HSTS Support for Web STOMP TLS Port in RabbitMQ

50 views
Skip to first unread message

B Nagaraju Reddy

unread,
Jun 10, 2025, 9:28:46 AMJun 10
to rabbitmq-users

Hi all,

I’ve been researching how to enable the HSTS (HTTP Strict Transport Security) header for the Web STOMP plugin in RabbitMQ when TLS is enabled, but I haven’t found any documentation or references confirming if this is supported.
Below is a snippet of my current Web STOMP configuration in rabbitmq.conf:

{rabbitmq_web_stomp,
  [
    {tcp_config, []},
    {ssl_config, [
        {port,       ${rabbitmq:web_stomp_port}},
        {backlog,    1024},
        {cacertfile, "${rabbitmq:ca_bundle_cert_path}"},
        {certfile,   "${rabbitmq:server_cert_path}"},
        {keyfile,    "${rabbitmq:server_key_path}"}
    ]}
  ]
},

Does the Web STOMP TLS port support adding HTTP response headers such as Strict-Transport-Security? If so, is there a recommended way to configure or inject this header?

Any guidance or pointers would be much appreciated.

Thanks in advance!

Best regards,
Nagaraju

Loïc Hoguin

unread,
Jun 12, 2025, 3:27:19 AMJun 12
to rabbitm...@googlegroups.com, B Nagaraju Reddy

Hello,

It is not currently available in the Web STOMP plugin (and neither is it in Web MQTT). I would advise opening a feature request on GitHub.

Cheers,

--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/rabbitmq-users/93c535dd-0934-41f0-9b9f-0e2a98e14768n%40googlegroups.com.

This electronic communication and the information and any files transmitted with it, or attached to it, are confidential and are intended solely for the use of the individual or entity to whom it is addressed and may contain information that is confidential, legally privileged, protected by privacy laws, or otherwise restricted from disclosure to anyone else. If you are not the intended recipient or the person responsible for delivering the e-mail to the intended recipient, you are hereby notified that any use, copying, distributing, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you received this e-mail in error, please return the e-mail to the sender, delete it from your computer, and destroy any printed copy of it.
Message has been deleted

B Nagaraju Reddy

unread,
Jun 14, 2025, 4:43:45 AMJun 14
to rabbitmq-users
Hi,

Thank you for the clarification!
Reply all
Reply to author
Forward
0 new messages