Erlang you're using.Luke Bakken

1 Answers

2
votes

The error {function_clause, [{ssl_cipher,hash_algorithm,"\b", [{file,"ssl_cipher.erl"},{line,1196}]} occurs because of an incompatibility between old versions of the SSL application in Erlang and modern web browsers. Upgrade Erlang to at least version 18.0 to get rid of this problem.

This issue has id OTP-12829, and in the release notes it is described as:

   OTP-12829  Gracefully ignore proprietary hash_sign algorithms