From fff5dd9218b4917abb28efe0227f4994948ed5cc Mon Sep 17 00:00:00 2001 From: douxu Date: Thu, 5 Feb 2026 17:04:46 +0800 Subject: [PATCH] optimize code of rabbitmq deploy --- deploy/rabbitmq-config.yaml | 12 +++++++----- deploy/secert.sh | 5 +++++ 2 files changed, 12 insertions(+), 5 deletions(-) create mode 100644 deploy/secert.sh diff --git a/deploy/rabbitmq-config.yaml b/deploy/rabbitmq-config.yaml index cc96b56..5e27eb6 100644 --- a/deploy/rabbitmq-config.yaml +++ b/deploy/rabbitmq-config.yaml @@ -10,7 +10,6 @@ data: # 允许admin用户通过远程方式连接 loopback_users.admin = false # 默认心跳和监听配置可在此扩展 - # ssl 新增部分 # 确定 ssl 连接时验证使用的用户名 ssl_cert_login_from = common_name # 开启此项配置会导致只能通过TLS端口访问 @@ -20,11 +19,14 @@ data: ssl_options.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem ssl_options.certfile = /etc/rabbitmq/certs/server_certificate.pem ssl_options.keyfile = /etc/rabbitmq/certs/server_key.pem + ssl_options.verify = verify_peer + ssl_options.fail_if_no_peer_cert = true + # ssl_options.verify = verify_none + # ssl_options.fail_if_no_peer_cert = false # management ssl config - management.ssl.port = 15671 + management.ssl.port = 15671 management.ssl.cacertfile = /etc/rabbitmq/certs/ca_certificate.pem management.ssl.certfile = /etc/rabbitmq/certs/server_certificate.pem management.ssl.keyfile = /etc/rabbitmq/certs/server_key.pem - # 启用双向认证 - ssl_options.verify = verify_peer - ssl_options.fail_if_no_peer_cert = true + management.ssl.verify = verify_peer + management.ssl.fail_if_no_peer_cert = true diff --git a/deploy/secert.sh b/deploy/secert.sh new file mode 100644 index 0000000..f0c050e --- /dev/null +++ b/deploy/secert.sh @@ -0,0 +1,5 @@ +# 创建一个名为 rabbitmq-certs 的 Secret,包含文件夹下的所有证书文件 +kubectl create secret generic rabbitmq-certs \ + --from-file=ca_certificate.pem=./certs/ca_certificate.pem \ + --from-file=server_certificate.pem=./certs/server_certificate.pem \ + --from-file=server_key.pem=./certs/server_key.pem \ No newline at end of file