containers/bitnami/rabbitmq

Bitnami Secure Image for RabbitMQ

RabbitMQ is an open source general-purpose message broker that is designed for consistent, highly-available messaging scenarios (both synchronous and asynchronous).

Overview of RabbitMQ Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.

TL;DR

docker run --name rabbitmq bitnami/rabbitmq:latest

You can find the default credentials and available configuration options in the Environment Variables section.

Why use Bitnami Secure Images?

Those are hardened, minimal CVE images built and maintained by Bitnami. Bitnami Secure Images are based on the cloud-optimized, security-hardened enterprise OS Photon Linux. Why choose BSI images?

• Hardened secure images of popular open source software with Near-Zero Vulnerabilities
• Vulnerability Triage & Prioritization with VEX Statements, KEV and EPSS Scores
• Compliance focus with FIPS, STIG, and air-gap options, including secure bill of materials (SBOM)
• Software supply chain provenance attestation through in-toto
• First class support for the internet’s favorite Helm charts

Each image comes with valuable security metadata. You can view the metadata in our public catalog here. Note: Some data is only available with commercial subscriptions to BSI.

If you are looking for our previous generation of images based on Debian Linux, please see the Bitnami Legacy registry.

How to deploy RabbitMQ in Kubernetes?

Deploying Bitnami applications as Helm Charts is the easiest way to get started with our applications on Kubernetes. Read more about the installation in the Bitnami RabbitMQ Chart GitHub repository.

Why use a non-root container?

Non-root container images add an extra layer of security and are generally recommended for production environments. However, because they run as a non-root user, privileged tasks are typically off-limits. Learn more about non-root containers in our docs.

Supported tags and respective Dockerfile links

Learn more about the Bitnami tagging policy and the difference between rolling tags and immutable tags in our documentation page.

Get this image

The recommended way to get the Bitnami RabbitMQ Docker Image is to pull the prebuilt image from the Docker Hub Registry.

docker pull bitnami/rabbitmq:latest

To use a specific version, you can pull a versioned tag. You can view the list of available versions in the Docker Hub Registry.

docker pull bitnami/rabbitmq:[TAG]

If you wish, you can also build the image yourself by cloning the repository, changing to the directory containing the Dockerfile and executing the docker build command. Remember to replace the APP, VERSION and OPERATING-SYSTEM path placeholders in the example command below with the correct values.

git clone https://github.com/bitnami/containers.git
cd bitnami/APP/VERSION/OPERATING-SYSTEM
docker build -t bitnami/APP:latest .

Using docker-compose.yaml

Please be aware this file has not undergone internal testing. Consequently, we advise its use exclusively for development or testing purposes. For production-ready deployments, we highly recommend utilizing its associated Bitnami Helm chart.

Persisting your application

If you remove the container all your data will be lost, and the next time you run the image the database will be reinitialized. To avoid this loss of data, you should mount a volume that will persist even after the container is removed.

For persistence you should mount a directory at the /bitnami/rabbitmq/mnesia path. If the mounted directory is empty, it will be initialized on the first run.

Note

As this is a non-root container, the mounted files and directories must have the proper permissions for the UID 1001.

Connecting to other containers

Using Docker container networking, a RabbitMQ server running inside a container can easily be accessed by your application containers.

Containers attached to the same network can communicate with each other using the container name as the hostname.

Configuration

The following section describes the supported environment variables

Environment variables

The following tables list the main variables you can set.

