科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>Using SSL with RabbitMQ management panel through NGINX in Docker - Stack Overflow

    Using SSL with RabbitMQ management panel through NGINX in Docker - Stack Overflow

    programmeradmin1浏览0评论

    everyone. I have a project in docker-compose with RabbitMQ and Nginx. I want to use SSL connection when using management panel. I want to use Nginx as reverse proxy.

    My setup:

    docker-compose:

    services:
  nginx:
    image: nginx:1.25.1
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - ./certs:/usr/share/certs
      - ./nginx/global/nginx.conf:/etc/nginx/nginx.conf
    env_file:
      - .env

  rabbitmq:
    image: rabbitmq:3.13.1
    hostname: rabbitmq
    ports:
      - "0.0.0.0:15673:15673" 
    container_name: 'rabbitmq'
    restart: always
    env_file:
      - .env
    environment:
      - RABBITMQ_DEFAULT_USER=${RABBITMQ_USER}
      - RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASS}
      - RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=-rabbit disk_free_limit 2147483648
    volumes:
      - rabbitmq_data:/var/lib/rabbitmq
      - ./certs/$TDS_HOSTNAME:/etc/ssl
      - ./configs/$TDS_HOSTNAME/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
    healthcheck:
      test: ["CMD", "rabbitmqctl", "status"]
      interval: 30s
      timeout: 30s
      retries: 15
      start_period: 10s

volumes:
  rabbitmq_data:

    rabbitmq.conf:

    listeners.ssl.default            = 15673
ssl_options.cacertfile           = /etc/ssl/ca_cert.pem
ssl_options.certfile             = /etc/ssl/fullchain.pem
ssl_options.keyfile              = /etc/ssl/privkey.pem
ssl_options.verify               = verify_peer
ssl_options.fail_if_no_peer_cert = true

management.listener.port = 15672
management.listener.ssl = false

    nginx template:

    # itds_nginx.conf


# configuration of the server
# Mozilla Intermediate configuration
    server_tokens          off;
    ssl_protocols          TLSv1.2 TLSv1.3;
    ssl_ciphers            ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;

server {
    listen 80;
    server_name ${TDS_HOSTNAME};

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    access_log  /var/log/nginx/access.log combined if=$loggable;
    # https support
    listen      443 ssl;
    server_name ${TDS_HOSTNAME}; 
    charset     utf-8;
    # Sertificates
    # Подставить пути к ssl сертификату
    ssl_certificate /usr/share/certs/${TDS_HOSTNAME}/${SSL_CERT_FILENAME};
    ssl_certificate_key /usr/share/certs/${TDS_HOSTNAME}/${SSL_CERT_PRIVKEY_FILENAME};
    # security
    add_header X-Frame-Options           "SAMEORIGIN" always;
    add_header X-XSS-Protection          "1; mode=block" always;
    add_header X-Content-Type-Options    "nosniff" always;
    add_header Referrer-Policy           "strict-origin-when-cross-origin" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(self),magnetometer=(),gyroscope=(self),fullscreen=(self),payment=(),sensors=(self)";
    add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera self;magnetometer none;gyroscope self;speaker self;vibrate none;fullscreen self;payment none;sensors self";

    # Максимальный размер загружаемых файлов
    client_max_body_size 10M;   # adjust to taste

    #Enable GZIP
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/css text/javascript application/javascript application/json text/xml application/octet-stream;

    # this is the internal Docker DNS, cache only for 30s
    resolver 127.0.0.11 valid=30s;

    location ~* /rabbitmq/api/(.*?)/(.*) {
        proxy_pass http://rabbitmq:15672/api/$1/%2F/$2?$query_string;
        proxy_buffering                    off;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~* /rabbitmq/(.*) {
        rewrite ^/rabbitmq/(.*)$ /$1 break;
        proxy_pass http://rabbitmq:15672;
        proxy_buffering                    off;
        proxy_set_header Host              $http_host;
        proxy_set_header X-Real-IP         $remote_addr;
        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

    When I go to / I get an error: undefined: There is no template at js/tmpl/login.ejs undefined. Does anyone know how to fix it?

    pic with the error

    Tried to follow rabbitmq docs

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论