RabbitMQ FIPS Cipher

export OPENSSL_FIPS=1

export OPENSSL_CONF=/usr/local/ssl/openssl.cnf

export OPENSSL_MODULES=/usr/local/lib64/ossl-modules

export LD_LIBRARY_PATH=/usr/local/lib/:/usr/local/lib64/

export PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig/

if [ $CLUSTERING != false ]; then

export RABBITMQ_USE_LONGNAME=true

rabbitmq-plugins enable –offline rabbitmq_peer_discovery_k8s

fi

# Erlang SSL

CIPHERS=‘ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-GCM-SHA256:AES128-SHA256:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256’

export ERL_SSL_PATH=/usr/local/lib/erlang/lib/ssl-11.0.3/ebin

export RABBITMQ_SERVER_ADDITIONAL_ERL_ARGS=“-pa ${ERL_SSL_PATH} -proto_dist inet_tls -ssl_dist_opt server_certfile /etc/rabbitmq/ssl/server.pem -ssl_dist_opt server_keyfile /etc/rabbitmq/ssl/server.key -ssl_dist_opt server_secure_renegotiate true client_secure_renegotiate true -ssl_dist_opt server_ciphers ${CIPHERS}”

# Logs to stdout

export RABBITMQ_LOGS=

export RABBITMQ_SASL_LOGS=

# ERL VM tuning

export RABBITMQ_SCHEDULER_BIND_TYPE=ts

export RABBITMQ_VERSION=3.12.7

export RABBITMQ_HOME=/srv/rabbitmq_server-${RABBITMQ_VERSION}

#replace the rabbitmq service_name and hostname_suffix

sed -i “s/REPLACE_SERVICE_NAME/$K8S_SERVICE_NAME/g” ${RABBITMQ_HOME}/etc/rabbitmq/rabbitmq.conf

sed -i “s/REPLACE_HOSTNAME_SUFFIX/$K8S_HOSTNAME_SUFFIX/g” ${RABBITMQ_HOME}/etc/rabbitmq/rabbitmq.conf

echo “rabbitmq hostname $K8S_HOSTNAME_SUFFIX

echo “and service name $K8S_SERVICE_NAME

sleep 10 &

wait $!

#service account token is mounted at location and described in rabbitmq.conf as k8s_token_path

podName=`hostname -f`

export RABBITMQ_NODENAME=rabbit@$podName

# RMQ server process so we can tail the logs

# to the same stdout

rabbitmq-server &

Read more here: Source link