docker - Rabbitmq SSL not working, throws error "CONNECTED(00000003) write:errno=104" when testing using "openssl s_client -connect myrabbitserver:5671"

Question

I started a rabbitmq server in docker with SSL enabled. Can not get SSL working, please help! The error I see is, When use openssl to test ("openssl s_client -connect myrabbitmwserver:5671"), it shows error as below. Another problem is even I have configured log file location in rabbitmq.conf, the log is still going to stdout, and write no more after the server is started. By the way, the cert and key files are generated by tls-gen and I have tested them using openssl.

Error when ("openssl s_client -connect myrabbitmwserver:5671") as below:

    CONNECTED(00000003)
    write:errno=104
    ---
    no peer certificate available
    ---
    No client certificate CA names sent
    ---
    SSL handshake has read 0 bytes and written 0 bytes
    ---
    New, (NONE), Cipher is (NONE)
    Secure Renegotiation IS NOT supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : 0000
        Session-ID: 
        Session-ID-ctx: 
        Master-Key: 
        Key-Arg   : None
        Krb5 Principal: None
        PSK identity: None
        PSK identity hint: None
        Start Time: 1611850400
        Timeout   : 300 (sec)
        Verify return code: 0 (ok)

---

Docker file is:

FROM rabbitmq:3.8.3-management
WORKDIR /etc/rabbitmq
ADD rabbitmq.conf ./
ADD definitions.json ./
COPY ./certs/ca_certificate.pem ./certs/server_certificate.pem ./certs/server_key.pem ./
RUN chown rabbitmq:rabbitmq rabbitmq.conf definitions.json ca_certificate.pem server_certificate.pem server_key.pem
CMD ["rabbitmq-server"]

Docker run command: docker run -d --hostname my-rabbit --name some-rabbit -p 15671:15671 -p 5671:5671 -p 15672:15672 zhengxie/cogana_rabbitmq:3.8

Logs showing listener started on 5671

Inside the container: (docker exec -it some-rabbit /bin/bash)

**root@my-rabbit:/etc/rabbitmq# ls -l**
total 24
-rwxr-xr-x 1 rabbitmq rabbitmq 1196 Jan 26 10:55 ca_certificate.pem
-rw-rw-r-- 1 rabbitmq rabbitmq 1199 Jan 26 14:56 definitions.json
-rw-r--r-- 1 root     root       23 May 21  2020 enabled_plugins
-rw-rw-r-- 1 rabbitmq rabbitmq  811 Jan 28 14:51 rabbitmq.conf
-rwxr-xr-x 1 rabbitmq rabbitmq 1314 Jan 26 10:55 server_certificate.pem
-rwxr-xr-x 1 rabbitmq rabbitmq 1858 Jan 26 10:55 server_key.pem

**root@my-rabbit:/etc/rabbitmq# cat rabbitmq.conf** 
loopback_users.guest = false
listeners.ssl.default = 5671
ssl_options.cacertfile = /etc/rabbitmq/ca_certificate.pem
ssl_options.certfile = /etc/rabbitmq/server_certificate.pem
ssl_options.fail_if_no_peer_cert = false
ssl_options.keyfile = /etc/rabbitmq/server_key.pem
ssl_options.verify = verify_none
default_pass = guest123
default_user = guest
management.ssl.port = 15671
management.ssl.cacertfile = /etc/rabbitmq/ca_certificate.pem
management.ssl.certfile = /etc/rabbitmq/server_certificate.pem
management.ssl.fail_if_no_peer_cert = false
management.ssl.keyfile = /etc/rabbitmq/server_key.pem
management.ssl.verify = verify_none
log.console.level = debug
log.file = rabbit.log
log.dir = /var/log/rabbitmq
log.file.level = debug
log.connection.level = debug
log.channel.level = debug
log.queue.level = debug


**root@my-rabbit:/etc/rabbitmq# rabbitmq-diagnostics status**
Status of node rabbit@my-rabbit ...
Runtime

OS PID: 174
OS: Linux
Uptime (seconds): 2852
RabbitMQ version: 3.8.3
Node name: rabbit@my-rabbit
Erlang configuration: Erlang/OTP 22 [erts-10.7.2.1] [source] [64-bit] [smp:4:4] [ds:4:4:10] [async-threads:64]
Erlang processes: 443 used, 1048576 limit
Scheduler run queue: 1
Cluster heartbeat timeout (net_ticktime): 60

Plugins

Enabled plugin file: /etc/rabbitmq/enabled_plugins
Enabled plugins:

 * rabbitmq_management
 * rabbitmq_web_dispatch
 * rabbitmq_management_agent
 * amqp_client
 * cowboy
 * cowlib

Data directory

Node data directory: /var/lib/rabbitmq/mnesia/rabbit@my-rabbit

Config files

 * /etc/rabbitmq/rabbitmq.conf

Log file(s)

 * <stdout>

Alarms

(none)

Memory

Calculation strategy: rss
Memory high watermark setting: 0.4 of available memory, computed to: 6.6628 gb
code: 0.0302 gb (27.21 %)
other_proc: 0.028 gb (25.21 %)
other_system: 0.025 gb (22.57 %)
allocated_unused: 0.0216 gb (19.45 %)
other_ets: 0.0029 gb (2.62 %)
atom: 0.0015 gb (1.37 %)
plugins: 0.0011 gb (0.95 %)
metrics: 0.0002 gb (0.19 %)
mgmt_db: 0.0002 gb (0.16 %)
binary: 0.0001 gb (0.13 %)
mnesia: 0.0001 gb (0.07 %)
quorum_ets: 0.0 gb (0.04 %)
msg_index: 0.0 gb (0.03 %)
connection_other: 0.0 gb (0.0 %)
connection_channels: 0.0 gb (0.0 %)
connection_readers: 0.0 gb (0.0 %)
connection_writers: 0.0 gb (0.0 %)
queue_procs: 0.0 gb (0.0 %)
queue_slave_procs: 0.0 gb (0.0 %)
quorum_queue_procs: 0.0 gb (0.0 %)
reserved_unallocated: 0.0 gb (0.0 %)

File Descriptors

Total: 2, limit: 1048479
Sockets: 0, limit: 943629

Free Disk Space

Low free disk space watermark: 0.05 gb
Free disk space: 5.3121 gb

Totals

Connection count: 0
Queue count: 0
Virtual host count: 1

Listeners

Interface: [::], port: 25672, protocol: clustering, purpose: inter-node and CLI tool communication
Interface: [::], port: 5672, protocol: amqp, purpose: AMQP 0-9-1 and AMQP 1.0
Interface: [::], port: 5671, protocol: amqp/ssl, purpose: AMQP 0-9-1 and AMQP 1.0 over TLS
Interface: [::], port: 15671, protocol: https, purpose: HTTP API over TLS (HTTPS)

**root@my-rabbit:/etc/rabbitmq# rabbitmq-diagnostics log_location**
Log file location(s) on node rabbit@my-rabbit ...
<stdout>

question from:https://stackoverflow.com/questions/65941380/rabbitmq-ssl-not-working-throws-error-connected00000003-writeerrno-104-whe

Answer 1

Waitting for answers