RamNode logo
    Sign UpLogin
    Message Broker Guide

    Self-Hosted RabbitMQ

    Deploy RabbitMQ, the most widely deployed open source message broker, on RamNode VPS. Enable reliable messaging for your applications.

    Ubuntu 20.04+
    RabbitMQ 3.13+
    ⏱️ 15-25 minutes

    Why RabbitMQ?

    RabbitMQ is a reliable, mature message broker that supports multiple messaging protocols including AMQP, MQTT, and STOMP. It's trusted by thousands of companies worldwide for mission-critical messaging needs.

    Multiple messaging protocols (AMQP, MQTT, STOMP)
    Built-in clustering and high availability
    Web-based management UI
    Flexible routing with exchanges and bindings

    Prerequisites

    Development

    • • 1+ CPU cores
    • • 2 GB RAM minimum
    • • 10 GB SSD storage
    • • Ubuntu 20.04/22.04 LTS

    Production

    • • 2+ CPU cores
    • • 4+ GB RAM recommended
    • • 50+ GB NVMe SSD
    • • Dedicated network interface
    1

    Initial Server Setup

    Update system and install dependencies:

    System Setup
    # Update system packages
sudo apt update && sudo apt upgrade -y

# Install essential tools
sudo apt install -y curl gnupg apt-transport-https

# Set timezone (adjust as needed)
sudo timedatectl set-timezone America/New_York

    Installation

    1

    Install Erlang

    RabbitMQ requires Erlang/OTP. Install from the official repository:

    Add Erlang Repository
    # Add Cloudsmith signing key
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-erlang.gpg > /dev/null

# Add Erlang repository
echo "deb [signed-by=/usr/share/keyrings/rabbitmq-erlang.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-erlang/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq-erlang.list

# Update and install Erlang
sudo apt update
sudo apt install -y erlang-base erlang-asn1 erlang-crypto erlang-eldap erlang-ftp erlang-inets erlang-mnesia erlang-os-mon erlang-parsetools erlang-public-key erlang-runtime-tools erlang-snmp erlang-ssl erlang-syntax-tools erlang-tftp erlang-tools erlang-xmerl
    2

    Install RabbitMQ Server

    Add RabbitMQ repository and install:

    Install RabbitMQ
    # Add RabbitMQ signing key
curl -1sLf "https://keys.openpgp.org/vks/v1/by-fingerprint/0A9AF2115F4687BD29803A206B73A36E6026DFCA" | sudo gpg --dearmor | sudo tee /usr/share/keyrings/rabbitmq-server.gpg > /dev/null

# Add RabbitMQ repository
echo "deb [signed-by=/usr/share/keyrings/rabbitmq-server.gpg] https://ppa1.novemberain.com/rabbitmq/rabbitmq-server/deb/ubuntu $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/rabbitmq.list

# Update and install RabbitMQ
sudo apt update
sudo apt install -y rabbitmq-server

# Start and enable RabbitMQ service
sudo systemctl start rabbitmq-server
sudo systemctl enable rabbitmq-server

# Verify installation
sudo systemctl status rabbitmq-server
    3

    Verify Installation

    Check RabbitMQ status:

    Check Status
    # Check RabbitMQ status
sudo rabbitmqctl status

# Check cluster status
sudo rabbitmqctl cluster_status

# List enabled plugins
sudo rabbitmq-plugins list

    Management Plugin

    1

    Enable Management UI

    Enable the web-based management interface:

    Enable Management
    # Enable management plugin
sudo rabbitmq-plugins enable rabbitmq_management

# The management UI will be available at:
# http://YOUR_VPS_IP:15672

# Default credentials (change immediately!):
# Username: guest
# Password: guest

    Security Warning: The default 'guest' user can only connect from localhost. Create a new admin user for remote access.

