rabbit TLS - how to disable prometheus TCP?

385 views
Skip to first unread message

Netcall Rabbit

unread,
Apr 27, 2023, 4:23:24 AM4/27/23
to rabbitmq-users
my rabbit config is:
listeners.tcp.default = 5672
management.listener.port = 0
management.listener.ip = 127.0.0.1
management.path_prefix = /rabbitmq
management.ssl.port       = 15671
management.ssl.cacertfile = c:\ssl\CertificateAuthority.crt
management.ssl.certfile   = c:\ssl\localhost.crt
management.ssl.keyfile    = c:\ssl\localhost.key
management.ssl.versions.1 = tlsv1.2
listeners.tcp = none
listeners.ssl.default  = 5671
ssl_options.cacertfile = c:\ssl\CertificateAuthority.crt
ssl_options.certfile   = c:\ssl\rabbitmq.crt
ssl_options.keyfile    = c:\ssl\rabbitmq.key
ssl_options.versions.1 = tlsv1.2
prometheus.tcp.port       = 15692
prometheus.ssl.port       = 15691
prometheus.ssl.cacertfile = c:\ssl\CertificateAuthority.crt
prometheus.ssl.certfile   = c:\ssl\rabbitmq.crt
prometheus.ssl.keyfile    = c:\ssl\rabbitmq.key
prometheus.ssl.versions.1 = tlsv1.2
log.dir = c:/tptrace/rabbitmq
log.file = c:/tptrace/rabbitmq/rabbit.log
log.file.level = info
log.file.rotation.date = $D0
log.file.rotation.count = 14
log.console = false
log.console.level = info

but i really want to DISABLE prometheus TCP
prometheus.tcp.port       = 15692

I have tried:
prometheus.tcp.port       = 0
and
prometheus.tcp.port       = none

and they just break rabbit

any ideas?



Chunyi Lyu

unread,
Apr 27, 2023, 5:50:54 AM4/27/23
to rabbitmq-users
Hi 👋 

I think the prometheus tcp listener can be disabled by setting prometheus.ssl.port without setting prometheus.tcp.port. Could you try it out see if that works for you?

Best,
Chunyi

Netcall Rabbit

unread,
Apr 27, 2023, 6:42:48 AM4/27/23
to rabbitmq-users
thanks.  unfortunately that didn't work. if I remove the  prometheus.tcp.port line, then it just assumes a default port of 15692.

Luke Bakken

unread,
May 3, 2023, 11:16:43 AM5/3/23
to rabbitmq-users
Hello,

If you want to completely disable the listener, disable the Prometheus plugin. Presumably you're not collecting the data at that point (though you should be!)

Your other option is to set the listening IP to 127.0.0.1:

prometheus.tcp.ip = 127.0.0.1

Thanks,
Luke

Luke Bakken

unread,
May 3, 2023, 11:18:11 AM5/3/23
to rabbitmq-users
PS I am asking the team about supporting just a TLS listener.

Luke Bakken

unread,
May 3, 2023, 11:59:04 AM5/3/23
to rabbitmq-users
https://github.com/rabbitmq/rabbitmq-server/issues/8095
Reply all
Reply to author
Forward
Message has been deleted
0 new messages