LATEST VERSION: 1.15 - RELEASE NOTES

Modifying Apps for TLS

Note: If your app is written in Java or Spring, see Activate TLS for Java and Spring Apps. For other types of apps, use the procedures in this topic.

This topic provides instructions to developers to modify apps that are not written in Java or Spring to use TLS to secure their connection with RabbitMQ on-demand service instances.

Prerequisites

The following are prerequisites to procedures in this topic:

Modify Your App for TLS

To start using TLS for apps that are not written in Java or Spring, you must modify your app to use the correct protocol.

To modify your app, do the following:

  1. Use one of the code snippets below.

    In these examples, VCAP_SERVICES is an environment variable available from the app.

    • Option 1: If the operator enabled TLS using a certificate from a trusted authority, use the code below.

      require 'json'
      require 'bunny'
      
      vcap_services = JSON.parse(ENV['VCAP_SERVICES'])
      uri = vcap_services['p.rabbitmq'][0]['credentials']['protocols']['amqp+ssl']['uris'].sample
      conn = Bunny.new(uri)
      conn.start
      


    • Option 2: If the operator used a self-signed ceritificate, configure the RabbitMQ client to use the same CA certificate, and valid certificate and key. Use the example code below, replacing the variables for PATH_TO_CERTIFICATE, PATH_TO_KEY, and PATH_TO_CA_CERTIFICATE.

      require 'json'
      require 'bunny'
      
      vcap_services = JSON.parse(ENV['VCAP_SERVICES'])
      uri = vcap_services['p.rabbitmq'][0]['credentials']['protocols']['amqp+ssl']['uris'].sample
      conn = Bunny.new(uri, tls_cert: PATH_TO_CERTIFICATE, tls_key: PATH_TO_KEY, tls_ca_certificates: [PATH_TO_CA_CERTIFICATE])
      conn.start
      

Repush or Rebind Your App

After modifying your app, repush it with cf push.

WARNING: Any apps using an existing service instance must be rebound after enabling TLS for the instance.

Follow these steps to rebind an app using an existing service intance:

  1. Stop the app. For example:
    $ cf stop my-app
  2. Unbind the app from the service instance. For example:
    $ cf unbind-service my-app my-service-instance
  3. Re-bind the app to the service instance. For example:
    $ cf bind-service my-app my-service-instance
  4. Restage the app. For example:
    $ cf restage my-app

Your app should now communicate securely with the RabbitMQ service instance.

Create a pull request or raise an issue on the source for this page in GitHub