rabbitmq ssl connection to load balancer (aws elastic load balancer) question
818 views
Skip to first unread message
Antonio Kang
Dec 1, 2016, 10:27:26 AM12/1/16
to rabbitmq-users
I have been trying to connect to my rabbitmq server with SSL through the AWS’s elastic load balancer but i am getting the following error:
Error reading data. Received 0 instead of expected 7 bytes
When I monitor the traffic on the rabbitmq server and look at the LB’s logs, no traffic gets through to the rabbit server nor to the LB.
Here is the code I am using.
<?php
require_once 'composer/vendor/autoload.php';
header('Content-type: text/plain');
$port = '5671';
$user = 'rabuser';
$password = 'rabpw';
$sslIp = 'rabbit-server.com';
$ip = 'rabbit-server.com';
$sslOptions = array ();
define('AMQP_DEBUG', true);
echo 'rand: ' . rand() . "\n";
try {
echo 'connected to SSL connection' . "\n";
$sslConnection = new \PhpAmqpLib\Connection\AMQPSSLConnection($sslIp, $port, $user, $password);
$sslConnection->close();
}
catch (Exception $e) {
echo "error" . "\n";
echo $e->getMessage() . "\n";
}
?>
I did not set "sslOptions” since it can use the trusted certificate on the machine I am running this on (at least that is what I think but I could be wrong)
Any help/advice is much appreciated.
PS. when i use curl on the https/ssl port, i get the correct SSL/certificate response. I really believe that the load balancer is set up correctly with the certificate and the problem is due to the way I am using the library.
Error reading data. Received 0 instead of expected 7 bytes
When I monitor the traffic on the rabbitmq server and look at the LB’s logs, no traffic gets through to the rabbit server nor to the LB.
Here is the code I am using.
<?php
require_once 'composer/vendor/autoload.php';
header('Content-type: text/plain');
$port = '5671';
$user = 'rabuser';
$password = 'rabpw';
$sslIp = 'rabbit-server.com';
$ip = 'rabbit-server.com';
$sslOptions = array ();
define('AMQP_DEBUG', true);
echo 'rand: ' . rand() . "\n";
try {
echo 'connected to SSL connection' . "\n";
$sslConnection = new \PhpAmqpLib\Connection\AMQPSSLConnection($sslIp, $port, $user, $password);
$sslConnection->close();
}
catch (Exception $e) {
echo "error" . "\n";
echo $e->getMessage() . "\n";
}
?>
I did not set "sslOptions” since it can use the trusted certificate on the machine I am running this on (at least that is what I think but I could be wrong)
Any help/advice is much appreciated.
PS. when i use curl on the https/ssl port, i get the correct SSL/certificate response. I really believe that the load balancer is set up correctly with the certificate and the problem is due to the way I am using the library.
Michael Klishin
Dec 1, 2016, 10:39:03 AM12/1/16
to rabbitm...@googlegroups.com
There is a TLS troubleshooting guide on rabbitmq.com.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Antonio Kang
Dec 1, 2016, 10:41:07 AM12/1/16
to rabbitm...@googlegroups.com
Ive looked at that guide over and over but I still cannot get it work. I think the problem is with the library I am using and so I emailed the author of the code but he has told me to post it in the rabbitmq mailing list.
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/iCifvUI6frQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-user...@googlegroups.com.
Michael Klishin
Dec 1, 2016, 10:45:33 AM12/1/16
to rabbitm...@googlegroups.com
What exactly have you tried? What evidence do you have that this is a client library bug?
99% of TLS-related issues are not client or server bugs. They are environment-specific
problems or misunderstanding of how TLS works.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/iCifvUI6frQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
MK
Staff Software Engineer, Pivotal/RabbitMQ
Michael Klishin
Dec 1, 2016, 10:47:36 AM12/1/16
to rabbitm...@googlegroups.com
Because you have provided 0 evidence that this is a phpamqp lib problem.
Please being with following the steps on http://www.rabbitmq.com/troubleshooting-ssl.html and
include full transcripts from `openssl s_client` (or `openssl s_server` if needed) to this thread.
It is not possible to help you with the amount of information provided and your claims that this is a library
bug are not backed by any provided evidence.
On Thu, Dec 1, 2016 at 6:41 PM, Antonio Kang <ak...@zerionsoftware.com> wrote:
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
--
You received this message because you are subscribed to a topic in the Google Groups "rabbitmq-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/rabbitmq-users/iCifvUI6frQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
Michael Klishin
Dec 1, 2016, 10:56:52 AM12/1/16
to rabbitm...@googlegroups.com
If you haven't set anything related to TLS (other than changing the port) and not sure
if that should be done (hint: yes, yes it should), what makes you believe this is a client library bug?
Technically TLS does require peers to present their certificates and verify/authenticate each other.
RabbitMQ clients typically do require some kind of indication that TLS upgrade should be performed
and may require certificates to use.
The fact that remote peer's certificate may be added to your machine's trusted certificate store
is orthogonal as the client settings above are usually necessary even when peer authentication
is disabled.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-users+unsubscribe@googlegroups.com.
To post to this group, send email to rabbitmq-users@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages