Add service accounts#
To configure the message broker for an application:
Add a user, in a private Pillar file, replacing
PASSWORDwith a strong password (uncheck Symbols) and
USERNAMEwith a recognizable username:
rabbitmq: users: USERNAME: password: "PASSWORD"
If the user is an administrative or service account, allow configure and write operations on all resources:
rabbitmq: users: USERNAME: password: "PASSWORD" write: true
To give the user access to the management interface, add:
rabbitmq: users: USERNAME: password: "PASSWORD" tags: - management
To give the user access to memory use, add:
rabbitmq: users: USERNAME: password: "PASSWORD" tags: - management - monitoring
Add the private Pillar file to the top file entry for the application.
The default user named
guest is deleted by default. To retain the user, update the server’s Pillar file:
rabbitmq: guest_enabled: True
Do not do this if a management interface port (15671, 15672) is open or proxied.
Proxy management interface#
The RabbitMQ management plugin is enabled by default.
The management interface can be accessed at all times by using an SSH tunnel.
To proxy traffic through Apache instead, add to your service’s Pillar file, replacing
apache: public_access: True sites: rabbitmq: configuration: rabbitmq servername: SERVERNAME