Exposing RabbitMQ Admin UI via nginx
You may have come across a scenario where you need to expose the RabbitMQ Admin UI through nginx. In my case, RabbitMQ is on Amazon MQ and we wanted to expose admin UI to our corporate network via the VPN. Our solution is to expose it via an nginx that runs on jump host / bastion host.
At first we had only one RabbitMQ server. So it was straight forward. But then we had the requirement that we need to front two RabbitMQ servers with the nginx. This is the initial configuration I used to solve this. Here I used nginx reverse proxy features with url rewrite.
server {
listen 443 ssl default_server;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/private.key;
location ~* /rabbitmq/a/(.*) {
rewrite ^/rabbitmq/a/(.*)$ /$1 break;
proxy_pass https://<rabbitmq_a_http_endpoint>;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
location ~* /rabbitmq/b/(.*) {
rewrite ^/rabbitmq/b/(.*)$ /$1 break;
proxy_pass https://<rabbitmq_b_http_endpoint>;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
}With this we could easily login to the both RabbitMQ webapps using different paths. But then we realized some pages such as the queue details page are not working due to issues in api calls. To solve that I had to separate out api paths. When I do that I realized there is a specific api path that needs to be handled differently to others as well. Following is the final configuration I used and all pages are reachable now.
server {
listen 443 ssl default_server;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/private.key;
location = /rabbitmq/a/api/deprecated-features/used {
proxy_pass https://<rabbitmq_a_http_endpoint>/api/deprecated-features/used;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
location ~* /rabbitmq/a/api/(.*?)/(.*) {
proxy_pass https://<rabbitmq_a_http_endpoint>/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
location ~* /rabbitmq/a/(.*) {
rewrite ^/rabbitmq/a/(.*)$ /$1 break;
proxy_pass https://<rabbitmq_a_http_endpoint>;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
location = /rabbitmq/b/api/deprecated-features/used {
proxy_pass https://<rabbitmq_b_http_endpoint>/api/deprecated-features/used;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
}
location ~* /rabbitmq/b/api/(.*?)/(.*) {
proxy_pass https://<rabbitmq_b_http_endpoint>/api/$1/%2F/$2?$query_string;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
location ~* /rabbitmq/b/(.*) {
rewrite ^/rabbitmq/b/(.*)$ /$1 break;
proxy_pass https://<rabbitmq_b_http_endpoint>;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
rewrite_log on;
}
}Hope this saves someone’s day. Good luck !!!