RabbitMQ Web Stomp -- Turn off non-TLS connections?

Question

I have a RabbitMQ instance (running the current 3.7.9 + Erlang 21.1.1) that is working great.

I use the Web Stomp plugin to make values available in the browser using websockets and stomp.js. This is also working well.

My question is: how do I DISABLE the non-TLS connections using the new-format .conf files? I want to make sure we don't connect accidentally to the wrong port. Below is my .conf file for reference.

Current listening ports:

Protocol Bound to Port

amqp :: 5672

amqp/ssl :: 5671

clustering :: 25672

http/web-stomp :: 15674

https :: 15672

https/web-stomp :: 15671

stomp :: 61613

listeners.ssl.default = 5671
ssl_options.cacertfile = fullchain.pem
ssl_options.certfile   = cert.pem
ssl_options.keyfile    = privkey.pem
ssl_options.verify     = verify_peer
ssl_options.fail_if_no_peer_cert = false

management.listener.port = 15672
management.listener.ssl = true
management.listener.ssl_opts.cacertfile = fullchain.pem
management.listener.ssl_opts.certfile = cert.pem
management.listener.ssl_opts.keyfile = privkey.pem

web_stomp.ssl.port       = 15671
web_stomp.ssl.backlog    = 1024
web_stomp.ssl.certfile   = cert.pem
web_stomp.ssl.keyfile    = privkey.pem
web_stomp.ssl.cacertfile = fullchain.pem

The following links were VERY helpful, but I did not find an answer. https://www.rabbitmq.com/ssl.html#peer-verification

https://www.rabbitmq.com/web-stomp.html

Answer 1

As of version 3.7.9 there is no way to disable the HTTP listener. I suggest using the following setting to limit the listener to localhost only:

web_stomp.tcp.ip = 127.0.0.1

If you check the output of netstat -pan | fgrep beam.smp you will see port 15674 bound to a localhost listener.