    2

    Create Admin User

    Create a new administrator user for management access:

    Create Admin User
    # Create new admin user
sudo rabbitmqctl add_user admin YOUR_SECURE_PASSWORD

# Set administrator tag
sudo rabbitmqctl set_user_tags admin administrator

# Grant full permissions on default vhost
sudo rabbitmqctl set_permissions -p / admin ".*" ".*" ".*"

# Optionally delete the default guest user
sudo rabbitmqctl delete_user guest

    Configuration

    1

    Main Configuration File

    Create or edit the RabbitMQ configuration:

    Create Configuration
    sudo nano /etc/rabbitmq/rabbitmq.conf
    rabbitmq.conf
    # Network Configuration
listeners.tcp.default = 5672
management.tcp.port = 15672

# Memory Management
vm_memory_high_watermark.relative = 0.6
vm_memory_high_watermark_paging_ratio = 0.75

# Disk Free Space Limit
disk_free_limit.absolute = 2GB

# Connection Limits
channel_max = 128

# Heartbeat (in seconds)
heartbeat = 60

# Default Virtual Host
default_vhost = /
default_user = admin
default_pass = YOUR_SECURE_PASSWORD
default_user_tags.administrator = true
default_permissions.configure = .*
default_permissions.read = .*
default_permissions.write = .*

# Logging
log.file.level = info
log.console = true
log.console.level = info
    2

    Environment Configuration

    Set environment variables for RabbitMQ:

    Create Environment File
    sudo nano /etc/rabbitmq/rabbitmq-env.conf
    rabbitmq-env.conf
    # Node name (useful for clustering)
NODENAME=rabbit@$(hostname -s)

# Data directory
RABBITMQ_MNESIA_BASE=/var/lib/rabbitmq/mnesia

# Log directory
RABBITMQ_LOG_BASE=/var/log/rabbitmq

# Config file location
RABBITMQ_CONFIG_FILE=/etc/rabbitmq/rabbitmq

# Enable TLS
# RABBITMQ_CTL_ERL_ARGS="-proto_dist inet_tls"
    Apply Configuration
    # Restart RabbitMQ to apply changes
sudo systemctl restart rabbitmq-server

# Verify configuration
sudo rabbitmqctl environment

    User Management

    1

    Managing Users

    Common user management commands:

    User Commands
    # List all users
sudo rabbitmqctl list_users

# Add a new user
sudo rabbitmqctl add_user myapp myapp_password

# Set user tags (administrator, monitoring, policymaker, management, none)
sudo rabbitmqctl set_user_tags myapp monitoring

# Change user password
sudo rabbitmqctl change_password myapp new_password

# Delete a user
sudo rabbitmqctl delete_user myapp

# Authenticate a user (test credentials)
sudo rabbitmqctl authenticate_user myapp myapp_password
    2

    Setting Permissions

    Configure user permissions on virtual hosts:

    Permission Commands
    # Set permissions: configure, write, read (regex patterns)
# Full access to all resources in default vhost
sudo rabbitmqctl set_permissions -p / myapp ".*" ".*" ".*"

# Read-only access to queues starting with "events."
sudo rabbitmqctl set_permissions -p / readonly "" "" "events\..*"

# Producer: write to exchanges, read from nothing
sudo rabbitmqctl set_permissions -p / producer "" ".*" ""

# Consumer: read from queues, write to nothing
sudo rabbitmqctl set_permissions -p / consumer "" "" ".*"

# List permissions for a user
sudo rabbitmqctl list_user_permissions myapp

# Clear permissions
sudo rabbitmqctl clear_permissions -p / myapp

    Virtual Hosts

    1

    Managing Virtual Hosts

    Virtual hosts provide logical separation for different applications:

    VHost Commands
    # List virtual hosts
sudo rabbitmqctl list_vhosts

# Add a new virtual host
sudo rabbitmqctl add_vhost production
sudo rabbitmqctl add_vhost staging
sudo rabbitmqctl add_vhost development

# Set permissions for users on vhosts
sudo rabbitmqctl set_permissions -p production produser ".*" ".*" ".*"
sudo rabbitmqctl set_permissions -p staging devuser ".*" ".*" ".*"

# List permissions on a vhost
sudo rabbitmqctl list_permissions -p production

# Delete a virtual host (deletes all resources within!)
sudo rabbitmqctl delete_vhost staging

# Set metadata/description
sudo rabbitmqctl update_vhost_metadata production --description "Production environment"

    Security

    1

    Firewall Configuration

    Configure UFW firewall rules:

