Configuration

The following configuration settings are used by Starlight for RabbitMQ.

The way Starlight for RabbitMQ reads the configuration file depends on how you are running Starlight for RabbitMQ:

Standalone Java application: Configuration file passed as command line argument
Broker protocol handler: Broker configuration file
Proxy extension: Proxy configuration file

General configuration options

Name Default Description

Name	Default	Description
`configurationStoreServers`		Apache ZooKeeper™ configuration store connection string as a comma-separated list.
`amqpListeners`	`amqp://127.0.0.1:5672`	Specifies multiple advertised listeners for the proxy. Format the value as `amqp[s]://HOST:PORT` with commas separating multiple listeners.
`amqpSessionCountLimit`	`256`	The maximum number of sessions that can exist concurrently on an AMQP connection.
`amqpHeartbeatDelay`	`0`	The duration, in seconds, for the Broker and client to exchange heartbeat messages when using AMQP. Clients can negotiate a different heartbeat frequency or disable it altogether.
`amqpHeartbeatTimeoutFactor`	`2`	Factor to determine the maximum length of time that can elapse between heartbeats being received from the peer before an AMQP0.9 connection is considered broken.
`amqpNetworkBufferSize`	`2097152` (2MB)	AMQP network buffer size.
`amqpMaxMessageSize`	`104857600` (100MB)	AMQP maximum message size.
`amqpDebugBinaryDataLength`	`80`	AMQP length of binary data sent to debug log.
`amqpConnectionCloseTimeout`	`2000`	Timeout in ms after which the AMQP connection closes even if a `ConnectionCloseOk` frame isn’t received.
`amqpBatchingEnabled`	`true`	Whether batching messages is enabled in AMQP.

configurationStoreServers

Apache ZooKeeper™ configuration store connection string as a comma-separated list.

amqpListeners

amqp://127.0.0.1:5672

Specifies multiple advertised listeners for the proxy. Format the value as amqp[s]://HOST:PORT with commas separating multiple listeners.

amqpSessionCountLimit

256

The maximum number of sessions that can exist concurrently on an AMQP connection.

amqpHeartbeatDelay

0

The duration, in seconds, for the Broker and client to exchange heartbeat messages when using AMQP. Clients can negotiate a different heartbeat frequency or disable it altogether.

amqpHeartbeatTimeoutFactor

2

Factor to determine the maximum length of time that can elapse between heartbeats being received from the peer before an AMQP0.9 connection is considered broken.

amqpNetworkBufferSize

2097152 (2MB)

AMQP network buffer size.

amqpMaxMessageSize

104857600 (100MB)

AMQP maximum message size.

amqpDebugBinaryDataLength

80

AMQP length of binary data sent to debug log.

amqpConnectionCloseTimeout

2000

Timeout in ms after which the AMQP connection closes even if a ConnectionCloseOk frame isn’t received.

amqpBatchingEnabled

true

Whether batching messages is enabled in AMQP.

Authentication configuration

Name Description

Name	Description
`authenticationEnabled`	Whether authentication is enabled for the proxy. Default: `false`
`amqpAuthenticationMechanisms`	Comma-separated authentication mechanism name list for AMQP. For example: `PLAIN`, `EXTERNAL` Default: `PLAIN`
`tokenSecretKey`	Configure the secret key to be used to validate auth tokens. The key can be specified in either of the following ways: `tokenSecretKey=data:;base64,xxxxxxxxx` `tokenSecretKey=file:///my/secret.key` (Key file must be DER-encoded)
`tokenPublicKey`	Configure the public key to be used to validate auth tokens. The key can be specified in either of the following ways: `tokenPublicKey=data:;base64,xxxxxxxxx` `tokenPublicKey=file:///my/secret.key` (Key file must be DER-encoded)
`tokenAuthClaim`	Specify the token claim that is used as the authentication `principal` or `role`. If not set, the `subject` field is used.
`tokenAudienceClaim`	The token audience `claim` name used to get the audience from token. If not set, the audience isn’t verified. For example: `aud`
`tokenAudience`	The token audience stands for this broker. This parameter can be found in the `tokenAudienceClaim` field of a valid token.

authenticationEnabled

Whether authentication is enabled for the proxy.

