DEV Community

Niko Abeler
Niko Abeler

Posted on

Setup Rabbitmq With Users for Docker Compose

This guide is written for RabbitMQ 3.9!

Configuring the RabbitMQ Server

For the configuration of the RabbitMQ server we will use a rabbitmq.conf and a definitions.json. I stored these files in a rabbitmq folder to keep my project folder structure clean. This setup is derived from sudos answer on StackOverflow

The rabbitmq.conf deactivates the default guest user and tells RabbitMQ to load the definition file.

loopback_users.guest = false
management.load_definitions = /etc/rabbitmq/definitions.json
Enter fullscreen mode Exit fullscreen mode

In the definition file we can define our users, vhosts and permissions.

{
 "rabbit_version": "3.9",
 "users": [
  {
   "name": "local_jobs",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": ""
  },
  {
   "name": "adminuser",
   "password_hash": ">>>HASH<<<",
   "hashing_algorithm": "rabbit_password_hashing_sha256",
   "tags": "administrator"
  }
 ],
 "vhosts": [
  {
   "name": "\/"
  },
 ],
 "permissions": [
  {
   "user": "local_jobs",
   "vhost": "\/",
   "configure": ".*",
   "write": ".*",
   "read": ".*"
  }
 ],
 "parameters": [],
 "policies": [],
 "queues": [],
 "exchanges": [],
 "bindings": []
}
Enter fullscreen mode Exit fullscreen mode

To add the configurations to the RabbitMQ server they are added via the volumes options in the docker-compose.yml

  rabbitmq:
    hostname: rabbitmq
    image: rabbitmq:3.9-management
    command: rabbitmq-server
    ports:
      - "5672:5672"
      - "15672:15672"
    volumes:
      - ./rabbitmq/rabbitmq.conf:/etc/rabbitmq/rabbitmq.conf:ro
      - ./rabbitmq/definitions.json:/etc/rabbitmq/definitions.json:ro
Enter fullscreen mode Exit fullscreen mode

Generating Password Hashs

In order to generate the password hashs I used the python script by Todd Lyons on StackOverflow

#!/usr/bin/env python3

# rabbitMQ password hashing algo as laid out in:
# http://lists.rabbitmq.com/pipermail/rabbitmq-discuss/2011-May/012765.html

from __future__ import print_function
import base64
import os
import hashlib
import struct
import sys

# This is the password we wish to encode
password = sys.argv[1]

# 1.Generate a random 32 bit salt:
# This will generate 32 bits of random data:
salt = os.urandom(4)

# 2.Concatenate that with the UTF-8 representation of the plaintext password
tmp0 = salt + password.encode('utf-8')

# 3. Take the SHA256 hash and get the bytes back
tmp1 = hashlib.sha256(tmp0).digest()

# 4. Concatenate the salt again:
salted_hash = salt + tmp1

# 5. convert to base64 encoding:
pass_hash = base64.b64encode(salted_hash)

print(pass_hash.decode("utf-8"))
Enter fullscreen mode Exit fullscreen mode

Top comments (0)