How to disable RabbitMQ default tcp listening port - 5672
To disable standart RabbitMQ 5672 port add {tcp_listeners, []}
to your rabbitmq.conf:
[
{rabbit, [
{tcp_listeners, []},
{ssl_listeners, [5671]},
{ssl_options, [{cacertfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cacert.pem"},
{certfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/cert.pem"},
{keyfile,"/ay/app/xxx/softwares/rabbitmq_server-3.1.1/etc/ssl/key.pem"},
{verify,verify_peer},
{fail_if_no_peer_cert,false},
{ciphers,[{dhe_rsa,aes_256_cbc,sha},
{dhe_dss,aes_256_cbc,sha},
{rsa,aes_256_cbc,sha}]}
]
}
]}
].
It works with RabbitMQ 3.1.5
Here's how to do it with the new configuration file format introduced in RabbitMQ 3.7:
Set up the SSL listener in rabbitmq.conf:
listeners.ssl.1 = 5671 ssl_options.cacertfile = /path/to/testca/cacert.pem ssl_options.certfile = /path/to/server/cert.pem ssl_options.keyfile = /path/to/server/key.pem ssl_options.verify = verify_peer ssl_options.fail_if_no_peer_cert = false
Disable the non-SSL listener in advanced.config:
[ {rabbit, [{tcp_listeners, []} ]} ].
It appears that to disable non-ssl listening with the new file format, you can do the following:
listeners.tcp = none
This has the same effect as the other 3.7 answer, but removes the need to do it in the advanced.config.