23.RabbitMQ rabbitmq.conf配置文件详解

予早 2025-02-21 01:08:23
Categories: Tags:

https://github.com/rabbitmq/rabbitmq-server/blob/v3.12.x/deps/rabbit/docs/rabbitmq.conf.example
https://www.cnblogs.com/operationhome/p/10483840.html
https://www.cnblogs.com/-wenli/p/13587840.html

网络

https://rabbitmq.com/networking.html

listeners

默认情况下,RabbitMQ监听所有IP的5672端口

listeners.tcp.default = 5672

允许指定IP:PORT监听,以及设置多个监听者,监听者名称自定义

# 设置名为local和local_v6的监听者
# IPv4
listeners.tcp.local    = 127.0.0.1:5672
# IPv6
listeners.tcp.local_v6 = ::1:5672

允许禁用普通 TCP(非 TLS)监听器,未使用TLS的客户端将无法连接。

listeners.tcp = none

TLS 监听器的配置方式与 TCP 监听器相同,包括控制接口选择的选项。

listeners.ssl.default = 5671

num_acceptors

接受 TCP 和 TLS 监听器连接的 Erlang 进程数。

# num_acceptors.tcp = 10
# num_acceptors.ssl = 10

socket_writer.gc_threshold

socket写入该值所示字节会被强制GC,默认为1GiB

socket_writer.gc_threshold = 1000000000

不启用该机制

socket_writer.gc_threshold = off

handshake_timeout

AMQP 0-9-1 和 AMQP 1.0 握手(在套接字连接和 TLS 握手后执行)允许完成的最长时间(毫秒),默认为10s。

handshake_timeout = 10000

reverse_dns_lookups

设置为 “true “可在接受连接时执行反向 DNS 查找。这样 rabbitmqctl 和管理用户界面将显示主机名而不是 IP 地址。默认值为 “false”。

reverse_dns_lookups = false

安全

https://rabbitmq.com/access-control.html

loopback_users.guest

默认情况下,默认用户guest仅可在回环地址访问RabbitMQ服务器

loopback_users.guest = true

置false可在任意IP访问RabbitMQ服务器

loopback_users.guest = false

定义加载

load_definitions

节点启动时从本地文件导入定义
https://www.rabbitmq.com/definitions.html#import-on-boot

load_definitions = /path/to/definitions/file.json

集群名称

cluster_name

cluster_name = dev3.eng.megacorp.local

默认虚拟主机和用户

https://rabbitmq.com/access-control.html
https://rabbitmq.com/management.html
首次启动RabbitMQ时会创建一个虚拟主机和一个用户

default_vhost = /
default_user = guest
default_pass = guest
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*
default_user_tags.administrator = true
default_user_tags.management = true
default_user_tags.custom_tag = true

内存、外存限制

https://rabbitmq.com/memory.html

内存高水位限制

限制内存最多占用40%

vm_memory_high_watermark.relative = 0.4

限制内存最多占用1073741824字节(1GB),RabbitMQ 3.6.0+支持单位

vm_memory_high_watermark.absolute = 1073741824
# vm_memory_high_watermark.absolute = 1GB

vm_memory_high_watermark_paging_ratio

内存占用达到高水位的vm_memory_high_watermark_paging_ratio比例时队列会将信息分页到磁盘以降低内存占用。
例如,设置vm_memory_high_watermark为0.4,vm_memory_high_watermark_paging_ratio为0.5,则当内占用为20%时队列分页开始。

vm_memory_high_watermark_paging_ratio = 0.4

vm_memory_calculation_strategy

Erlang虚拟机内存占用计算策略,allocated、rss、legacy(erlang)。在 3.6.11 中引入。从 3.6.12 起,rss为默认设置。

## See https://github.com/rabbitmq/rabbitmq-server/issues/1223 and rabbitmq/rabbitmq-common#224 for background.
vm_memory_calculation_strategy = rss

memory_monitor_interval

内存检查时间间隔,单位为毫秒

memory_monitor_interval = 2500

操作系统内存总量

total_memory_available_override_value = 2GB

可用磁盘限制

可用磁盘低于该值会触发告警。相对限制设置时会忽略绝对限制。

限制可用磁盘最低为可用内存的两倍

disk_free_limit.relative = 2.0

限制可用磁盘最低为5G,RabbitMQ 3.6.0+支持单位,同vm_memory_high_watermark

disk_free_limit.absolute = 5GB

Raft设置


raft.segment_max_entries = 65536
raft.wal_max_size_bytes = 1048576
raft.wal_max_batch_size = 4096
raft.snapshot_chunk_size = 1000000

