By name: networking description: Container networking configuration for RabbitMQ with Podman compose license: MIT compatibility: opencode metadata: networking: container tool: podman domain: infrastructure
What I Do
Provide networking configuration and troubleshooting guidance for RabbitMQ container deployment in the crypto-scout ecosystem.
Network Architecture
┌─────────────────────────────────────────────────────────────────┐
│ Host System │
│ │
│ ┌──────────────────────────────────────────────────────────┐ │
│ │ crypto-scout-bridge (Network) │ │
│ │ │ │
│ │ ┌──────────────┐ ┌─────────────────────┐ │ │
│ │ │ crypto-scout │◀───────▶│ crypto-scout- │ │ │
│ │ │ -mq │ 5672 │ client │ │ │
│ │ │ │ 5552 │ │ │ │
│ │ └──────┬───────┘ └─────────────────────┘ │ │
│ │ │ │ │
│ │ │ ┌─────────────────────┐ │ │
│ │ └──▶ crypto-scout- │ │ │
│ │ │ collector │ │ │
│ │ └─────────────────────┘ │ │
│ │ │ │
│ └──────────────────────────────────────────────────────────┘ │
│ │
│ External access: 127.0.0.1:15672 ──▶ Management UI │
└─────────────────────────────────────────────────────────────────┘
Port Configuration
Internal Ports (Container Network Only)
| Port | Protocol | Purpose | Exposure |
|---|---|---|---|
| 5672 | AMQP | Queue messaging | Container only |
| 5552 | Streams | Stream messaging | Container only |
| 4369 | EPMD | Erlang discovery | Container only |
| 25672 | Clustering | Inter-node communication | Container only |
External Ports (Host Access)
| Port | Binding | Purpose |
|---|---|---|
| 15672 | 127.0.0.1:15672 | Management UI (localhost only) |
Network Configuration
External Network Creation
# Create once for all services using helper script
./script/network.sh
# Or manually
podman network create crypto-scout-bridge
# Verify creation
podman network ls
podman network inspect crypto-scout-bridge
Compose Network Declaration
networks:
crypto-scout-bridge:
name: crypto-scout-bridge
external: true
Service Network Attachment
services:
crypto-scout-mq:
networks:
- crypto-scout-bridge
DNS and Discovery
Container Hostnames
services:
crypto-scout-mq:
hostname: crypto_scout_mq # Underscores for Erlang compatibility
container_name: crypto-scout-mq
Service Discovery
Services connect using container names:
// From crypto-scout-client
Environment.builder()
.host("crypto-scout-mq") // Container name resolves
.port(5552)
.build();
Advertised Host (Streams)
# rabbitmq.conf
stream.advertised_host = crypto_scout_mq
stream.advertised_port = 5552
Connectivity Testing
From Host
# Management UI (localhost only)
curl http://127.0.0.1:15672
# AMQP/Streams NOT accessible from host
nc -zv localhost 5672 # Should fail
nc -zv localhost 5552 # Should fail
From Other Containers
# Test from client container
podman exec crypto-scout-client nc -zv crypto-scout-mq 5672
podman exec crypto-scout-client nc -zv crypto-scout-mq 5552
# Test DNS resolution
podman exec crypto-scout-client nslookup crypto-scout-mq
# Ping test
podman exec crypto-scout-client ping -c 3 crypto-scout-mq
Diagnostics
# Container network info
podman inspect crypto-scout-mq | jq '.[0].NetworkSettings.Networks'
# IP address
podman inspect -f '{{.NetworkSettings.IPAddress}}' crypto-scout-mq
# Check listening ports
podman exec crypto-scout-mq rabbitmq-diagnostics -q listeners
Troubleshooting
Connection Refused
# Check if RabbitMQ is running
podman ps | grep crypto-scout-mq
./script/rmq_compose.sh status
# Check logs for startup errors
podman logs crypto-scout-mq
# Verify port binding
podman exec crypto-scout-mq netstat -tlnp
DNS Resolution Failure
# Check network connectivity
podman exec crypto-scout-client ping crypto-scout-mq
# Verify network membership
podman inspect crypto-scout-mq | grep -A 10 "Networks"
# Restart with network
./script/rmq_compose.sh down
./script/rmq_compose.sh up -d
Port Conflicts
# Check host port usage
lsof -i :15672
lsof -i :5672
lsof -i :5552
# Change management port if needed
# In podman-compose.yml:
ports:
- "127.0.0.1:15673:15672"
Network Not Found
# Create network if missing
./script/network.sh
# Or manually
podman network create crypto-scout-bridge
# Then restart service
./script/rmq_compose.sh restart
Advanced Configuration
Custom Subnet
# Create network with specific subnet
podman network create \
--subnet 10.88.10.0/24 \
--gateway 10.88.10.1 \
crypto-scout-bridge
IPv6 Support
# podman-compose.yml
networks:
crypto-scout-bridge:
enable_ipv6: true
ipam:
config:
- subnet: 2001:db8::/64
MTU Configuration
# If experiencing network issues
networks:
crypto-scout-bridge:
driver_opts:
mtu: 1400
Security Considerations
Network Isolation
# Verify no host exposure for AMQP/Streams
podman port crypto-scout-mq
# Should only show: 127.0.0.1:15672 -> 15672
# Verify internal ports not exposed
podman inspect crypto-scout-mq | grep -A 20 PortBindings
Inter-Service Communication
- Services should use container names for DNS resolution
- No hardcoded IP addresses
- Communication encrypted at application level if needed
- All services must be on crypto-scout-bridge network
Performance Tuning
Connection Limits
ulimits:
nofile:
soft: 65536
hard: 65536
Network Mode
# For host networking (not recommended for production)
network_mode: host
Monitoring
Network Metrics
# Container network I/O
podman stats crypto-scout-mq
# Connection count
podman exec crypto-scout-mq rabbitmqctl list_connections | wc -l
# Network interfaces in container
podman exec crypto-scout-mq ip addr
Bridge Network Inspection
# Inspect the bridge network
podman network inspect crypto-scout-bridge
# List containers on network
podman network inspect crypto-scout-bridge | jq '.[0].containers'
When to Use Me
Use this skill when:
- Setting up container networking
- Troubleshooting connectivity issues
- Configuring service discovery
- Understanding port exposure
- Implementing network security
- Optimizing network performance
- Debugging DNS resolution