Trying to disable port 5672 (only allowing port 5671 traffic)

743 views
Skip to first unread message

Ryan Zink

unread,
Apr 7, 2016, 10:33:37 PM4/7/16
to rabbitmq-users
Hello,

I am migrating our connections to RabbitMQ over from non-SSL connections to SSL connections. I have configured the SSL connections in the config file, but now when I try to stop accepting connections on the default port 5672, I'm finding that the config file changes aren't applying.

Here's the section of the config file I have in place:
...

{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, 
[
{cacertfile,"C:\\RabbitMQ\\etc\\ssl\\root.pem"},
{certfile,"C:\\RabbitMQ\\etc\\ssl\\cert.pem"},
{keyfile,"C:\\RabbitMQ\\etc\\ssl\\key.pem"},
{depth, 2},
{fail_if_no_peer_cert,false}
]
}
...

And after restarting the service (this is Windows, by the way) this is what I see in the rabbitmqctl status output:
...
{listeners,
    [{clustering,25672,"::"},
     {amqp,5672,"::"},
     {amqp,5672,"0.0.0.0"},
     {'amqp/ssl',5671,"::"},
     {'amqp/ssl',5671,"0.0.0.0"}]},
...

Is there some other way to configure RabbitMQ to not open port 5672 and only allow connections over port 5671?

Thanks!

Michael Klishin

unread,
Apr 7, 2016, 10:49:52 PM4/7/16
to rabbitm...@googlegroups.com
You haven't provided the exact config file. Try re-installing the service, which is mentioned in the docs.
You are on the right track with setting tcp_listeners to an empty list.
--
You received this message because you are subscribed to the Google Groups "rabbitmq-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
To post to this group, send email to rabbitm...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Ryan Zink

unread,
Apr 8, 2016, 10:10:17 AM4/8/16
to rabbitmq-users
Thanks Michael. I'm attaching my full config file.

This behavior persists even after doing a rabbitmq-service.bat remove followed by a rabbitmq-service.bat install. What else can I try?
rabbitmq.config

Jared Kauppila

unread,
Apr 9, 2016, 12:24:58 AM4/9/16
to rabbitmq-users
What version are you on?

Ryan Zink

unread,
Apr 9, 2016, 10:23:49 PM4/9/16
to rabbitmq-users
We're on 3.5.4

Jared Kauppila

unread,
Apr 9, 2016, 11:00:15 PM4/9/16
to rabbitmq-users
That's what I was afraid of. There was a bug in 3.5.4 where tcp_listeners in the config was not respected on Windows, fixed in 3.5.5+ https://github.com/rabbitmq/rabbitmq-server/issues/288

Ryan Zink

unread,
Apr 10, 2016, 6:20:26 PM4/10/16
to rabbitmq-users
Thanks Jared. At least I know I'm not going crazy. We'll plan for a migration to a newer version.
Reply all
Reply to author
Forward
0 new messages