Customizable environment variables

Name	Description	Default Value
RABBITMQ_CONF_FILE	RabbitMQ configuration file.	${RABBITMQ_CONF_DIR}/rabbitmq.conf
RABBITMQ_DEFINITIONS_FILE	Whether to load external RabbitMQ definitions. This is incompatible with setting the RabbitMQ password securely.	/app/load_definition.json
RABBITMQ_SECURE_PASSWORD	Whether to set the RabbitMQ password securely. This is incompatible with loading external RabbitMQ definitions.	no
RABBITMQ_UPDATE_PASSWORD	Whether to update the password on container restart.	no
RABBITMQ_CLUSTER_NODE_NAME	RabbitMQ cluster node name. When specifying this, ensure you also specify a valid hostname as RabbitMQ will fail to start otherwise.	nil
RABBITMQ_CLUSTER_PARTITION_HANDLING	RabbitMQ cluster partition recovery mechanism.	ignore
RABBITMQ_DISK_FREE_RELATIVE_LIMIT	Disk relative free space limit of the partition on which RabbitMQ is storing data.	1.0
RABBITMQ_DISK_FREE_ABSOLUTE_LIMIT	Disk absolute free space limit of the partition on which RabbitMQ is storing data (takes precedence over the relative limit).	nil
RABBITMQ_ERL_COOKIE	Erlang cookie to determine whether different nodes are allowed to communicate with each other.	nil
RABBITMQ_VM_MEMORY_HIGH_WATERMARK	High memory watermark for RabbitMQ to block publishers and prevent new messages from being enqueued. Can be specified as an absolute or relative value (as percentage or value between 0 and 1).	nil
RABBITMQ_LOAD_DEFINITIONS	Whether to load external RabbitMQ definitions. This is incompatible with setting the RabbitMQ password securely.	no
RABBITMQ_MANAGEMENT_BIND_IP	RabbitMQ management server bind IP address.	0.0.0.0
RABBITMQ_MANAGEMENT_PORT_NUMBER	RabbitMQ management server port number.	15672
RABBITMQ_MANAGEMENT_ALLOW_WEB_ACCESS	Allow web access to RabbitMQ management portal for RABBITMQ_USERNAME	false
RABBITMQ_NODE_NAME	RabbitMQ node name.	rabbit@localhost
RABBITMQ_NODE_DEFAULT_QUEUE_TYPE	RabbitMQ default queue type node-wide.	nil
RABBITMQ_USE_LONGNAME	Whether to use fully qualified names to identify nodes	false
RABBITMQ_NODE_PORT_NUMBER	RabbitMQ node port number.	5672
RABBITMQ_NODE_TYPE	RabbitMQ node type.	stats
RABBITMQ_VHOST	RabbitMQ vhost.	/
RABBITMQ_VHOSTS	List of additional virtual host (vhost). Default queue type can be set using colon separator (RABBITMQ_VHOSTS=queue_name_0 queue_name_1:quorum)	nil
RABBITMQ_CLUSTER_REBALANCE	Rebalance the RabbitMQ Cluster.	false
RABBITMQ_CLUSTER_REBALANCE_ATTEMPTS	Max attempts for the rebalance check to run	100
RABBITMQ_USERNAME	RabbitMQ user name.	user
RABBITMQ_PASSWORD	RabbitMQ user password.	bitnami
RABBITMQ_FORCE_BOOT	Force a node to start even if it was not the last to shut down	no
RABBITMQ_ENABLE_LDAP	Enable the LDAP configuration.	no
RABBITMQ_LDAP_TLS	Enable secure LDAP configuration.	no
RABBITMQ_LDAP_SERVERS	Comma, semi-colon or space separated list of LDAP server hostnames.	nil
RABBITMQ_LDAP_SERVERS_PORT	LDAP servers port.	389
RABBITMQ_LDAP_USER_DN_PATTERN	DN used to bind to LDAP in the form cn=$${username},dc=example,dc=org.	nil
RABBITMQ_NODE_SSL_PORT_NUMBER	RabbitMQ node port number for SSL connections.	5671
RABBITMQ_SSL_CACERTFILE	Path to the RabbitMQ server SSL CA certificate file.	nil
RABBITMQ_SSL_CERTFILE	Path to the RabbitMQ server SSL certificate file.	nil
RABBITMQ_SSL_KEYFILE	Path to the RabbitMQ server SSL certificate key file.	nil
RABBITMQ_SSL_PASSWORD	RabbitMQ server SSL certificate key password.	nil
RABBITMQ_SSL_DEPTH	Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path.	nil
RABBITMQ_SSL_FAIL_IF_NO_PEER_CERT	Whether to reject TLS connections if client fails to provide a certificate.	no
RABBITMQ_SSL_VERIFY	Whether to enable peer SSL certificate verification. Valid values: verify_none, verify_peer.	verify_none
RABBITMQ_MANAGEMENT_SSL_PORT_NUMBER	RabbitMQ management server port number for SSL/TLS connections.	15671
RABBITMQ_MANAGEMENT_SSL_CACERTFILE	Path to the RabbitMQ management server SSL CA certificate file.	$RABBITMQ_SSL_CACERTFILE
RABBITMQ_MANAGEMENT_SSL_CERTFILE	Path to the RabbitMQ server SSL certificate file.	$RABBITMQ_SSL_CERTFILE
RABBITMQ_MANAGEMENT_SSL_KEYFILE	Path to the RabbitMQ management server SSL certificate key file.	$RABBITMQ_SSL_KEYFILE
RABBITMQ_MANAGEMENT_SSL_PASSWORD	RabbitMQ management server SSL certificate key password.	$RABBITMQ_SSL_PASSWORD
RABBITMQ_MANAGEMENT_SSL_DEPTH	Maximum number of non-self-issued intermediate certificates that may follow the peer certificate in a valid certification path, for the RabbitMQ management server.	nil
RABBITMQ_MANAGEMENT_SSL_FAIL_IF_NO_PEER_CERT	Whether to reject TLS connections if client fails to provide a certificate for the RabbitMQ management server.	yes
RABBITMQ_MANAGEMENT_SSL_VERIFY	Whether to enable peer SSL certificate verification for the RabbitMQ management server. Valid values: verify_none, verify_peer.	verify_peer

