Articles

RabbitMQ Production Checklist: Before You Go Live (2026)

April 16, 2026 6 min read

RabbitMQ’s message durability isn’t about how long messages wait to be delivered, but how long they survive a broker restart.

Let’s walk through what makes RabbitMQ production-ready, assuming you’ve got your basic installation and management UI up. This isn’t about if it works, but how well it works when it matters.

Cluster Setup and Networking

First off, avoid single points of failure. Your RabbitMQ cluster needs to be accessible to your applications and other cluster nodes.

Diagnosis: Check network connectivity between all nodes using ping and telnet to the RabbitMQ port (default 5672 for AMQP, 15672 for management UI).

ping rabbitmq-node-2
telnet rabbitmq-node-2 5672

Ensure your firewall rules allow traffic on these ports between all nodes and clients.

Fix: If ping fails, resolve DNS or IP address issues. If telnet fails, check iptables or firewalld rules on the target node.

# Example for iptables: allow from specific IP ranges
sudo iptables -A INPUT -p tcp --dport 5672 -s 192.168.1.0/24 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 15672 -s 192.168.1.0/24 -j ACCEPT
# Reload or save rules depending on your distro

Why it works: This ensures that RabbitMQ’s core communication channels are open, allowing nodes to form a cluster and clients to connect.

RabbitMQ uses Erlang’s distribution mechanism for clustering. All nodes in a cluster must share the same secret "Erlang cookie."

Diagnosis: On each node, check the contents of the .erlang.cookie file in the user’s home directory that runs the RabbitMQ process.

sudo cat /var/lib/rabbitmq/.erlang.cookie

Compare these values across all nodes.

Fix: If cookies differ, stop RabbitMQ on the nodes with the incorrect cookie, overwrite their .erlang.cookie file with the correct one from a working node, and restart RabbitMQ.

# On node with incorrect cookie:
sudo systemctl stop rabbitmq-server
# Copy the correct cookie content from another node
echo "YOUR_CORRECT_ERLANG_COOKIE" | sudo tee /var/lib/rabbitmq/.erlang.cookie
sudo chown rabbitmq:rabbitmq /var/lib/rabbitmq/.erlang.cookie
sudo chmod 400 /var/lib/rabbitmq/.erlang.cookie
sudo systemctl start rabbitmq-server

Why it works: A shared cookie acts as a shared secret, authenticating nodes to each other for inter-node communication.

High Availability and Queues

For production, your queues need to survive node failures. This means using mirrored queues.

Diagnosis: In the RabbitMQ Management UI, navigate to the "Admin" tab -> "Policies." Check if a policy is defined for your application’s vhost that mirrors queues. If no policy exists, check the definition of your queues. Are they declared with x-ha-mode?

Fix: Define a policy that applies to your application’s vhost and queue names, setting ha-mode to all or exactly and ha-sync-mode to automatic.

// Example policy definition (via Management UI or rabbitmqctl)
{
  "vhost": "/my_app_vhost",
  "name": "ha-policy",
  "pattern": ".*", // Applies to all queues in this vhost
  "definition": {
    "ha-mode": "all",
    "ha-sync-mode": "automatic"
  }
}

Or, when declaring queues programmatically, set x-ha-mode and x-ha-params arguments:

# Example using Python client
channel.queue_declare(queue='my_durable_queue',
                      durable=True,
                      arguments={
                          'x-ha-mode': 'all',
                          'x-ha-sync-mode': 'automatic'
                      })

Why it works: Mirrored queues replicate message data across multiple nodes in the cluster. If one node fails, another can take over serving the queue transparently.

Disk Space and Memory Limits

RabbitMQ is sensitive to disk space and memory usage. Running out of either can cause instability or node evictions.

Diagnosis: Monitor disk space using df -h and memory usage with free -m on each RabbitMQ node. Check RabbitMQ’s own memory usage via the Management UI (Overview tab) or rabbitmqctl status. Look for the mem_used and disk_free metrics.

# On each node
df -h
free -m
sudo rabbitmqctl status | grep memory

Fix: Configure memory and disk alarms in RabbitMQ. In /etc/rabbitmq/rabbitmq.conf (or advanced.config for older versions):

# rabbitmq.conf example
vm_memory_high_watermark.relative = 0.7 # Use 70% of system RAM
disk_free_limit.absolute = 2000000000 # 2GB free disk space

Restart RabbitMQ after changes. For disk space, free up space by deleting old logs, message_வுகளில்_logs, or old message data if applicable, or add more disk. For memory, consider increasing system RAM or tuning the watermark. Why it works: Setting watermarks prevents RabbitMQ from consuming all available resources. When limits are reached, RabbitMQ will stop accepting new messages or potentially pause publishers to regain control.

Message Durability and Persistence

Messages themselves need to be durable if they must survive broker restarts.

Diagnosis: Check queue declarations for the durable flag. Check message publishing for the delivery_mode flag. In the Management UI, look at the "Durable" column for queues.

Fix: Ensure queues are declared as durable (durable=True in most clients). Ensure messages are published with delivery_mode=2 (persistent).

# Example using Python client
channel.basic_publish(exchange='',
                      routing_key='my_persistent_queue',
                      body='Hello, durable world!',
                      properties=pika.BasicProperties(delivery_mode=2)) # Persistent

Why it works: Durable queues are recreated after a broker restart. Persistent messages are written to disk by the broker, ensuring they survive restarts even if they haven’t been delivered yet.

Plugin Management

Essential plugins like rabbitmq_management and rabbitmq_peer_discovery_k8s (if applicable) must be enabled.

Diagnosis: List enabled plugins:

sudo rabbitmqctl list_plugins

Check if required plugins (rabbitmq_management, rabbitmq_top, etc.) are listed as [E] (enabled).

Fix: Enable plugins using rabbitmq-plugins enable:

sudo rabbitmq-plugins enable rabbitmq_management
sudo rabbitmq-plugins enable rabbitmq_top
# Restart RabbitMQ after enabling plugins
sudo systemctl restart rabbitmq-server

Why it works: Plugins extend RabbitMQ’s functionality. Enabling them makes features like the management UI, advanced statistics, or specific discovery mechanisms available.

TLS/SSL Configuration

For secure communication, especially in production, TLS/SSL should be enforced.

Diagnosis: Check your RabbitMQ configuration file (rabbitmq.conf or advanced.config) for TLS/SSL settings. Verify that client connections are using amqps:// or ssl://.

# Example check on management UI port if configured for TLS
openssl s_client -connect rabbitmq-node-1:5671 -tls1_2

Fix: Configure TLS/SSL in rabbitmq.conf:

listeners.ssl.default = 5671
ssl_versions.versions = tlsv1.2
ssl_options.certfile = /etc/rabbitmq/certs/server.crt
ssl_options.keyfile = /etc/rabbitmq/certs/server.key
ssl_options.cafile = /etc/rabbitmq/certs/ca.crt

Ensure your client applications are configured to use the correct port (e.g., 5671) and provide necessary client certificates if mutual TLS is used. Why it works: TLS/SSL encrypts traffic between clients and the broker, protecting sensitive message data from eavesdropping and ensuring message integrity.

After addressing these, your next likely hurdle will be managing throughput and latency under heavy load, which often involves tuning queue configurations and publisher/consumer acknowledgements.

Want structured learning?

Take the full Amqp course →