Help Center> Distributed Message Service for RocketMQ> User Guide> Accessing an Instance> Accessing RocketMQ on a Client (With SSL)
Updated on 2024-07-10 GMT+08:00
View PDF

Accessing RocketMQ on a Client (With SSL)

If SSL is enabled, data will be encrypted before transmission for enhanced security. This section describes how to use TCP to connect to a RocketMQ instance with SSL in CLI mode.

Intra-VPC access and public access differ only in the connection IP addresses and ports. For intra-VPC access, use port 8100. For public access, use port 8200.

The following describes only the procedure for public access. For intra-VPC access, replace the IP addresses with the actual ones.

Prerequisites

  • A RocketMQ instance has been created and you have obtained the connection addresses for intra-VPC access or public network access.
  • Security group rules have been configured.
  • A topic has been created.
  • An ECS has been created. To access a RocketMQ instance over a private network, ensure that the VPC, subnet, and security group of the ECS are the same as those of the RocketMQ instance.
  • JDK v1.8.111 or later has been installed, and related environment variables have been configured.

Accessing the Instance with CLI

  1. Download the rocketmq-tutorial software package.

    wget https://dms-demos.obs.cn-north-1.myhuaweicloud.com/rocketmq-tutorial.zip

  2. Decompress the rocketmq-tutorial package.

    unzip rocketmq-tutorial.zip

  3. (Optional) If ACL is enabled for the RocketMQ instance, authentication is required when you run the mqadmin command.

    Switch to the directory where the decompressed software package is stored and add the following content to the conf/tools.yml file: 
    accessKey:*******
secretKey:*******

    accessKey and secretKey are the username and secret key set on the Users page of the console.

  4. Go to the rocketmq-tutorial/bin directory.

    cd rocketmq-tutorial/bin

  5. Produce normal messages using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "${Connection addresses}" -t ${Topic name} -p "hello rocketmq"

    Parameter description:

    • Connection addresses: the Instance Address for private network access or Instance Address (Public Network) for public network access.
    • Topic name: name of the topic created for the RocketMQ instance

    In the following example, 100.xxx.xxx.89:8200;100.xxx.xxx.144:8200 are the metadata connection addresses for public network access to the RocketMQ instance, and topic-test is the topic name.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "100.xxx.xxx.89:8200;100.xxx.xxx.144:8200" -t topic-test -p "hello rocketmq"

    Press Ctrl+C to exit.

  6. Consume normal messages using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "${Connection addresses}" -t ${Topic name}

    Parameter description:

    • Connection addresses: the Instance Address for private network access or Instance Address (Public Network) for public network access.
    • Topic name: name of the topic created for the RocketMQ instance

    In the following example, 100.xxx.xxx.89:8200;100.xxx.xxx.144:8200 are the metadata connection addresses for public network access to the RocketMQ instance, and topic-test is the topic name.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "100.xxx.xxx.89:8200;100.xxx.xxx.144:8200" -t topic-test

    To stop consuming messages, press Ctrl+C to exit.

  7. Create messages with traces using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "${Connection addresses}" -t ${Topic name} -p "hello rocketmq" -m true

    Parameter description:

    • Connection addresses: the Instance Address for private network access or Instance Address (Public Network) for public network access.
    • Topic name: name of the topic created for the RocketMQ instance

    In the following example, 100.xxx.xxx.89:8200;100.xxx.xxx.144:8200 are the metadata connection addresses for public network access to the RocketMQ instance, and topic-test is the topic name.

    JAVA_OPT=-Dtls.enable=true sh mqadmin sendMessage -n "100.xxx.xxx.89:8200;100.xxx.xxx.144:8200" -t topic-test -p "hello rocketmq" -m true

    Press Ctrl+C to exit.

  8. Retrieve messages and send the message traces using the sample project.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "${Connection addresses}" -t ${Topic name} -m true

    Parameter description:

    • Connection addresses: the Instance Address for private network access or Instance Address (Public Network) for public network access.
    • Topic name: name of the topic created for the RocketMQ instance

    In the following example, 100.xxx.xxx.89:8200;100.xxx.xxx.144:8200 are the metadata connection addresses for public network access to the RocketMQ instance, and topic-test is the topic name.

    JAVA_OPT=-Dtls.enable=true sh mqadmin consumeMessage -n "100.xxx.xxx.89:8200;100.xxx.xxx.144:8200" -t topic-test -m true

    Press Ctrl+C to exit.

Accessing the Instance with Spring

To access a RocketMQ instance with Spring 2.3.0 or later, do as follows:

  • For producers

    Add the following line in the application.properties configuration file:

    rocketmq.producer.tls-enable=true

    For example of producing messages, see Send Message.

  • For consumers

    Set parameter tlsEnable to true. For example:

    @Service
@RocketMQMessageListener(
    topic = "test-topic-1", 
    consumerGroup = "my-consumer_test-topic-1",
    tlsEnable = "true"
)
public class MyConsumer implements RocketMQListener<String> {
    ...
}

    Replace the information in bold with the actual values. For example of consuming messages, see Consume Message.

Parent topic: Accessing an Instance