Read-only environment variables

Name	Description	Value
RABBITMQ_VOLUME_DIR	Persistence base directory.	/bitnami/rabbitmq
RABBITMQ_BASE_DIR	RabbitMQ installation directory.	/opt/bitnami/rabbitmq
RABBITMQ_BIN_DIR	RabbitMQ executables directory.	${RABBITMQ_BASE_DIR}/sbin
RABBITMQ_DATA_DIR	RabbitMQ data directory.	${RABBITMQ_VOLUME_DIR}/mnesia
RABBITMQ_CONF_DIR	RabbitMQ configuration directory.	${RABBITMQ_BASE_DIR}/etc/rabbitmq
RABBITMQ_DEFAULT_CONF_DIR	RabbitMQ default configuration directory.	${RABBITMQ_BASE_DIR}/etc/rabbitmq.default
RABBITMQ_CONF_ENV_FILE	RabbitMQ configuration file for environment variables.	${RABBITMQ_CONF_DIR}/rabbitmq-env.conf
RABBITMQ_HOME_DIR	RabbitMQ home directory.	${RABBITMQ_BASE_DIR}/.rabbitmq
RABBITMQ_LIB_DIR	RabbitMQ lib directory.	${RABBITMQ_BASE_DIR}/var/lib/rabbitmq
RABBITMQ_INITSCRIPTS_DIR	RabbitMQ init scripts directory.	/docker-entrypoint-initdb.d
RABBITMQ_LOGS_DIR	RabbitMQ logs directory.	${RABBITMQ_BASE_DIR}/var/log/rabbitmq
RABBITMQ_PLUGINS_DIR	RabbitMQ plugins directory.	${RABBITMQ_BASE_DIR}/plugins
RABBITMQ_MOUNTED_CONF_DIR	RabbitMQ directory for mounted configuration files.	${RABBITMQ_VOLUME_DIR}/conf
RABBITMQ_DAEMON_USER	RabbitMQ system user name.	rabbitmq
RABBITMQ_DAEMON_GROUP	RabbitMQ system user group.	rabbitmq
RABBITMQ_MNESIA_BASE	Path to RabbitMQ mnesia directory.	$RABBITMQ_DATA_DIR
RABBITMQ_COMBINED_CERT_PATH	Path to the RabbitMQ server SSL certificate key file.	${RABBITMQ_COMBINED_CERT_PATH:-/tmp/rabbitmq_combined_keys.pem}

When you start the rabbitmq image, you can adjust the configuration of the instance by passing one or more environment variables either on the docker-compose file or on the docker run command line.

Configuration file

A custom rabbitmq.conf configuration file can be mounted to the /bitnami/rabbitmq/conf directory. If no file is mounted, the container will generate a default one based on the environment variables. You can also mount on this directory your own advanced.config (using classic Erlang terms) and rabbitmq-env.conf configuration files.

As an alternative, you can also mount a custom.conf configuration file and mount it to the /bitnami/rabbitmq/conf directory. In this case, the default configuation file will be generated and, later on, the settings available in the custom.conf configuration file will be merged with the default ones.

FIPS configuration in Bitnami Secure Images

The Bitnami RabbitMQ Docker image from the Bitnami Secure Images catalog includes extra features and settings to configure the container with FIPS capabilities. You can configure the next environment variables:

• OPENSSL_FIPS: whether OpenSSL runs in FIPS mode or not. yes (default), no.

