Xray: How to troubleshoot Xray(3.x) RabbitMQ TLS configuration issues

Xray: How to troubleshoot Xray(3.x) RabbitMQ TLS configuration issues

AuthorFullName__c
Ino Choi
articleNumber
000005161
ft:sourceType
Salesforce
FirstPublishedDate
2021-11-14T08:02:49Z
lastModifiedDate
2021-11-14
VersionNumber
4

Note: Relevant for Xray 3.x

By default, Xray communicates to PostgreSQL and RabbitMQ microservices unencrypted. To secure these channels, we can set up encrypted connections using TLS certificates. Detailed instructions on this setup can be found here.

During the setup, you may encounter some problems. The following are some of the encountered issues and how to resolve them.

Issue #1: Error connecting to rabbit message queue
Error:

2021-11-09T00:02:41.977Z [jfxr ] [ERROR] [da41ec3606a2afb4] [mq_connector:187              ] [main                ] Error connecting to rabbit message queue check mq settings. Error: dial tcp 127.0.0.1:5671: connect: connection refused

Resolution:
Make sure the name “CN=rabbitmq” is a resolvable DNS.
You may define the name in the /etc/hosts file.

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 rabbitmq

If you still run into the same error message, try restarting the Xray server.

 

Issue #2: x509: certificate error
Error:

2021-11-09T00:05:44.093Z [jfxr ] [ERROR] [78eb064b71ff3030] [mq_connector:187              ] [main                ] Error connecting to rabbit message queue check mq settings. Error: x509: certificate relies on legacy Common Name field, use SANs or temporarily enable Common Name matching with GODEBUG=x509ignoreCN=0

Resolution:  Add the following parameter in system.yaml (under $JFROG_HOME/xray/var/etc/)  and restart Xray.

shared:
    env:
        GODEBUG: "x509ignoreCN=0"