1

I'm completely new to RabbitMQ and now I'm looking for a configuration error. The client doesn't receive any messages from RabbitMQ and I debugged it as far as possible.

Frontend messages:

Message 1:

CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
heart-beat:20000,0

Message 2:

ERROR
message:Bad CONNECT
content-type:text/plain
version:1.0,1.1,1.2
content-length:30

Virtual host '/' access denied

There are two vHosts: / and someVhost and there are different users like frontend_listener. Now I found a way to access the log file.

RabbitMQ log file:

2020-02-11 15:50:53.579 [warning] <0.798.0> STOMP login failed for user "frontend_listener"
2020-02-11 15:50:53.579 [error] <0.798.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Access refused for user 'frontend_listener'\n"
Server private detail: none
...
2020-02-11 15:51:25.349 [info] <0.850.0> Creating user 'frontend_listener'
2020-02-11 15:51:30.374 [info] <0.857.0> Setting permissions for 'frontend_listener' in 'someVhost' to '$', '$', 'client-notification.*'
2020-02-11 15:51:54.980 [warning] <0.867.0> STOMP login failed - not_allowed (vhost access not allowed)~n
2020-02-11 15:51:54.980 [error] <0.867.0> STOMP error frame sent:
Message: "Bad CONNECT"
Detail: "Virtual host '/' access denied"
Server private detail: none
2020-02-11 15:52:56.427 [warning] <0.875.0> STOMP login failed - not_allowed (vhost access not allowed)~n

It reads like the permissions are wrong. Can someone help me out interpreting that correctly?

I try to read it: User frontend_listener wants to access the vHost /, but it hasn't sufficient permissions (don't know what $ here mean other than a part of regular expression). The thing is, that I don't know if that is the correct vHost. How do I find out the URL of each vHost?

I'm asking this because I believe that the mapping to the vHost is wrong or something is missing.

Edit:

After adding host: 'someVhost' to my stomp-config.ts I was able to subscribe to the queues. Now I get the following error in the log:

2020-02-12 16:32:25.913 [error] <0.5159.1> Channel error on connection <0.5149.1> (127.0.0.1:58136 -> 127.0.0.1:15674, vhost: 'someVhost', user: 'frontend_listener'), channel 1:
operation basic.consume caused a channel exception access_refused: access to queue 'stomp-subscription-SZ3-PO1-PbZroPol-WXSQw' in vhost 'someVhost' refused for user 'frontend_listener'
2020-02-12 16:32:26.022 [error] <0.5145.1> STOMP error frame sent:
Message: access_refused

On the frontend I don't get a message or error.

testing
  • 19,681
  • 50
  • 236
  • 417

1 Answers1

1

You need to also pass host information in the STOMP CONNECT frame..

this is what the specifications says and clients MUST set this header

host : The name of a virtual host that the client wishes to connect to. It is recommended clients set this to the host name that the socket was established against, or to any name of their choosing. If this header does not match a known virtual host, servers supporting virtual hosting MAY select a default virtual host or reject the connection.

So this is how your CONNET frame should look

CONNECT
login:frontend_listener
passcode:xxx
accept-version:1.0,1.1,1.2
host: someVhost
heart-beat:20000,0
Soumen Mukherjee
  • 2,953
  • 3
  • 22
  • 34
  • The spec can be found here https://stomp.github.io/stomp-specification-1.2.html#CONNECT_or_STOMP_Frame & other helpful link is https://www.rabbitmq.com/vhosts.html – Soumen Mukherjee Feb 12 '20 at 15:10
  • Thanks for your answer. It seems that I'm one step further. What I don't understand that the old configuration does work on another instance (without `host` configuration). Now I'm getting a *access_refused* message. Could you also help with this? – testing Feb 12 '20 at 16:01
  • So the reason for working without the host configuration on another instance can be either of the two . 1. The instance has a single host named someVhost or 2. The host by the name of someVhost is the default host. – Soumen Mukherjee Feb 12 '20 at 16:15
  • 1
    Also make sure that the user fontend_listener has the permission "configure", "write" and "read" on the host someVhost – Soumen Mukherjee Feb 12 '20 at 16:19
  • The permission currently is `'$', '$', 'client-notification.*'` for "configure", "write" and "read". If I only want to grant read access, wouldn't that be sufficient? – testing Feb 12 '20 at 16:22
  • Now I set the permissions to `*` for all and it would work that way. Both instances have two vhosts so there must be a configuration difference. Do you know how I can set the default host? – testing Feb 13 '20 at 15:29
  • 1
    Yes the default vhost can be defined in the file rabbitmq.conf by default it is default_vhost = / – Soumen Mukherjee Feb 14 '20 at 07:19
  • Further read https://www.rabbitmq.com/configure.html#config-items – Soumen Mukherjee Feb 14 '20 at 07:19
  • Thanks for your help. Now I printed the config with `rabbitmqctl environment` and I get `{default_vhost,<<"/">>},` on the working environment. Is there some config elsewhere? – testing Feb 14 '20 at 10:42
  • Never mind. Seems that is a docker misconfiguration issue. – testing Feb 14 '20 at 11:10