    UFW Rules
    # Allow SSH
sudo ufw allow ssh

# AMQP port (client connections)
sudo ufw allow 5672/tcp

# Management UI (restrict to your IP in production)
sudo ufw allow from YOUR_IP to any port 15672

# Erlang distribution (clustering only - restrict to cluster nodes)
# sudo ufw allow from CLUSTER_NODE_IP to any port 25672

# AMQPS (TLS) - if using SSL
# sudo ufw allow 5671/tcp

# Enable firewall
sudo ufw enable
sudo ufw status verbose
    2

    Security Best Practices

    Essential security hardening:

    Delete guest user: Remove or disable the default guest account
    Use strong passwords: Minimum 16 characters with complexity
    Enable TLS: Encrypt all connections with SSL/TLS
    Least privilege: Grant minimum required permissions
    Separate vhosts: Isolate applications using virtual hosts
    Restrict management: Limit management UI access by IP

    SSL/TLS Setup

    1

    Generate SSL Certificates

    Create self-signed certificates (use Let's Encrypt for production):

    Generate Certificates
    # Create SSL directory
sudo mkdir -p /etc/rabbitmq/ssl
cd /etc/rabbitmq/ssl

# Generate CA key and certificate
sudo openssl genrsa -out ca-key.pem 4096
sudo openssl req -new -x509 -days 3650 -key ca-key.pem -out ca-cert.pem -subj "/CN=RabbitMQ-CA"

# Generate server key and CSR
sudo openssl genrsa -out server-key.pem 4096
sudo openssl req -new -key server-key.pem -out server-csr.pem -subj "/CN=$(hostname)"

# Sign server certificate
sudo openssl x509 -req -days 365 -in server-csr.pem -CA ca-cert.pem -CAkey ca-key.pem -CAcreateserial -out server-cert.pem

# Set permissions
sudo chown -R rabbitmq:rabbitmq /etc/rabbitmq/ssl
sudo chmod 600 /etc/rabbitmq/ssl/*.pem
    2

    Configure TLS

    Update RabbitMQ configuration for TLS:

    TLS Configuration
    # Add to /etc/rabbitmq/rabbitmq.conf

# Disable plain TCP listener (optional, for TLS-only)
# listeners.tcp = none

# TLS listener
listeners.ssl.default = 5671

# SSL Certificate paths
ssl_options.cacertfile = /etc/rabbitmq/ssl/ca-cert.pem
ssl_options.certfile = /etc/rabbitmq/ssl/server-cert.pem
ssl_options.keyfile = /etc/rabbitmq/ssl/server-key.pem

# Verify client certificates (optional)
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = false

# TLS versions (disable older versions)
ssl_options.versions.1 = tlsv1.3
ssl_options.versions.2 = tlsv1.2

# Management UI over HTTPS
management.ssl.port = 15671
management.ssl.cacertfile = /etc/rabbitmq/ssl/ca-cert.pem
management.ssl.certfile = /etc/rabbitmq/ssl/server-cert.pem
management.ssl.keyfile = /etc/rabbitmq/ssl/server-key.pem
    Apply TLS Configuration
    # Restart RabbitMQ
sudo systemctl restart rabbitmq-server

# Test TLS connection
openssl s_client -connect localhost:5671 -CAfile /etc/rabbitmq/ssl/ca-cert.pem

    Clustering

    High Availability: RabbitMQ clustering provides high availability and increased throughput. Minimum recommended cluster size is 3 nodes for quorum queue support.

    1

    Prepare Nodes

    Ensure all nodes can communicate:

    Configure Hostnames
    # On each node, add all nodes to /etc/hosts
sudo nano /etc/hosts

# Add entries like:
192.168.1.10 rabbit1
192.168.1.11 rabbit2
192.168.1.12 rabbit3

# Set hostname (on each node)
sudo hostnamectl set-hostname rabbit1  # Adjust for each node
    2

    Share Erlang Cookie

    All nodes must share the same Erlang cookie:

    Erlang Cookie
    # On the first node, get the cookie value
sudo cat /var/lib/rabbitmq/.erlang.cookie

# Copy this cookie to all other nodes
# On other nodes:
sudo systemctl stop rabbitmq-server
sudo nano /var/lib/rabbitmq/.erlang.cookie
# Paste the cookie value

