-
Notifications
You must be signed in to change notification settings - Fork 6
/
rabbitmq.yml
69 lines (60 loc) · 1.74 KB
/
rabbitmq.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
---
hostname: your-instance-fqdn
# Certbot
certbot_admin_email: security@your_domain.eu
certbot_agree_tos: --agree-tos
certbot_auth_method: --webroot
certbot_auto_renew: true
certbot_auto_renew_user: root
certbot_auto_renew_hour: "{{ 23 |random(seed=inventory_hostname) }}"
certbot_auto_renew_minute: "{{ 59 |random(seed=inventory_hostname) }}"
certbot_domains:
- "{{ hostname }}"
certbot_environment: "staging" # change to production when ready to go
certbot_install_method: virtualenv
certbot_share_key_users:
- nginx
- rabbitmq
certbot_post_renewal: |
systemctl restart nginx || true
systemctl restart rabbitmq-server || true
certbot_virtualenv_package_name: python3-virtualenv
certbot_virtualenv_command: virtualenv
certbot_well_known_root: /srv/nginx/_well-known_root
# NGINX
nginx_enable_default_server: false
nginx_servers:
- rabbitmq
nginx_ssl_servers:
- rabbitmq-ssl
nginx_remove_default_vhost: true
# Nginx Letsencrypt bindings
nginx_ssl_role: usegalaxy_eu.certbot
nginx_conf_ssl_certificate: /etc/ssl/certs/fullchain.pem
nginx_conf_ssl_certificate_key: /etc/ssl/user/privkey-nginx.pem
# RabbitMQ
rabbitmq_users:
- user: mqadmin
password: "{{ rabbitmq_users_password.mqadmin }}"
tags: administrator
vhost: /
- user: galaxy
password: "{{ rabbitmq_users_password.galaxy }}"
vhost: galaxy
rabbitmq_plugins:
- rabbitmq_management
rabbitmq_config:
listeners:
tcp: none
ssl_listeners:
default: 5671
ssl_options:
cacertfile: /etc/ssl/certs/fullchain.pem
certfile: /etc/ssl/certs/cert.pem
keyfile: /etc/ssl/user/privkey-rabbitmq.pem
verify: verify_peer
fail_if_no_peer_cert: 'false'
rabbitmq_container:
name: rabbit_hole
image: rabbitmq:3.9.11
hostname: "{{ inventory_hostname }}"