集群

集群分区处理

不予处理

cluster_partition_handling = ignore

停止少数侧分区节点,集群节点数必须为单数。

cluster_partition_handling = pause_minority

pause_if_all_down

cluster_partition_handling = pause_if_all_down

# 恢复策略,可以是autoheal或者ignore
cluster_partition_handling.pause_if_all_down.recover = ignore

# 要检查的节点名称
# cluster_partition_handling.pause_if_all_down.nodes.1 = rabbit@localhost
# cluster_partition_handling.pause_if_all_down.nodes.2 = hare@localhost

mirroring_sync_batch_size

镜像同步批次大小(以信息为单位)。增大该大小将加快同步速度,但以字节为单位的总批次大小不得超过 2 GiB。在 RabbitMQ 3.6.0 或更高版本中可用。

mirroring_sync_batch_size = 4096

集群构建

自动构建集群,仅适用于节点首次启动或者节点被重置。
https://rabbitmq.com//cluster-formation.html

# cluster_formation.peer_discovery_backend     = rabbit_peer_discovery_classic_config
#
# cluster_formation.classic_config.nodes.1 = rabbit1@hostname
# cluster_formation.classic_config.nodes.2 = rabbit2@hostname
# cluster_formation.classic_config.nodes.3 = rabbit3@hostname
# cluster_formation.classic_config.nodes.4 = rabbit4@hostname

## DNS-based peer discovery. This backend will list A records
## of the configured hostname and perform reverse lookups for
## the addresses returned.

# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_dns
# cluster_formation.dns.hostname = discovery.eng.example.local

## This node's type can be configured. If you are not sure
## what node type to use, always use 'disc'.
# cluster_formation.node_type = disc

集群保活信息时间间隔

每隔该值时间后向其他集群成员发送保活信息,单位为毫秒。
Note that this is not the same thing as net_ticktime; missed keepalive messages will not cause nodes to be considered down.

cluster_keepalive_interval = 10000

其他网络和协议相关配置

hearbeat

以秒为单位设置服务器 AMQP 0-9-1 心跳超时时间。RabbitMQ 节点将大致按照(超时时间/2)的间隔发送心跳帧。客户端错过两次心跳将关闭其连接。低于 6 秒的值很可能产生误报,因此不建议使用。
https://rabbitmq.com/heartbeats.html
https://rabbitmq.com/networking.html

heartbeat = 60

frame_max

设置 AMQP 帧的最大允许大小(以字节为单位)

frame_max = 131072

initial_frame_max

Set the max frame size the server will accept before connection tuning occurs

initial_frame_max = 4096

设置每个连接允许的最大通道数,0表示无限制。

channel_max = 128

Customising TCP Listener (Socket) Configuration

https://rabbitmq.com/networking.html
https://www.erlang.org/doc/man/inet.html#setopts-2

# tcp_listen_options.backlog = 128
# tcp_listen_options.nodelay = true
# tcp_listen_options.exit_on_close = false
#
# tcp_listen_options.keepalive = true
# tcp_listen_options.send_timeout = 15000
#
# tcp_listen_options.buffer = 196608
# tcp_listen_options.sndbuf = 196608
# tcp_listen_options.recbuf = 196608