# Set correct permissions
sudo chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie
sudo chmod 400 /var/lib/rabbitmq/.erlang.cookie

# Start RabbitMQ
sudo systemctl start rabbitmq-server
    3

    Join Cluster

    Join additional nodes to the cluster:

    Join Cluster
    # On nodes 2 and 3, join the cluster
sudo rabbitmqctl stop_app
sudo rabbitmqctl reset
sudo rabbitmqctl join_cluster rabbit@rabbit1
sudo rabbitmqctl start_app

# Verify cluster status
sudo rabbitmqctl cluster_status
    4

    Configure Quorum Queues

    Create highly available queues:

    Quorum Queue Policy
    # Set a policy for quorum queues
sudo rabbitmqctl set_policy ha-queues "^ha\." \
    '{"queue-type":"quorum"}' \
    --priority 1 \
    --apply-to queues

# Or set default queue type to quorum
# Add to rabbitmq.conf:
# default_queue_type = quorum

    Performance Tuning

    1

    System Limits

    Increase system limits for production:

    System Limits
    # Edit limits configuration
sudo nano /etc/security/limits.conf

# Add these lines:
rabbitmq soft nofile 65536
rabbitmq hard nofile 65536

# Also update systemd service limits
sudo mkdir -p /etc/systemd/system/rabbitmq-server.service.d
sudo nano /etc/systemd/system/rabbitmq-server.service.d/limits.conf
    limits.conf
    [Service]
LimitNOFILE=65536
    Apply Limits
    # Reload systemd and restart
sudo systemctl daemon-reload
sudo systemctl restart rabbitmq-server

# Verify limits
sudo rabbitmqctl status | grep -A 5 "File Descriptors"
    2

    Memory Configuration

    Optimize memory settings:

    Memory Configuration
    # Add to /etc/rabbitmq/rabbitmq.conf

# Memory threshold (percentage of RAM)
vm_memory_high_watermark.relative = 0.6

# Or use absolute value
# vm_memory_high_watermark.absolute = 2GB

# Paging threshold
vm_memory_high_watermark_paging_ratio = 0.75

# Memory calculation (RSS vs allocated)
vm_memory_calculation_strategy = rss
    3

    Connection and Channel Tuning

    Optimize for high connection counts:

    Connection Tuning
    # Add to /etc/rabbitmq/rabbitmq.conf

# Maximum number of channels per connection
channel_max = 128

# TCP listen backlog
tcp_listen_options.backlog = 4096

# TCP buffer sizes
tcp_listen_options.sndbuf = 32768
tcp_listen_options.recbuf = 32768

# Heartbeat interval (seconds)
heartbeat = 60

# Connection timeout
handshake_timeout = 30000
    4

    Queue Performance

    Optimize queue behavior:

    Queue Policies
    # Lazy queues (for large queues, reduces memory)
sudo rabbitmqctl set_policy lazy-queues "^lazy\." \
    '{"queue-mode":"lazy"}' \
    --priority 1 \
    --apply-to queues

# Message TTL policy (auto-expire old messages)
sudo rabbitmqctl set_policy message-ttl ".*" \
    '{"message-ttl":86400000}' \
    --priority 0 \
    --apply-to queues

# Queue length limit
sudo rabbitmqctl set_policy queue-length "^limited\." \
    '{"max-length":100000,"overflow":"reject-publish"}' \
    --priority 1 \
    --apply-to queues

    Monitoring

    1

    Built-in Monitoring

    Use RabbitMQ commands for monitoring:

    Monitoring Commands
    # Overall status
sudo rabbitmqctl status

# List queues with message counts
sudo rabbitmqctl list_queues name messages consumers memory

# List connections
sudo rabbitmqctl list_connections user peer_host state

# List channels
sudo rabbitmqctl list_channels connection user number

# List exchanges
sudo rabbitmqctl list_exchanges name type

# List bindings
sudo rabbitmqctl list_bindings

# Node memory usage
sudo rabbitmqctl status | grep -A 20 "Memory"

# Check alarms
sudo rabbitmqctl status | grep -A 5 "Alarms"
    2

    Enable Prometheus Metrics

    Export metrics for Prometheus:

    Enable Prometheus Plugin
    # Enable Prometheus plugin
sudo rabbitmq-plugins enable rabbitmq_prometheus

