Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

queue: Allow enabling TLS for the RabbitMQ connection. 

This allows using cloud-based RabbitMQ services like AmazonMQ.

Fixes: #24699.
This commit is contained in:
Alex Vandiver 2023-03-23 19:04:19 +00:00 committed by Tim Abbott
parent 262b19346e
commit bf532de8bb
3 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
zerver/lib/queue.py
View File

@ -1,10 +1,11 @@
import logging import logging
import random import random
import ssl
import threading import threading
import time import time
from abc import ABCMeta, abstractmethod from abc import ABCMeta, abstractmethod
from collections import defaultdict from collections import defaultdict
from typing import Any, Callable, Dict, Generic, List, Mapping, Optional, Set, TypeVar, Union from typing import Any, Callable, Dict, Generic, List, Mapping, Optional, Set, Type, TypeVar, Union
import orjson import orjson
import pika import pika
@ -77,11 +78,18 @@ class QueueClient(Generic[ChannelT], metaclass=ABCMeta):
if self.rabbitmq_heartbeat == 0: if self.rabbitmq_heartbeat == 0:
tcp_options = dict(TCP_KEEPIDLE=60 * 5) tcp_options = dict(TCP_KEEPIDLE=60 * 5)
ssl_options: Union[
Type[pika.ConnectionParameters._DEFAULT], pika.SSLOptions
] = pika.ConnectionParameters._DEFAULT
if settings.RABBITMQ_USE_TLS:
ssl_options = pika.SSLOptions(context=ssl.create_default_context())
return pika.ConnectionParameters( return pika.ConnectionParameters(
settings.RABBITMQ_HOST, settings.RABBITMQ_HOST,
port=settings.RABBITMQ_PORT, port=settings.RABBITMQ_PORT,
heartbeat=self.rabbitmq_heartbeat, heartbeat=self.rabbitmq_heartbeat,
tcp_options=tcp_options, tcp_options=tcp_options,
ssl_options=ssl_options,
credentials=credentials, credentials=credentials,
) )

1
zproject/default_settings.py
View File

@ -173,6 +173,7 @@ MEMCACHED_USERNAME = None if get_secret("memcached_password") is None else "zuli
RABBITMQ_HOST = "127.0.0.1" RABBITMQ_HOST = "127.0.0.1"
RABBITMQ_PORT = 5672 RABBITMQ_PORT = 5672
RABBITMQ_USERNAME = "zulip" RABBITMQ_USERNAME = "zulip"
RABBITMQ_USE_TLS = False
REDIS_HOST = "127.0.0.1" REDIS_HOST = "127.0.0.1"
REDIS_PORT = 6379 REDIS_PORT = 6379
REMOTE_POSTGRES_HOST = "" REMOTE_POSTGRES_HOST = ""

4
zproject/prod_settings_template.py
View File

@ -584,6 +584,10 @@ SOCIAL_AUTH_SAML_SUPPORT_CONTACT = {
# RABBITMQ_PORT = 5672 # RABBITMQ_PORT = 5672
## To use another RabbitMQ user than the default "zulip", set RABBITMQ_USERNAME here. ## To use another RabbitMQ user than the default "zulip", set RABBITMQ_USERNAME here.
# RABBITMQ_USERNAME = "zulip" # RABBITMQ_USERNAME = "zulip"
## To access the RabbitMQ server over TLS, set this to True; this is
## generally only necessary if RabbitMQ is running on a separate,
## cloud-managed, host.
# RABBITMQ_USE_TLS = False
######## ########
## Redis configuration. ## Redis configuration.