App Store Wiki

User Tools

Site Tools

Trace:
data_core:rabbitmq

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
data_core:rabbitmq [2023/03/16 17:10] sudata_core:rabbitmq [2023/08/26 10:46] – [More RabbitMQ Resources] su
Line 61: Line 61:
 {{ :data_core:rabbitmq_02.png?400 |}} {{ :data_core:rabbitmq_02.png?400 |}}
  
-**Hint 8-):** Bookmark this link.+**Hint** Bookmark this link.
      
 The default login is Guest/Guest. The default login is Guest/Guest.
Line 75: Line 75:
  
   * **Routing Key** \\ The routing key to set on messages containing snapshot/historical tag values.   * **Routing Key** \\ The routing key to set on messages containing snapshot/historical tag values.
- 
  
  
Line 89: Line 88:
  
  
-===== How to use RabbitMQ for Secure Resilient Data Transfer ===== 
- 
-RabbitMQ  supports server to server message transfer via the plugin RabbitMQ Shovel. 
- 
-  * Messages are not removed from the source queue until an ack is received from the destination queue. 
-  * It supports TLS data encryption.  
- 
-Altogether, RabbitMQ provides the ideal conduit for Data Core to employ for resilient and secure process data transfer. 
- 
-** 1. Enable RabbitMQ Shovel ** 
- 
-RabbitMQ Shovel is a required on the source/upstream RabbitMQ server. If not already enabled, do so now. 
- 
-Open **RabbitMQ Command Prompt** in admin mode and enter 
- 
-  rabbitmq-service stop 
-  rabbitmq-plugins enable rabbitmq_shovel 
-  rabbitmq-plugins enable rabbitmq_shovel_management 
-  rabbitmq-service start 
-   
- 
-** 2. Configure Firewall Rules ** 
- 
-Firewall rules must be configured on the destination/downstream RabbitMQ server. 
- 
-Open Windows Defender Firewall and configure two new **Inbound Rules**: 
- 
-^ Name ^ Description ^ Port ^ 
-| AMQP | Advanced Message Queue Protocol - employed by RabbitMQ | 5672 | 
-| AMQPS | Advanced Message Queue Protocol Secure - employed by RabbitMQ | 5671 | 
- 
-{{ :data_core:rabbitmq_03.png?400 |}} 
- 
-The AMQP rule should only be employed for testing and can be disabled when not required. We also recommending resticting access to the above rules by specifying the permitted "Remote IP Address" scope. 
- 
-** 4. Create a RabbitMQ User ** 
- 
-A new user must be defined on the destination/downstream RabbitMQ server. The source will use this for authorization. 
- 
-  * Open RabbitMQ Administration UI (http://localhost:15672/) 
-  * Select Admin > Users 
-  * Add User 
-    * Name: data_transfer_user 
-    * Password: <you decide> 
- 
-** 5. Create a Self-Signed CA Certificate ** 
- 
-The certificate is used for TLS encryption.  
- 
-Create a self-signed CA certificate, save it to a PFX file that can be stored in  
-a secure location when issuing new certificates in the future, and save the certificate  
-(without the private key) to a PEM file that can be copied to the upstream server  
-and used directly by RabbitMQ and indirectly by the upstream Data Core node after  
-being imported into the Trusted Root Certificate Authorities store there. 
- 
-Create a certificate for a downstream RabbitMQ broker that must act as a server  
-for local and remote clients (i.e. requires the Server Authentication EKU in the  
-certificate) and save the certificate and private key to PEM files for use by  
-RabbitMQ. 
- 
-On the destination/downstream server, create folder: 
- 
-  C:\Program Files\RabbitMQ Server\certs 
- 
-and add the following files: 
- 
-  * ca.crt 
-  * downstream-rabbitmq.crt 
-  * downstream-rabbitmq.key 
- 
-On the source/upstream server, create folder: 
- 
-  C:\Program Files\RabbitMQ Server\certs 
-   
- and add the following files: 
- 
-  * ca.crt 
- 
-** 6. Create RabbitMQ Configuration File ** 
- 
-On the downstream/destination server, create file: 
- 
-  %AppData%/RabbitMQ/rabbitmq.conf 
-   
-Add the following settings: 
- 
-  listeners.ssl.default = 5671 
-  ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt 
-  ssl_options.certfile   = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.crt 
-  ssl_options.keyfile    = C:/Program Files/RabbitMQ Server/certs/downstream-rabbitmq.key 
-  ssl_options.verify     = verify_none 
-  ssl_options.fail_if_no_peer_cert = false 
-   
-On the source/upstream server, create file: 
- 
-  %AppData%/RabbitMQ/rabbitmq.conf 
- 
-Add the following settings: 
- 
-ssl_options.cacertfile = C:/Program Files/RabbitMQ Server/certs/ca.crt 
- 
-** 7. Configure RabbitMQ Shovel ** 
- 
-On the source/upstream server, open the RabbitMQ Admin UI. 
- 
-Select Admin > Shovel Management > Add a new shovel  
- 
-Complete the form as follows: 
- 
-| Name | Data Core Tag Values | 
-| Source | AMQP 0.9.1 | 
-| URI | amqp:// | 
-| Queue | data_core.tag_values |  
-| Prefetch count |  | 
-| Auto-delete | Never | 
-| Destination| AMQP 0.9.1 | 
-| URI | amqps://data_transfer_user:<password>@<servername> | 
-| Queue | data_core.tag_values |  
-| Add forwarding headers | No | 
-| Reconnect delay | | 
-| Acknowledgment mode | On confirm | 
- 
-{{ :data_core:rabbitmq_05.png?400 |}} 
- 
-  
  
 +===== More RabbitMQ Resources =====
  
 +  * [[DataCore:Enable Resilient Data Transfer with RabbitMQ]]
 +  * [[DataCore:Enable Resilient Data Transfer with RabbitMQ - "Fast Flow" Variation]] 
  
  
data_core/rabbitmq.txt · Last modified: 2023/12/14 15:27 by su