Getting Connected with RabbitMQ and Elasticsearch

The latest enhancement to Compose makes your life simpler and more secure with the introduction of TLS/SSL certificates backed and verified by Let's Encrypt. We've initially rolled out this new certificate scheme for users of RabbitMQ and Elasticsearch.

We have also published new guides for connecting to RabbitMQ and connecting to Elasticsearch using NodeJS, Java, Python, Go and Ruby. The guides are recommended for anyone setting up a new RabbitMQ or Elasticsearch deployment as these will now be automatically set up with Let's Encrypt certificates.

An Upgrader's Guide

If you are upgrading an existing RabbitMQ or Elasticsearch deployment then, essentially, all you need to do is remove the code you use to set up an SSL certificate for verification or the remove the code which turns off verification. The older style connections for Compose use a downloadable self-signed certificate which can be used to verify the connection.

With the new system, the certificate is validated through the established certificate verification network so no extra steps are needed.

For a Java application, there's no need to create a keystore outside the application, load it at runtime and wrangle the connection. Use the connection strings and it should all just work.

For a Node application, there's no need to read in a file and pass it to the connection by adding ssl:{ } options to your code. Just use the plain https:// (Elasticsearch) or amqps:// (RabbitMQ) connection strings from the Compose console's overview. There's one snag and that's that some drivers don't set the SNI property which is needed when making a connection. The driver for RabbitMQ, amqplib, suffers from this. It's easily worked around though as this snippet shows:

rabbitmqurl = 'amqps://user:password@portal194-1.rabbity.compose-3.composedb.com:10194/Rabbity';  
parsedurl = url.parse(rabbitmqurl);

amqp.connect(rabbitmqurl, { servername: parsedurl.hostname }, function(err, conn) {  
    if (err !== null) return bail(err, conn);

The hostname is simply extracted from the connection string and passed separately to the connect call as servername.

The Bunny library for Ruby and RabbitMQ has a similar issue and there is a patch in for the next release. We show how you can install the patched driver early in the documentation for RabbitMQ connections.

These are the few exceptions to the rule though; in general, all you need to do is remove the code for adding a "ca_cert" and ensure that you aren't suppressing the certificate verification by forcing variables like tls_verify to false.


If you have any feedback about this or any other Compose article, drop the Compose Articles team a line at articles@compose.com. We're happy to hear from you.