From eabcedb9f9de3df248a6e213e01ee57cd2f051b6 Mon Sep 17 00:00:00 2001 From: Bo Du Date: Tue, 21 Jan 2025 23:28:09 +0800 Subject: [PATCH] [bitnami/rabbitmq] Add environment variable to set password of rabbitmq ssl key file (#76085) [bitnami/rabbitmq] Add environment variable to set password of rabbitmq ssl key file. Signed-off-by: Bo Du --- .../4.0/debian-12/rootfs/opt/bitnami/scripts/librabbitmq.sh | 1 + .../4.0/debian-12/rootfs/opt/bitnami/scripts/rabbitmq-env.sh | 4 ++++ bitnami/rabbitmq/README.md | 2 ++ 3 files changed, 7 insertions(+) diff --git a/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/librabbitmq.sh b/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/librabbitmq.sh index df6407cf99a1..34b1a551ecac 100644 --- a/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/librabbitmq.sh +++ b/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/librabbitmq.sh @@ -218,6 +218,7 @@ rabbitmq_print_ssl_configuration() { cacertfile certfile keyfile + password depth fail_if_no_peer_cert verify diff --git a/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/rabbitmq-env.sh b/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/rabbitmq-env.sh index b2e6eb3bdcbe..3436c4b5bd1c 100644 --- a/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/rabbitmq-env.sh +++ b/bitnami/rabbitmq/4.0/debian-12/rootfs/opt/bitnami/scripts/rabbitmq-env.sh @@ -58,6 +58,7 @@ rabbitmq_env_vars=( RABBITMQ_SSL_CACERTFILE RABBITMQ_SSL_CERTFILE RABBITMQ_SSL_KEYFILE + RABBITMQ_SSL_PASSWORD RABBITMQ_SSL_DEPTH RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT RABBITMQ_SSL_VERIFY @@ -65,6 +66,7 @@ rabbitmq_env_vars=( RABBITMQ_MANAGEMENT_SSL_CACERTFILE RABBITMQ_MANAGEMENT_SSL_CERTFILE RABBITMQ_MANAGEMENT_SSL_KEYFILE + RABBITMQ_MANAGEMENT_SSL_PASSWORD RABBITMQ_MANAGEMENT_SSL_DEPTH RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT RABBITMQ_MANAGEMENT_SSL_VERIFY @@ -170,6 +172,7 @@ RABBITMQ_SSL_CERTFILE="${RABBITMQ_SSL_CERTFILE:-"${RABBITMQ_SSL_CERT_FILE:-}"}" export RABBITMQ_SSL_CERTFILE="${RABBITMQ_SSL_CERTFILE:-}" RABBITMQ_SSL_KEYFILE="${RABBITMQ_SSL_KEYFILE:-"${RABBITMQ_SSL_KEY_FILE:-}"}" export RABBITMQ_SSL_KEYFILE="${RABBITMQ_SSL_KEYFILE:-}" +export RABBITMQ_SSL_PASSWORD="${RABBITMQ_SSL_PASSWORD:-}" export RABBITMQ_COMBINED_CERT_PATH="${RABBITMQ_COMBINED_CERT_PATH:-/tmp/rabbitmq_combined_keys.pem}" export RABBITMQ_SSL_DEPTH="${RABBITMQ_SSL_DEPTH:-}" export RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT="${RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT:-no}" @@ -180,6 +183,7 @@ export RABBITMQ_MANAGEMENT_SSL_PORT_NUMBER="${RABBITMQ_MANAGEMENT_SSL_PORT_NUMBE export RABBITMQ_MANAGEMENT_SSL_CACERTFILE="${RABBITMQ_MANAGEMENT_SSL_CACERTFILE:-$RABBITMQ_SSL_CACERTFILE}" export RABBITMQ_MANAGEMENT_SSL_CERTFILE="${RABBITMQ_MANAGEMENT_SSL_CERTFILE:-$RABBITMQ_SSL_CERTFILE}" export RABBITMQ_MANAGEMENT_SSL_KEYFILE="${RABBITMQ_MANAGEMENT_SSL_KEYFILE:-$RABBITMQ_SSL_KEYFILE}" +export RABBITMQ_MANAGEMENT_SSL_PASSWORD="${RABBITMQ_MANAGEMENT_SSL_PASSWORD:-$RABBITMQ_SSL_PASSWORD}" export RABBITMQ_MANAGEMENT_SSL_DEPTH="${RABBITMQ_MANAGEMENT_SSL_DEPTH:-}" export RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT="${RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT:-yes}" export RABBITMQ_MANAGEMENT_SSL_VERIFY="${RABBITMQ_MANAGEMENT_SSL_VERIFY:-verify_peer}" diff --git a/bitnami/rabbitmq/README.md b/bitnami/rabbitmq/README.md index f57e2b4f90f9..2628066f4c34 100644 --- a/bitnami/rabbitmq/README.md +++ b/bitnami/rabbitmq/README.md @@ -197,6 +197,7 @@ docker-compose up -d | `RABBITMQ_SSL_CACERTFILE` | Path to the RabbitMQ server SSL CA certificate file. | `nil` | | `RABBITMQ_SSL_CERTFILE` | Path to the RabbitMQ server SSL certificate file. | `nil` | | `RABBITMQ_SSL_KEYFILE` | Path to the RabbitMQ server SSL certificate key file. | `nil` | +| `RABBITMQ_SSL_PASSWORD` | RabbitMQ server SSL certificate key password. | `nil` | | `RABBITMQ_SSL_DEPTH` | Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path. | `nil` | | `RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT` | Whether to reject TLS connections if client fails to provide a certificate. | `no` | | `RABBITMQ_SSL_VERIFY` | Whether to enable peer SSL certificate verification. Valid values: verify_none, verify_peer. | `verify_none` | @@ -204,6 +205,7 @@ docker-compose up -d | `RABBITMQ_MANAGEMENT_SSL_CACERTFILE` | Path to the RabbitMQ management server SSL CA certificate file. | `$RABBITMQ_SSL_CACERTFILE` | | `RABBITMQ_MANAGEMENT_SSL_CERTFILE` | Path to the RabbitMQ server SSL certificate file. | `$RABBITMQ_SSL_CERTFILE` | | `RABBITMQ_MANAGEMENT_SSL_KEYFILE` | Path to the RabbitMQ management server SSL certificate key file. | `$RABBITMQ_SSL_KEYFILE` | +| `RABBITMQ_MANAGEMENT_SSL_PASSWORD` | RabbitMQ management server SSL certificate key password. | `$RABBITMQ_SSL_PASSWORD` | | `RABBITMQ_MANAGEMENT_SSL_DEPTH` | Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path, for the RabbitMQ management server. | `nil` | | `RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT` | Whether to reject TLS connections if client fails to provide a certificate for the RabbitMQ management server. | `yes` | | `RABBITMQ_MANAGEMENT_SSL_VERIFY` | Whether to enable peer SSL certificate verification for the RabbitMQ management server. Valid values: verify_none, verify_peer. | `verify_peer` |