Permission of SSL/TLS certificate and key files

If you bind mount the certificate and key files from your local host to the container, make sure to set proper ownership and permissions of those files:

sudo chown 1001:root <your cert/key files>
sudo chmod 400 <your cert/key files>

Enabling LDAP support

LDAP configuration parameters must be specified if you wish to enable LDAP support for RabbitMQ. The following environment variables are available to configure LDAP support:

• RABBITMQ_ENABLE_LDAP: Enable the LDAP configuration. Defaults to no.
• RABBITMQ_LDAP_TLS: Enable secure LDAP configuration. Defaults to no.
• RABBITMQ_LDAP_SERVERS: Comma, semi-colon or space separated list of LDAP server hostnames. No defaults.
• RABBITMQ_LDAP_SERVERS_PORT: LDAP servers port. Defaults: 389
• RABBITMQ_LDAP_USER_DN_PATTERN: DN used to bind to LDAP in the form cn=$${username},dc=example,dc=org.No defaults.

Note: To escape $ in RABBITMQ_LDAP_USER_DN_PATTERN you need to use $$.

Follow these instructions to use the Bitnami Docker OpenLDAP image to create an OpenLDAP server and use it to authenticate users on RabbitMQ.

Logging

The Bitnami RabbitMQ Docker image sends the container logs to the stdout. To view the logs:

docker logs rabbitmq

or using Docker Compose:

docker-compose logs rabbitmq

You can configure the containers logging driver using the --log-driver option if you wish to consume the container logs differently. In the default configuration docker uses the json-file driver.

Notable changes

4.1.1-debian-12-r3

• The environment variable RABBITMQ_VHOSTS can be used to set the default queue type for each virtual host using : separator: RABBITMQ_VHOSTS=queue_name_0 queue_name_1:quorum
• New enviroment variable RABBITMQ_NODE_DEFAULT_QUEUE_TYPE to set default queue type node-wide.

3.8.16-debian-10-r28

• Added several minor changes to make the container compatible with the RabbitMQ Cluster Operator:
  • Add /etc/rabbitmq, /var/log/rabbitmq and /var/lib/rabbitmq as symlinks to the corresponding folders in /opt/bitnami/rabbitmq.
  • Set the RABBITMQ_SECURE_PASSWORD password to no by default. This does not affect the Bitnami RabbitMQ helm as it sets that variable to yes by default.
  • Enable the rabbitmq-prometheus plugin by default.

3.8.9-debian-10-r82

• Add script to be used as preStop hook on K8s environments. It waits until queues have synchronised mirror before shutting down.

3.8.9-debian-10-r42

• The environment variable RABBITMQ_HASHED_PASSWORD has not been used for some time. It is now removed from documentation and validation.
• New boolean environment variable RABBITMQ_LOAD_DEFINITIONS to get behavior compatible with using the load_definitions configuration. Initially this means that the password of RABBITMQ_USERNAME is not changed using rabbitmqctl change_password.

3.8.3-debian-10-r109

• The default configuration file is created following the "sysctl" or "ini-like" format instead of using Erlang terms. Check Official documentation for more information about supported formats.
• Migrating data/configuration from unsupported locations is not performed anymore.
• New environment variable RABBITMQ_FORCE_BOOT to force a node to start even if it was not the last to shut down.
• New environment variable RABBITMQ_PLUGINS to indicate a list of plugins to enable during the initialization.
• Add healthcheck scripts to be used on K8s environments.

3.8.0-r17, 3.8.0-ol-7-r26

• LDAP authentication

3.7.15-r18, 3.7.15-ol-7-r19

• Decrease the size of the container. Node.js is not needed anymore. RabbitMQ configuration logic has been moved to bash scripts in the rootfs folder.
• Configuration is not persisted anymore.

3.7.7-r35

• The RabbitMQ container includes a new environment variable RABBITMQ_HASHED_PASSWORD that allows setting password via SHA256 hash (consult official documentation for more information about password hashes).
• Please note that password hashes must be generated following the official algorithm. You can use this Python script to generate them.

3.7.7-r19

• The RabbitMQ container has been migrated to a non-root user approach. Previously the container ran as the root user and the RabbitMQ daemon was started as the rabbitmq user. From now on, both the container and the RabbitMQ daemon run as user 1001. As a consequence, the data directory must be writable by that user. You can revert this behavior by changing USER 1001 to USER root in the Dockerfile.

3.6.5-r2

The following parameters have been renamed:

From	To
RABBITMQ_ERLANG_COOKIE	RABBITMQ_ERL_COOKIE
RABBITMQ_NODETYPE	RABBITMQ_NODE_TYPE
RABBITMQ_NODEPORT	RABBITMQ_NODE_PORT
RABBITMQ_NODENAME	RABBITMQ_NODE_NAME
RABBITMQ_CLUSTERNODENAME	RABBITMQ_CLUSTER_NODE_NAME
RABBITMQ_MANAGERPORT	RABBITMQ_MANAGER_PORT

License

Copyright © 2026 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.