Default: false

amqpAuthenticationMechanisms

Comma-separated authentication mechanism name list for AMQP.

For example: PLAIN, EXTERNAL

Default: PLAIN

tokenSecretKey

Configure the secret key to be used to validate auth tokens. The key can be specified in either of the following ways:

tokenSecretKey=data:;base64,xxxxxxxxx
tokenSecretKey=file:///my/secret.key (Key file must be DER-encoded)

tokenPublicKey

Configure the public key to be used to validate auth tokens. The key can be specified in either of the following ways:

tokenPublicKey=data:;base64,xxxxxxxxx
tokenPublicKey=file:///my/secret.key (Key file must be DER-encoded)

tokenAuthClaim

Specify the token claim that is used as the authentication principal or role. If not set, the subject field is used.

tokenAudienceClaim

The token audience claim name used to get the audience from token. If not set, the audience isn’t verified.

For example: aud

tokenAudience

The token audience stands for this broker. This parameter can be found in the tokenAudienceClaim field of a valid token.

Broker client configuration

Name Description

Name	Description
`brokerServiceURL`	The service URL pointing to the broker cluster.
`brokerWebServiceURL`	The web service URL pointing to the broker cluster.
`brokerClientAuthenticationPlugin`	The authentication plugin used by the Apache Pulsar™ proxy to authenticate with Pulsar brokers.
`brokerClientAuthenticationParameters`	The authentication parameters used by the Pulsar proxy to authenticate with Pulsar brokers.
`amqpBrokerClientAuthenticationParameters`	If set, the RabbitMQ service uses these parameters to authenticate on Pulsar’s brokers. If not set, the `brokerClientAuthenticationParameters` setting is used. This setting allows different credentials for the Pulsar proxy and the RabbitMQ service.
`tlsEnabledWithBroker`	Whether TLS is enabled when communicating with Pulsar brokers. Default: `false`
`brokerClientTrustCertsFilePath`	The path to trusted certificates used by the Pulsar proxy to authenticate with Pulsar brokers.
`brokerClientTlsEnabledWithKeyStore`	Whether the proxy uses KeyStore type to authenticate with Pulsar brokers.
`brokerClientTlsTrustStoreType`	TLS TrustStore type configuration for proxy used by the proxy to authenticate with Pulsar brokers. For example: `JKS`, `PKCS12`
`brokerClientTlsTrustStore`	TLS TrustStore path for proxy used by the Pulsar proxy to authenticate with Pulsar brokers.
`brokerClientTlsTrustStorePassword`	TLS TrustStore password for proxy used by the Pulsar proxy to authenticate with Pulsar brokers.

brokerServiceURL

The service URL pointing to the broker cluster.

brokerWebServiceURL

The web service URL pointing to the broker cluster.

brokerClientAuthenticationPlugin

The authentication plugin used by the Apache Pulsar™ proxy to authenticate with Pulsar brokers.

brokerClientAuthenticationParameters

The authentication parameters used by the Pulsar proxy to authenticate with Pulsar brokers.

amqpBrokerClientAuthenticationParameters

If set, the RabbitMQ service uses these parameters to authenticate on Pulsar’s brokers.

If not set, the brokerClientAuthenticationParameters setting is used.

This setting allows different credentials for the Pulsar proxy and the RabbitMQ service.

tlsEnabledWithBroker

Whether TLS is enabled when communicating with Pulsar brokers.

Default: false

brokerClientTrustCertsFilePath

The path to trusted certificates used by the Pulsar proxy to authenticate with Pulsar brokers.

brokerClientTlsEnabledWithKeyStore

Whether the proxy uses KeyStore type to authenticate with Pulsar brokers.

brokerClientTlsTrustStoreType

TLS TrustStore type configuration for proxy used by the proxy to authenticate with Pulsar brokers.

For example: JKS, PKCS12

brokerClientTlsTrustStore

TLS TrustStore path for proxy used by the Pulsar proxy to authenticate with Pulsar brokers.

brokerClientTlsTrustStorePassword

TLS TrustStore password for proxy used by the Pulsar proxy to authenticate with Pulsar brokers.

