Search code examples
dockerdocker-composerabbitmqbitnami

bitnami/rabbitmq docker compose: plain login refused

I failed to connect to the RabbitMQ server (use bitnami/rabbitmq:3.11 image) from my own custom python app with error user 'admin' can only connect via localhost

My docker-compose.yml:

version: "3.9"

x-logging: &default-logging
  driver: journald

services:
  python_app_example:
    image: python_app
    logging: *default-logging
    expose:
      - "32000"
    environment:
      - MINERS_RABBITMQ_URL=amqp://${RABBITMQ_USERNAME}:${RABBITMQ_PASSWORD}@${RABBITMQ_HOST}:${RABBITMQ_PORT}//
    command: python3 -m python_app.app
    healthcheck:
      test: [ "CMD", "nc", "-z", "-v", "localhost", "32000"]
      interval: 3s
      timeout: 3s
      retries: 50
    depends_on:
      rabbitmq:
        condition: service_healthy
    networks:
      - rabbitmq

  rabbitmq:
    image: bitnami/rabbitmq:3.11
    logging: *default-logging
    ports:
      - "29998:5672"
      - "15672:15672"
    environment:
      - RABBITMQ_HOST=rabbitmq
      - RABBITMQ_USERNAME
      - RABBITMQ_PASSWORD
      - RABBITMQ_PLUGINS=rabbitmq_management
      - RABBITMQ_SECURE_PASSWORD=yes
      - RABBITMQ_LOGS=-
    volumes:
      - 'rabbitmq_data:/bitnami/rabbitmq/mnesia'
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 5s
      timeout: 5s
      retries: 10
    networks:
      - rabbitmq

networks:
  miners_server:
  rabbitmq:

volumes:
  rabbitmq_data:
    driver: local

my .env file:

RABBITMQ_HOST=rabbitmq
RABBITMQ_PORT=5672
RABBITMQ_USERNAME=admin
RABBITMQ_PASSWORD=admin

python_app_example failed with error: Connection to amqp://admin:******@rabbitmq:5672// closed. ... ProbableAuthenticationError: ('ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.',)

Here are rabbitmq logs docker logs rabbitmq-1: 2023-12-11 17:06:03.755693+00:00 [info] <0.2916.0> accepting AMQP connection <0.2916.0> (172.28.0.3:44366 -> 172.28.0.2:5672) 2023-12-11 17:06:03.756757+00:00 [error] <0.2916.0> Error on AMQP connection <0.2916.0> (172.28.0.3:44366 -> 172.28.0.2:5672, state: starting): 2023-12-11 17:06:03.756757+00:00 [error] <0.2916.0> PLAIN login refused: user 'admin' can only connect via localhost 2023-12-11 17:06:03.756857+00:00 [info] <0.2916.0> closing AMQP connection <0.2916.0> (172.28.0.3:44366 -> 172.28.0.2:5672)

What should i change in my docker compose file to allow connection from a remote machine for admin user?

After executed docker compose -f docker-compose.yml up -d i tried to connect to rabbitmsq container and do the following:

$ docker exec -it rabbitmq-1 bash

$ rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"

It didn't work for some reason, but anyway it seems like a bad way to handle the problem

Solution

  • According to the documentation :

    By default, the guest user is prohibited from connecting from remote hosts. It can only connect over a loopback interface (i.e. localhost).

    The Bitnami RabbitMQ image implements the same kind of mechanism for its default user. If you go into your container and get the content of the configuration file located at /etc/rabbitmq/rabbitmq.conf, you will see these lines :

    default_user = admin
default_pass = admin
...
loopback_users.admin = true

    This prevents you from logging into the admin user without connecting over localhost.

    You have two options there :

    • Use the official RabbitMQ image which doesn't have this kind of restriction.
    • Rewrite the configuration directly in the container by creating your custom image from the Bitnami image.

    I would also remove the RABBITMQ_USERNAME and RABBITMQ_PASSWORD environment variables of the rabbitmq service they're already defined in your .env file, and RABBITMQ_HOST which is not supported by the image.