其他

mnesia_table_loading_retry_timeout

等待集群中的 Mnesia 表可用时使用的超时时间。

mnesia_table_loading_retry_timeout = 30000

mnesia_table_loading_retry_limit

群集启动时等待 Mnesia 表的重试次数。请注意,此设置不适用于 Mnesia 升级或节点删除。

mnesia_table_loading_retry_limit = 10

queue_index_embed_msgs_below

该值所示大小以下的消息被嵌入队列索引,https://rabbitmq.com/persistence-conf.html

queue_index_embed_msgs_below = 4096
# queue_index_embed_msgs_below = 4kb

background_gc_enabled

background_gc_enabled = false

background_gc_target_interval

运行后台 GC 的目标(期望)时间间隔(以毫秒为单位)。实际时间间隔将根据执行操作所需的时间而变化(可以高于此时间间隔)。不建议使用小于 30000 毫秒的值。

background_gc_target_interval = 60000

是否启用代理协议支持。一旦启用,客户端就不能再直接连接到代理。它们必须通过负载平衡器进行连接,负载平衡器会在连接时向代理发送代理协议头。此设置只适用于 AMQP 客户端,其他协议(如 MQTT 或 STOMP)有自己的设置来启用代理协议。更多信息,请参阅插件文档。

proxy_protocol = false

产品信息和版本

# product.name = RabbitMQ
# product.version = 3.13.0

“Message of the day” file

Default to /etc/rabbitmq/motd on Unix, %APPDATA%\RabbitMQ\motd.txt

motd_file = /etc/rabbitmq/motd

消费者超时时间

在该计时器触发之前,若发送到消费者的信息还没有被ack,则该channel将被broker强制关闭,以确保故障消费者不会无期限地保留信息。

consumer_timeout = 900000

TLS

https://rabbitmq.com/ssl.html

# listeners.ssl.1                  = 5671

# ssl_options.verify               = verify_peer
# ssl_options.fail_if_no_peer_cert = false
# ssl_options.cacertfile           = /path/to/cacert.pem
# ssl_options.certfile             = /path/to/cert.pem
# ssl_options.keyfile              = /path/to/key.pem

# ssl_options.honor_cipher_order   = true
# ssl_options.honor_ecc_order      = true
## 强烈建议在 TLSv1.2 中使用,但不能在 TLSv1.3 中使用。如果启用了 TLSv1.3,则必须删除这些行。
# ssl_options.client_renegotiation = false
# ssl_options.secure_renegotiate   = true

## 限制服务器为客户端 TLS 连接启用的 TLS 版本
## https://www.rabbitmq.com/ssl.html#tls-versions
## 1.3为最新版本
## 1.2为主流版本,具有最佳兼容性
## 更旧的版本不要采用
# ssl_options.versions.1 = tlsv1.3
# ssl_options.versions.2 = tlsv1.2

