UNPKG

amqplib/examples/ssl.js

Version:

2.26 kBJavaScriptView Raw

1// Example of using a TLS/SSL connection. Note that the server must be
2// configured to accept SSL connections; see, for example,
3// http://www.rabbitmq.com/ssl.html.
4//
5// When trying this out, I followed the RabbitMQ SSL guide above,
6// almost verbatim. I set the CN of the server certificate to
7// 'localhost' rather than $(hostname) (since on my MBP hostname ends
8// up being "<blah>.local", which is just weird). My client
9// certificates etc., are in `../etc/client/`. My testca certificate
10// is in `../etc/testca` and server certs etc., in `../etc/server`,
11// and I've made a `rabbitmq.config` file, with which I start
12// RabbitMQ:
13//
14//     RABBITMQ_CONFIG_FILE=`pwd`/../etc/server/rabbitmq \
15//       /usr/local/sbin/rabbitmq-server &
16//
17// A way to check RabbitMQ's running with SSL OK is to use
18//
19//     openssl s_client -connect localhost:5671
20
21var amqp = require('../');
22var fs = require('fs');
23
24// Assemble the SSL options; for verification we need at least
25// * a certificate to present to the server ('cert', in PEM format)
26// * the private key for the certificate ('key', in PEM format)
27// * (possibly) a passphrase for the private key
28//
29// The first two may be replaced with a PKCS12 file ('pfx', in pkcs12
30// format)
31
32// We will also want to list the CA certificates that we will trust,
33// since we're using a self-signed certificate. It is NOT recommended
34// to use `rejectUnauthorized: false`.
35
36// Options for full client and server verification:
37var opts = {
38  cert: fs.readFileSync('../etc/client/cert.pem'),
39  key: fs.readFileSync('../etc/client/key.pem'),
40  // cert and key or
41  // pfx: fs.readFileSync('../etc/client/keycert.p12'),
42  passphrase: 'MySecretPassword',
43  ca: [fs.readFileSync('../etc/testca/cacert.pem')]
44};
45
46// Options for just confidentiality. This requires RabbitMQ's SSL
47// configuration to include the items
48//
49//     {verify, verify_none},
50//     {fail_if_no_peer_cert,false}
51//
52var opts1 = {  ca: [fs.readFileSync('../etc/testca/cacert.pem')] };
53
54var open = amqp.connect('amqps://localhost', opts);
55
56open.then(function(conn) {
57  process.on('SIGINT', conn.close.bind(conn));
58  return conn.createChannel().then(function(ch) {
59    ch.sendToQueue('foo', new Buffer('Hello World!'));
60  });
61}).then(null, console.warn);

1	`// Example of using a TLS/SSL connection. Note that the server must be`
2	`// configured to accept SSL connections; see, for example,`
3	`// http://www.rabbitmq.com/ssl.html.`
4	`//`
5	`// When trying this out, I followed the RabbitMQ SSL guide above,`
6	`// almost verbatim. I set the CN of the server certificate to`
7	`// 'localhost' rather than $(hostname) (since on my MBP hostname ends`
8	`// up being "<blah>.local", which is just weird). My client`
9	// certificates etc., are in `../etc/client/`. My testca certificate
10	// is in `../etc/testca` and server certs etc., in `../etc/server`,
11	// and I've made a `rabbitmq.config` file, with which I start
12	`// RabbitMQ:`
13	`//`
14	// RABBITMQ_CONFIG_FILE=`pwd`/../etc/server/rabbitmq \
15	`// /usr/local/sbin/rabbitmq-server &`
16	`//`
17	`// A way to check RabbitMQ's running with SSL OK is to use`
18	`//`
19	`// openssl s_client -connect localhost:5671`
20
21	`var amqp = require('../');`
22	`var fs = require('fs');`
23
24	`// Assemble the SSL options; for verification we need at least`
25	`// * a certificate to present to the server ('cert', in PEM format)`
26	`// * the private key for the certificate ('key', in PEM format)`
27	`// * (possibly) a passphrase for the private key`
28	`//`
29	`// The first two may be replaced with a PKCS12 file ('pfx', in pkcs12`
30	`// format)`
31
32	`// We will also want to list the CA certificates that we will trust,`
33	`// since we're using a self-signed certificate. It is NOT recommended`
34	// to use `rejectUnauthorized: false`.
35
36	`// Options for full client and server verification:`
37	`var opts = {`
38	`cert: fs.readFileSync('../etc/client/cert.pem'),`
39	`key: fs.readFileSync('../etc/client/key.pem'),`
40	`// cert and key or`
41	`// pfx: fs.readFileSync('../etc/client/keycert.p12'),`
42	`passphrase: 'MySecretPassword',`
43	`ca: [fs.readFileSync('../etc/testca/cacert.pem')]`
44	`};`
45
46	`// Options for just confidentiality. This requires RabbitMQ's SSL`
47	`// configuration to include the items`
48	`//`
49	`// {verify, verify_none},`
50	`// {fail_if_no_peer_cert,false}`
51	`//`
52	`var opts1 = { ca: [fs.readFileSync('../etc/testca/cacert.pem')] };`
53
54	`var open = amqp.connect('amqps://localhost', opts);`
55
56	`open.then(function(conn) {`
57	`process.on('SIGINT', conn.close.bind(conn));`
58	`return conn.createChannel().then(function(ch) {`
59	`ch.sendToQueue('foo', new Buffer('Hello World!'));`
60	`});`
61	`}).then(null, console.warn);`