# Metrics available at:
# http://YOUR_VPS_IP:15692/metrics
    Prometheus Configuration
    # Add to prometheus.yml scrape_configs:
- job_name: 'rabbitmq'
  static_configs:
    - targets: ['YOUR_VPS_IP:15692']
  metrics_path: /metrics
    3

    Health Checks

    Implement health monitoring:

    Health Check Script
    #!/bin/bash
# /opt/rabbitmq-health.sh

# Check if RabbitMQ is running
if ! sudo rabbitmqctl status > /dev/null 2>&1; then
    echo "CRITICAL: RabbitMQ is not running"
    exit 2
fi

# Check for alarms
ALARMS=$(sudo rabbitmqctl status 2>/dev/null | grep -A 1 "Alarms" | tail -1)
if [[ "$ALARMS" != *"[]"* ]]; then
    echo "WARNING: RabbitMQ alarms active: $ALARMS"
    exit 1
fi

# Check cluster status (if clustered)
CLUSTER=$(sudo rabbitmqctl cluster_status 2>/dev/null | grep "Running Nodes" -A 1)
echo "OK: RabbitMQ is healthy"
echo "$CLUSTER"
exit 0
    Make Executable
    sudo chmod +x /opt/rabbitmq-health.sh
sudo /opt/rabbitmq-health.sh

    Troubleshooting

    1

    Common Issues

    Memory Alarm (High Watermark)

    Resolve Memory Alarm
    # Check memory usage
sudo rabbitmqctl status | grep -A 20 "Memory"

# Increase watermark temporarily
sudo rabbitmqctl set_vm_memory_high_watermark 0.8

# Purge large queues if needed
sudo rabbitmqctl purge_queue queue_name

# Or configure memory limits properly in rabbitmq.conf

    Disk Space Alarm

    Resolve Disk Alarm
    # Check disk usage
df -h /var/lib/rabbitmq

# Check RabbitMQ data size
sudo du -sh /var/lib/rabbitmq/mnesia

# Lower disk limit temporarily
sudo rabbitmqctl set_disk_free_limit 1GB

# Clean up old data
# Remove old logs
sudo rm -f /var/log/rabbitmq/*.log.*

    Connection Issues

    Debug Connections
    # Check listener status
sudo rabbitmqctl status | grep -A 10 "Listeners"

# Test port connectivity
nc -zv localhost 5672
nc -zv localhost 15672

# Check firewall
sudo ufw status

# View connection errors in logs
sudo tail -100 /var/log/rabbitmq/rabbit@$(hostname).log | grep -i error

    Cluster Partition

    Handle Partitions
    # Check for partitions
sudo rabbitmqctl cluster_status | grep -A 5 "Network Partitions"

# Force sync (choose the partition to keep)
sudo rabbitmqctl stop_app
sudo rabbitmqctl reset
sudo rabbitmqctl join_cluster rabbit@good_node
sudo rabbitmqctl start_app

# Configure partition handling in rabbitmq.conf:
# cluster_partition_handling = autoheal
    2

    Log Analysis

    Check logs for issues:

    Log Commands
    # View main log
sudo tail -f /var/log/rabbitmq/rabbit@$(hostname).log

# View startup log
sudo tail -f /var/log/rabbitmq/startup_log

# Search for errors
sudo grep -i error /var/log/rabbitmq/*.log

# Enable debug logging temporarily
sudo rabbitmqctl set_log_level debug
# Remember to set back to info after debugging
sudo rabbitmqctl set_log_level info
    3

    Reset and Recovery

    Emergency reset procedures:

    Reset Node
    # Stop the application
sudo rabbitmqctl stop_app

# Reset to clean state (WARNING: removes all data!)
sudo rabbitmqctl reset

# Start the application
sudo rabbitmqctl start_app

# Force reset (use only if normal reset fails)
sudo rabbitmqctl force_reset

    Warning: Reset commands will delete all data including queues, exchanges, users, and virtual hosts. Always backup important data before resetting.

    Next Steps

    Set up monitoring with Prometheus and Grafana
    Configure automated backups for definitions
    Implement dead letter exchanges for error handling
    Set up shovel or federation for multi-datacenter