Changing the bind ip address?
138 views
Skip to first unread message
Hadmut Danisch
Nov 17, 2019, 11:54:39 AM11/17/19
to rabbitmq-users
Hi,
I'd like to run rabbitmq server (3.6.10 as it comes with Ubuntu 18.04) on a machine exposed to the Internet. For security reasons I do not want to rely on the firewall only and therefore to have all ports opened by rabbitmq bound to 127.0.0.1 to avoid contacts even in case of firewall failure.
After carefully reading docs I found how to change the bind IP address for ports 5672 and 15672 through /etc/rabbitmq/rabbitmq.config .
But I did not find how to tell rabbitmq to
- either not open port 25672 (clustering) at all or to bind to 127.0.0.1,
- to bind port 4369 (opened by epmd) to 127.0.0.1
How could one do this?
regards
Hadmut
Wesley Peng
Nov 17, 2019, 7:59:47 PM11/17/19
to rabbitm...@googlegroups.com
Hadmut Danisch wrote:
>
> But I did not find how to tell rabbitmq to
>
> * either not open port 25672 (clustering) at all or to bind to 127.0.0.1,
>
> But I did not find how to tell rabbitmq to
>
> * to bind port 4369 (opened by epmd) to 127.0.0.1
Hi
3.6 version is really old. please use the latest RabbitMQ for service.
You could have the machine have internal address only, for example,
192.168.xx.xx, thus rabbitmq can bind only to an internal address.
Removing a pubic IP from the machine even save your money, most case
it's 1-2 USD per month for a public IPv4 on cloud providers.
regards.
Hadmut Danisch
Nov 18, 2019, 6:32:15 AM11/18/19
to rabbitmq-users
Am Montag, 18. November 2019 01:59:47 UTC+1 schrieb Wesley Peng:
3.6 version is really old. please use the latest RabbitMQ for service.
And how would I achieve that goal with a newer version? Still the same problem.
You could have the machine have internal address only, for example,
192.168.xx.xx, thus rabbitmq can bind only to an internal address.
That's a useless hint since the machine runs a public web server and thus needs an external IP address.
Removing a pubic IP from the machine even save your money, most case
it's 1-2 USD per month for a public IPv4 on cloud providers.
Not here.
Wesley Peng
Nov 18, 2019, 7:26:31 AM11/18/19
to rabbitm...@googlegroups.com
This is because there are ports exist which are openned by erlang VM.
You may also look at the configuration for erlang stuff.
regards.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/rabbitmq-users/f0f09e6b-f493-4731-a655-71419be5ec6b%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages