RabbitMQ is an open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). The RabbitMQ server is written in the Erlang programming language and is built on the Open Telecom Platform framework for clustering and failover. Client libraries to interface with the broker are available for all major programming languages.
$ docker run --name rabbitmq bitnami/rabbitmq:latest
$ curl -sSL https://raw.githubusercontent.com/bitnami/bitnami-docker-rabbitmq/master/docker-compose.yml > docker-compose.yml
$ docker-compose up -d
You can find the default credentials and available configuration options in the Environment Variables section.
- Bitnami closely tracks upstream source changes and promptly publishes new versions of this image using our automated systems.
- With Bitnami images the latest bug fixes and features are available as soon as possible.
- Bitnami containers, virtual machines and cloud images use the same components and configuration approach - making it easy to switch between formats based on your project needs.
- All our images are based on minideb a minimalist Debian based container image which gives you a small base container image and the familiarity of a leading Linux distribution.
- All Bitnami images available in Docker Hub are signed with Docker Content Trust (DCT). You can use
DOCKER_CONTENT_TRUST=1
to verify the integrity of the images. - Bitnami container images are released daily with the latest distribution packages available.
This CVE scan report contains a security report with all open CVEs. To get the list of actionable security issues, find the "latest" tag, click the vulnerability report link under the corresponding "Security scan" field and then select the "Only show fixable" filter on the next page.
Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami RabbitMQ Chart GitHub repository.
Bitnami containers can be used with Kubeapps for deployment and management of Helm Charts in clusters.
Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.
Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.
Subscribe to project updates by watching the bitnami/rabbitmq GitHub repo.
The recommended way to get the Bitnami RabbitMQ Docker Image is to pull the prebuilt image from the Docker Hub Registry.
$ docker pull bitnami/rabbitmq:latest
To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.
$ docker pull bitnami/rabbitmq:[TAG]
If you wish, you can also build the image yourself.
$ docker build -t bitnami/rabbitmq:latest 'https://github.com/bitnami/bitnami-docker-rabbitmq.git#master:3.8/debian-10'
If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.
For persistence you should mount a directory at the /bitnami
path. If the mounted directory is empty, it will be initialized on the first run.
$ docker run \
-v /path/to/rabbitmq-persistence:/bitnami \
bitnami/rabbitmq:latest
You can also do this with a minor change to the docker-compose.yml
file present in this repository:
rabbitmq:
...
volumes:
- /path/to/rabbitmq-persistence:/bitnami
...
NOTE: As this is a non-root container, the mounted files and directories must have the proper permissions for the UID
1001
.
Using Docker container networking, a RabbitMQ server running inside a container can easily be accessed by your application containers.
Containers attached to the same network can communicate with each other using the container name as the hostname.
In this example, we will create a RabbitMQ client instance that will connect to the server instance that is running on the same docker network as the client.
$ docker network create app-tier --driver bridge
Use the --network app-tier
argument to the docker run
command to attach the RabbitMQ container to the app-tier
network.
$ docker run -d --name rabbitmq-server \
--network app-tier \
bitnami/rabbitmq:latest
Finally we create a new container instance to launch the RabbitMQ client and connect to the server created in the previous step:
$ docker run -it --rm \
--network app-tier \
bitnami/rabbitmq:latest rabbitmqctl -n rabbit@rabbitmq-server status
When not specified, Docker Compose automatically sets up a new network and attaches all deployed services to that network. However, we will explicitly define a new bridge
network named app-tier
. In this example we assume that you want to connect to the RabbitMQ server from your own custom application image which is identified in the following snippet by the service name myapp
.
version: '2'
networks:
app-tier:
driver: bridge
services:
rabbitmq:
image: 'bitnami/rabbitmq:latest'
networks:
- app-tier
myapp:
image: 'YOUR_APPLICATION_IMAGE'
networks:
- app-tier
IMPORTANT:
- Please update the YOUR_APPLICATION_IMAGE placeholder in the above snippet with your application image
- In your application container, use the hostname
rabbitmq
to connect to the RabbitMQ server
Launch the containers using:
$ docker-compose up -d
When you start the rabbitmq image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the docker run
command line. If you want to add a new environment variable:
- For docker-compose add the variable name and value under the application section in the
docker-compose.yml
file present in this repository: :
rabbitmq:
...
environment:
- RABBITMQ_PASSWORD=my_password
...
- For manual execution add a
-e
option with each variable and value.
Available variables:
RABBITMQ_VHOST
: RabbitMQ application vhost. Default: /RABBITMQ_USERNAME
: RabbitMQ application username. Default: userRABBITMQ_PASSWORD
: RabbitMQ application password. Default: bitnamiRABBITMQ_SECURE_PASSWORD
: Whether to set the RabbitMQ password securely. This is incompatible with loading external RabbitMQ definitions. Default: noRABBITMQ_LOAD_DEFINITIONS
: Whether to load external RabbitMQ definitions. This is incompatible with setting the RabbitMQ password securely. Default: no.RABBITMQ_ERL_COOKIE
: Erlang cookie to determine whether different nodes are allowed to communicate with each other.RABBITMQ_NODE_TYPE
: Node Type. Valid values: stats, queue-ram or queue-disc. Default: statsRABBITMQ_NODE_NAME
: Node name and host. E.g.: node@hostname or node (localhost won't work in cluster topology). Default rabbit@localhost. If using this variable, ensure that you specify a valid host name as the container wil fail to start otherwise.RABBITMQ_FORCE_BOOT
: Force a node to start even if it was not the last to shut down. Default: noRABBITMQ_CLUSTER_NODE_NAME
: Node name to cluster with. E.g.: clusternode@hostnameRABBITMQ_CLUSTER_PARTITION_HANDLING
: Cluster partition recovery mechanism. Default: ignoreRABBITMQ_NODE_PORT_NUMBER
: Node port. Default: 5672RABBITMQ_NODE_SSL_PORT_NUMBER
: RabbitMQ node port number for SSL connections. Default: 5671RABBITMQ_SSL_CACERTFILE
: Path to the RabbitMQ server SSL CA certificate file. No defaults.RABBITMQ_SSL_CERTFILE
: Path to the RabbitMQ server SSL certificate file. No defaults.RABBITMQ_SSL_KEYFILE
: Path to the RabbitMQ server SSL certificate key file. No defaults.RABBITMQ_SSL_DEPTH
: Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path. No defaults.RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT
: Whether to reject TLS connections if client fails to provide a certificate. Default: verify_noneRABBITMQ_SSL_VERIFY
: Whether to enable peer SSL certificate verification. Default: noRABBITMQ_PLUGINS
: Comma, semi-colon or space separated list of plugins to enable during the initialization. No defaults.RABBITMQ_COMMUNITY_PLUGINS
: Comma, semi-colon or space separated list of URLs where to download custom plugins during the initialization. No defaults.
RABBITMQ_MANAGEMENT_BIND_IP
: RabbitMQ management server bind IP address. Default: 0.0.0.0RABBITMQ_MANAGEMENT_PORT_NUMBER
: RabbitMQ management server port number. Default: 15672RABBITMQ_MANAGEMENT_SSL_PORT_NUMBER
: RabbitMQ management server port number for SSL/TLS connections. No defaults.RABBITMQ_MANAGEMENT_SSL_CACERTFILE
: Path to the RabbitMQ management server SSL CA certificate file. No defaults.RABBITMQ_MANAGEMENT_SSL_CERTFILE
: Path to the RabbitMQ management server SSL certificate file. No defaults.RABBITMQ_MANAGEMENT_SSL_KEYFILE
: Path to the RabbitMQ management server SSL certificate key file. No defaults.RABBITMQ_MANAGEMENT_SSL_DEPTH
: Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path, for the RabbitMQ management server. No defaults.RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT
: Whether to reject TLS connections if client fails to provide a certificate for the RabbitMQ management server. Default: yesRABBITMQ_MANAGEMENT_SSL_VERIFY
: Whether to enable peer SSL certificate verification for the RabbitMQ management server. Default: verify_peer
RABBITMQ_ENABLE_LDAP
: Enable the LDAP configuration. Defaults: noRABBITMQ_LDAP_TLS
: Enable secure LDAP configuration. Defaults: noRABBITMQ_LDAP_SERVERS
: Comma, semi-colon or space separated list of LDAP server hostnames. No defaults.RABBITMQ_LDAP_SERVERS_PORT
: LDAP servers port. Defaults: 389RABBITMQ_LDAP_USER_DN_PATTERN
: DN used to bind to LDAP in the formcn=$${username},dc=example,dc=org
. No defaults.
RABBITMQ_VM_MEMORY_HIGH_WATERMARK
: High memory watermark for RabbitMQ to block publishers and prevent new messages from being enqueued. Can be specified as an absolute or relative value (as percentage or value between 0 and 1). No defaults.RABBITMQ_DISK_FREE_RELATIVE_LIMIT
: Disk relative free space limit of the partition on which RabbitMQ is storing data. Default: 1.0RABBITMQ_DISK_FREE_ABSOLUTE_LIMIT
: Disk absolute free space limit of the partition on which RabbitMQ is storing data (takes precedence over the relative limit). No defaults.RABBITMQ_ULIMIT_NOFILES
: Resources limits: maximum number of open file descriptors. Default: 65536
This is the simplest way to run RabbitMQ with clustering configuration:
Copy the snippet below into your docker-compose.yml to add a RabbitMQ stats node to your cluster configuration.
version: '2'
services:
stats:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=stats
- RABBITMQ_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
ports:
- '15672:15672'
volumes:
- 'rabbitmqstats_data:/bitnami'
Note: The name of the service (stats) is important so that a node could resolve the hostname to cluster with. (Note that the node name is
rabbit@stats
)
Update the definitions for nodes you want your RabbitMQ stats node cluster with.
queue-disc1:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=queue-disc
- RABBITMQ_NODE_NAME=rabbit@queue-disc1
- RABBITMQ_CLUSTER_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
volumes:
- 'rabbitmqdisc1_data:/bitnami'
Note: Again, the name of the service (queue-disc1) is important so that each node could resolve the hostname of this one.
We are going to add a ram node too:
queue-ram1:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=queue-ram
- RABBITMQ_NODE_NAME=rabbit@queue-ram1
- RABBITMQ_CLUSTER_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
volumes:
- 'rabbitmqram1_data:/bitnami'
volumes:
rabbitmqstats_data:
driver: local
rabbitmqdisc1_data:
driver: local
rabbitmqram1_data:
driver: local
The docker-compose.yml
will look like this:
version: '2'
services:
stats:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=stats
- RABBITMQ_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
ports:
- '15672:15672'
volumes:
- 'rabbitmqstats_data:/bitnami'
queue-disc1:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=queue-disc
- RABBITMQ_NODE_NAME=rabbit@queue-disc1
- RABBITMQ_CLUSTER_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
volumes:
- 'rabbitmqdisc1_data:/bitnami'
queue-ram1:
image: bitnami/rabbitmq
environment:
- RABBITMQ_NODE_TYPE=queue-ram
- RABBITMQ_NODE_NAME=rabbit@queue-ram1
- RABBITMQ_CLUSTER_NODE_NAME=rabbit@stats
- RABBITMQ_ERL_COOKIE=s3cr3tc00ki3
volumes:
- 'rabbitmqram1_data:/bitnami'
volumes:
rabbitmqstats_data:
driver: local
rabbitmqdisc1_data:
driver: local
rabbitmqram1_data:
driver: local
A custom rabbitmq.conf
configuration file can be mounted to the /bitnami/rabbitmq/conf
directory. If no file is mounted, the container will generate a default one based on the environment variables. You can also moun on this directory your own advanced.config
(using classic Erlang terms) and rabbitmq-env.conf
configuration files.
As an alternative, you can also mount a custom.conf
configuration file and mount it to the /bitnami/rabbitmq/conf
directory. In this case, the default configuation file will be generated and, later on, the settings available in the custom.conf
configuration file will be merged with the default ones. For example, in order to override the listeners.tcp.default
directive:
listeners.tcp.default=1337
$ docker run -d --name rabbitmq-server \
-v /path/to/custom.conf:/bitnami/rabbitmq/conf/custom.conf:ro \
bitnami/rabbitmq:latest
After that, your changes will be taken into account in the server's behaviour.
LDAP configuration parameters must be specified if you wish to enable LDAP support for RabbitMQ. The following environment variables are available to configure LDAP support:
RABBITMQ_ENABLE_LDAP
: Enable the LDAP configuration. Defaults tono
.RABBITMQ_LDAP_TLS
: Enable secure LDAP configuration. Defaults tono
.RABBITMQ_LDAP_SERVERS
: Comma, semi-colon or space separated list of LDAP server hostnames. No defaults.RABBITMQ_LDAP_SERVERS_PORT
: LDAP servers port. Defaults: 389RABBITMQ_LDAP_USER_DN_PATTERN
: DN used to bind to LDAP in the formcn=$${username},dc=example,dc=org
.No defaults.
Note: To escape
$
inRABBITMQ_LDAP_USER_DN_PATTERN
you need to use$$
.
Follow these instructions to use the Bitnami Docker OpenLDAP image to create an OpenLDAP server and use it to authenticate users on RabbitMQ:
$ docker network create app-tier --driver bridge
$ docker run --name openldap \
--env LDAP_ADMIN_USERNAME=admin \
--env LDAP_ADMIN_PASSWORD=adminpassword \
--env LDAP_USERS=user01,user02 \
--env LDAP_PASSWORDS=password1,password2 \
--network app-tier \
bitnami/openldap:latest
To configure authorization, you need to create an advanced.config file, following the clasic config format, and add your authorization rules. For instance, use the file below to grant all users the ability to use the management plugin, but make none of them administrators:
[{rabbitmq_auth_backend_ldap,[
{tag_queries, [{administrator, {constant, false}},
{management, {constant, true}}]}
]}].
More information at https://www.rabbitmq.com/ldap.html#authorisation.
$ docker run --name rabbitmq \
--env RABBITMQ_ENABLE_LDAP=yes \
--env RABBITMQ_LDAP_TLS=no \
--env RABBITMQ_LDAP_SERVERS=openldap \
--env RABBITMQ_LDAP_SERVERS_PORT=1389 \
--env RABBITMQ_LDAP_USER_DN_PATTERN=cn=$${username},ou=users,dc=example,dc=org \
--network app-tier \
-v /path/to/your/advanced.config:/bitnami/rabbitmq/conf/advanced.config:ro \
bitnami/rabbitmq:latest
The Bitnami RabbitMQ Docker image sends the container logs to the stdout
. To view the logs:
$ docker logs rabbitmq
or using Docker Compose:
$ docker-compose logs rabbitmq
You can configure the containers logging driver using the --log-driver
option if you wish to consume the container logs differently. In the default configuration docker uses the json-file
driver.
Bitnami provides up-to-date versions of RabbitMQ, including security patches, soon after they are made upstream. We recommend that you follow these steps to upgrade your container.
$ docker pull bitnami/rabbitmq:latest
or if you're using Docker Compose, update the value of the image property to
bitnami/rabbitmq:latest
.
Stop the currently running container using the command
$ docker stop rabbitmq
or using Docker Compose:
$ docker-compose stop rabbitmq
Next, take a snapshot of the persistent volume /path/to/rabbitmq-persistence
using:
$ rsync -a /path/to/rabbitmq-persistence /path/to/rabbitmq-persistence.bkp.$(date +%Y%m%d-%H.%M.%S)
$ docker rm -v rabbitmq
or using Docker Compose:
$ docker-compose rm -v rabbitmq
Re-create your container from the new image.
$ docker run --name rabbitmq bitnami/rabbitmq:latest
or using Docker Compose:
$ docker-compose up rabbitmq
- Add script to be used as preStop hook on K8s environments. It waits until queues have synchronised mirror before shutting down.
- The environment variable
RABBITMQ_HASHED_PASSWORD
has not been used for some time. It is now removed from documentation and validation. - New boolean environment variable
RABBITMQ_LOAD_DEFINITIONS
to get behavior compatible with using theload_definitions
configuration. Initially this means that the password ofRABBITMQ_USERNAME
is not changed usingrabbitmqctl change_password
.
- The default configuration file is created following the "sysctl" or "ini-like" format instead of using Erlang terms. Check Official documentation for more information about supported formats.
- Migrating data/configuration from unsupported locations is not performed anymore.
- New environment variable
RABBITMQ_FORCE_BOOT
to force a node to start even if it was not the last to shut down. - New environment variable
RABBITMQ_PLUGINS
to indicate a list of plugins to enable during the initialization. - Add healthcheck scripts to be used on K8s environments.
- LDAP authentication
- Decrease the size of the container. Node.js is not needed anymore. RabbitMQ configuration logic has been moved to bash scripts in the
rootfs
folder. - Configuration is not persisted anymore.
- The RabbitMQ container includes a new environment variable
RABBITMQ_HASHED_PASSWORD
that allows setting password via SHA256 hash (consult official documentation for more information about password hashes). - Please note that password hashes must be generated following the official algorithm. You can use this Python script to generate them.
- The RabbitMQ container has been migrated to a non-root user approach. Previously the container ran as the
root
user and the RabbitMQ daemon was started as therabbitmq
user. From now on, both the container and the RabbitMQ daemon run as user1001
. As a consequence, the data directory must be writable by that user. You can revert this behavior by changingUSER 1001
toUSER root
in the Dockerfile.
The following parameters have been renamed:
From | To |
---|---|
RABBITMQ_ERLANG_COOKIE |
RABBITMQ_ERL_COOKIE |
RABBITMQ_NODETYPE |
RABBITMQ_NODE_TYPE |
RABBITMQ_NODEPORT |
RABBITMQ_NODE_PORT |
RABBITMQ_NODENAME |
RABBITMQ_NODE_NAME |
RABBITMQ_CLUSTERNODENAME |
RABBITMQ_CLUSTER_NODE_NAME |
RABBITMQ_MANAGERPORT |
RABBITMQ_MANAGER_PORT |
We'd love for you to contribute to this container. You can request new features by creating an issue, or submit a pull request with your contribution.
If you encountered a problem running this container, you can file an issue. For us to provide better support, be sure to include the following information in your issue:
- Host OS and version
- Docker version (
docker version
) - Output of
docker info
- Version of this container (
echo $BITNAMI_IMAGE_VERSION
inside the container) - The command you used to run the container, and any relevant output you saw (masking any sensitive information)
Copyright (c) 2021 Bitnami
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.