TLS configuration

Name Description

Name	Description
`tlsCertRefreshCheckDurationSec`	TLS certificate refresh duration in seconds. If set to `0`, Starlight for RabbitMQ checks the TLS certificate whenever there is a new connection. Default: `300`
`tlsCertificateFilePath`	Path for the TLS certificate file.
`tlsKeyFilePath`	Path for the TLS private key file.
`tlsTrustCertsFilePath`	Path for the trusted TLS certificate `pem` file.
`tlsAllowInsecureConnection`	Whether to accept untrusted TLS certificate from client. If `true`, a client with a certificate that cannot be verified with the `tlsTrustCertsFilePath` certificate is allowed to connect to the server, although the certificate won’t be used for client authentication.
`tlsHostnameVerificationEnabled`	Whether the hostname is validated when the proxy creates a TLS connection with brokers. Default: `false`
`tlsRequireTrustedClientCertOnConnect`	Whether client certificates are required for TLS. If the client certificate isn’t trusted, connections are rejected. Default: `false`
`tlsProtocols`	Specify the `tls` protocols the broker uses to negotiate during TLS handshake. Use commas to separate multiple values. For example: `TLSv1.3,TLSv1.2`
`tlsCiphers`	Specify the `tls` cipher the broker uses to negotiate during TLS handshake. Use commas to separate multiple values. For example: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`
`tlsRequireTrustedClientCertOnConnect`	Whether client certificates are required for TLS. If the client certificate isn’t trusted, connections are rejected.
`tlsEnabledWithKeyStore`	Enable TLS with KeyStore type configuration for proxy.
`tlsProvider`	TLS provider.
`tlsKeyStoreType`	TLS KeyStore type configuration for proxy. For example: `JKS`, `PKCS12`
`tlsKeyStore`	TLS KeyStore path for proxy.
`tlsKeyStorePassword`	TLS KeyStore password for proxy.
`tlsTrustStoreType`	TLS TrustStore type configuration for proxy. For example: `JKS`, `PKCS12`
`tlsTrustStore`	TLS TrustStore path for proxy
`tlsTrustStorePassword`	TLS TrustStore password for proxy

tlsCertRefreshCheckDurationSec

TLS certificate refresh duration in seconds.

If set to 0, Starlight for RabbitMQ checks the TLS certificate whenever there is a new connection.

Default: 300

tlsCertificateFilePath

Path for the TLS certificate file.

tlsKeyFilePath

Path for the TLS private key file.

tlsTrustCertsFilePath

Path for the trusted TLS certificate pem file.

tlsAllowInsecureConnection

Whether to accept untrusted TLS certificate from client.

If true, a client with a certificate that cannot be verified with the tlsTrustCertsFilePath certificate is allowed to connect to the server, although the certificate won’t be used for client authentication.

tlsHostnameVerificationEnabled

Whether the hostname is validated when the proxy creates a TLS connection with brokers.

Default: false

tlsRequireTrustedClientCertOnConnect

Whether client certificates are required for TLS. If the client certificate isn’t trusted, connections are rejected.

Default: false

tlsProtocols

Specify the tls protocols the broker uses to negotiate during TLS handshake. Use commas to separate multiple values.

For example: TLSv1.3,TLSv1.2

tlsCiphers

Specify the tls cipher the broker uses to negotiate during TLS handshake. Use commas to separate multiple values.

For example: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

tlsRequireTrustedClientCertOnConnect

Whether client certificates are required for TLS. If the client certificate isn’t trusted, connections are rejected.

tlsEnabledWithKeyStore

Enable TLS with KeyStore type configuration for proxy.

tlsProvider

TLS provider.

tlsKeyStoreType

TLS KeyStore type configuration for proxy.

For example: JKS, PKCS12

tlsKeyStore

TLS KeyStore path for proxy.

tlsKeyStorePassword

TLS KeyStore password for proxy.

tlsTrustStoreType

TLS TrustStore type configuration for proxy.

For example: JKS, PKCS12

tlsTrustStore

TLS TrustStore path for proxy

tlsTrustStorePassword

TLS TrustStore password for proxy

Configuration

General configuration options

Authentication configuration

Broker client configuration

TLS configuration

Was this helpful?

Give Feedback