# ssl_options.bypass_pem_cache = true
## TLS handshake timeout, in milliseconds.
##
# ssl_handshake_timeout = 5000

# 限制服务器用于客户端 TLS 连接的密码套件。缩小范围会导致某些客户端无法连接。
#
## The example below uses TLSv1.3 cipher suites only
# ssl_options.ciphers.1  = TLS_AES_256_GCM_SHA384
# ssl_options.ciphers.2  = TLS_AES_128_GCM_SHA256
# ssl_options.ciphers.3  = TLS_CHACHA20_POLY1305_SHA256
# ssl_options.ciphers.4  = TLS_AES_128_CCM_SHA256
# ssl_options.ciphers.5  = TLS_AES_128_CCM_8_SHA256
#
## The example below uses TLSv1.2 cipher suites only
# ssl_options.ciphers.1  = ECDHE-ECDSA-AES256-GCM-SHA384
# ssl_options.ciphers.2  = ECDHE-RSA-AES256-GCM-SHA384
# ssl_options.ciphers.3  = ECDHE-ECDSA-AES256-SHA384
# ssl_options.ciphers.4  = ECDHE-RSA-AES256-SHA384
# ssl_options.ciphers.5  = ECDH-ECDSA-AES256-GCM-SHA384
# ssl_options.ciphers.6  = ECDH-RSA-AES256-GCM-SHA384
# ssl_options.ciphers.7  = ECDH-ECDSA-AES256-SHA384
# ssl_options.ciphers.8  = ECDH-RSA-AES256-SHA384
# ssl_options.ciphers.9  = DHE-RSA-AES256-GCM-SHA384
# ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384
# ssl_options.ciphers.11 = DHE-RSA-AES256-SHA256
# ssl_options.ciphers.12 = DHE-DSS-AES256-SHA256
# ssl_options.ciphers.13 = ECDHE-ECDSA-AES128-GCM-SHA256
# ssl_options.ciphers.14 = ECDHE-RSA-AES128-GCM-SHA256
# ssl_options.ciphers.15 = ECDHE-ECDSA-AES128-SHA256
# ssl_options.ciphers.16 = ECDHE-RSA-AES128-SHA256
# ssl_options.ciphers.17 = ECDH-ECDSA-AES128-GCM-SHA256
# ssl_options.ciphers.18 = ECDH-RSA-AES128-GCM-SHA256
# ssl_options.ciphers.19 = ECDH-ECDSA-AES128-SHA256
# ssl_options.ciphers.20 = ECDH-RSA-AES128-SHA256
# ssl_options.ciphers.21 = DHE-RSA-AES128-GCM-SHA256
# ssl_options.ciphers.22 = DHE-DSS-AES128-GCM-SHA256
# ssl_options.ciphers.23 = DHE-RSA-AES128-SHA256
# ssl_options.ciphers.24 = DHE-DSS-AES128-SHA256
# ssl_options.ciphers.25 = ECDHE-ECDSA-AES256-SHA
# ssl_options.ciphers.26 = ECDHE-RSA-AES256-SHA
# ssl_options.ciphers.27 = DHE-RSA-AES256-SHA
# ssl_options.ciphers.28 = DHE-DSS-AES256-SHA
# ssl_options.ciphers.29 = ECDH-ECDSA-AES256-SHA
# ssl_options.ciphers.30 = ECDH-RSA-AES256-SHA
# ssl_options.ciphers.31 = ECDHE-ECDSA-AES128-SHA
# ssl_options.ciphers.32 = ECDHE-RSA-AES128-SHA
# ssl_options.ciphers.33 = DHE-RSA-AES128-SHA
# ssl_options.ciphers.34 = DHE-DSS-AES128-SHA
# ssl_options.ciphers.35 = ECDH-ECDSA-AES128-SHA
# ssl_options.ciphers.36 = ECDH-RSA-AES128-SHA

Authentication

认证机制设置
https://rabbitmq.com/authentication.html

# auth_mechanisms.1 = PLAIN
# auth_mechanisms.2 = AMQPLAIN
# auth_mechanisms.3 = EXTERNAL

可不设置其他认证方式,强制对客户端使用x509证书认证方式,会导致Management UI无法登录

# auth_mechanisms.1 = EXTERNAL

## This pertains to both the rabbitmq-auth-mechanism-ssl plugin and
## STOMP ssl_cert_login configurations. See the RabbitMQ STOMP plugin
## configuration section later in this file and the README in
## https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
## details.
##
## To use the TLS cert's CN instead of its DN as the username
##
# ssl_cert_login_from   = common_name

## Password hashing implementation. Will only affect newly
## created users. To recalculate hash for an existing user
## it's necessary to update her password.
##
## To use SHA-512, set to rabbit_password_hashing_sha512.
##
# password_hashing_module = rabbit_password_hashing_sha256

## When importing definitions exported from versions earlier
## than 3.6.0, it is possible to go back to MD5 (only do this
## as a temporary measure!) by setting this to rabbit_password_hashing_md5.
##
# password_hashing_module = rabbit_password_hashing_md5

认证与授权

The rabbitmq_auth_backend_ldap plugin allows the broker to perform authentication and authorisation by deferring to an external LDAP server.

https://rabbitmq.com/plugins.html
https://rabbitmq.com/access-control.html
https://rabbitmq.com/ldap.html

# 使用默认认证与授权
auth_backends.1   = rabbit_auth_backend_internal

# 认证授权分离,使用LDAP认证,使用默认机制授权
auth_backends.1.authn = rabbit_auth_backend_ldap
auth_backends.1.authz = rabbit_auth_backend_internal

# 使用LDAP认证和授权
auth_backends.1 = rabbit_auth_backend_ldap

# 使用http服务认证和授权
auth_backends.1 = rabbit_auth_backend_http

# uses two backends in a chain: HTTP first, then internal
auth_backends.1   = rabbit_auth_backend_http
auth_backends.2   = rabbit_auth_backend_internal
3.User
22.性能测试