When deploying Revolt (self-hosted chat platform) using Docker Compose, the api (revolt-delta) and pushd (revolt-pushd) services may crash with the following error:
PLAIN login refused: user 'rabbituser' - invalid credentials
This occurs in the RabbitMQ logs as:
rabbit-1 | [error] <0.1142.0> Error on AMQP connection <0.1142.0> (172.18.0.10:36366 -> 172.18.0.4:5672, state: starting):
rabbit-1 | [error] <0.1142.0> PLAIN login refused: user 'rabbituser' - invalid credentials
And causes the Revolt services to crash:
api-1 | thread 'main' (1) panicked at crates/delta/src/main.rs:122:6:
api-1 | Failed to connect to RabbitMQ: NetworkError("network io error: Connection reset by peer (os error 104)")
pushd-1 | thread 'main' (1) panicked at crates/daemons/pushd/src/main.rs:209:6:
pushd-1 | called `Result::unwrap()` on an `Err` value: NetworkError("network io error: Connection reset by peer (os error 104)")
The issue occurs because:
- RabbitMQ starts with default credentials (usually
guest/guest) or no user namedrabbituser - Revolt services are configured to use
rabbituser/rabbitpass(or similar credentials) - Credential mismatch causes authentication failures
- Services crash because they cannot establish RabbitMQ connections
Use the provided revolt-rabbitmq-credentials-fix.sh script to automatically configure RabbitMQ with the correct credentials:
# Make the script executable
chmod +x revolt-rabbitmq-credentials-fix.sh
# Run the script from your docker-compose directory
cd /path/to/your/revolt/deployment
/path/to/revolt-rabbitmq-credentials-fix.sh
# Or specify the directory as an argument
/path/to/revolt-rabbitmq-credentials-fix.sh /opt/matrix-discord-killerThe script will:
- Create the
rabbituseruser in RabbitMQ - Set the correct password
- Grant administrator permissions
- Update your
.envfile with the credentials - Provide instructions for restarting services
If you prefer to fix this manually, follow these steps:
# Find your RabbitMQ container name
docker ps | grep rabbitmq
# Access the container (replace 'rabbit-1' with your container name)
docker exec -it <container-name> bash# Create the user (replace with your desired password)
rabbitmqctl add_user rabbituser rabbitpass
# Set administrator tag
rabbitmqctl set_user_tags rabbituser administrator
# Grant permissions
rabbitmqctl set_permissions -p / rabbituser ".*" ".*" ".*"
# Verify the user was created
rabbitmqctl list_users
# Exit the container
exitEdit your .env file to include:
RABBITMQ_USERNAME=rabbituser
RABBITMQ_PASSWORD=rabbitpass
RABBITMQ_URI=amqp://rabbituser:rabbitpass@rabbit:5672/docker-compose restart api pushd events
# or
docker compose restart api pushd events# Watch the logs to ensure services start successfully
docker-compose logs -f api pushd
# Check that all containers are running
docker psTo prevent this issue from occurring, configure RabbitMQ with the correct credentials from the start:
Add environment variables to the RabbitMQ service:
services:
rabbit:
image: rabbitmq:4
environment:
RABBITMQ_DEFAULT_USER: rabbituser
RABBITMQ_DEFAULT_PASS: rabbitpass
# ... rest of configurationEnsure your .env file has matching credentials:
RABBITMQ_USERNAME=rabbituser
RABBITMQ_PASSWORD=rabbitpass
RABBITMQ_URI=amqp://rabbituser:rabbitpass@rabbit:5672/After applying the fix, verify that:
-
RabbitMQ accepts connections:
docker-compose logs rabbit | grep "rabbituser"
Should show successful authentication instead of errors.
-
Services start successfully:
docker ps
Both
apiandpushdcontainers should show "Up" status, not "Restarting". -
No authentication errors in logs:
docker-compose logs --tail=50 api pushd | grep -i "credential\|refused\|panic"
Should return no results.
Solution: Delete and recreate the user:
docker exec <rabbitmq-container> rabbitmqctl delete_user rabbituser
docker exec <rabbitmq-container> rabbitmqctl add_user rabbituser rabbitpass
docker exec <rabbitmq-container> rabbitmqctl set_user_tags rabbituser administrator
docker exec <rabbitmq-container> rabbitmqctl set_permissions -p / rabbituser ".*" ".*" ".*"Solution: Ensure your docker-compose.yml references the .env file:
services:
api:
env_file: .env
# or explicitly set:
environment:
RABBITMQ_URI: ${RABBITMQ_URI}Solution:
-
Completely restart the stack:
docker-compose down docker-compose up -d
-
Check RabbitMQ logs for other errors:
docker-compose logs rabbit
- Change default credentials - Don't use
rabbituser/rabbitpassin production - Use strong passwords - Generate a secure random password
- Limit permissions - If possible, use least-privilege permissions for Revolt services
- Use secrets management - Consider Docker Secrets or external secret management for production
# Generate a secure password
RABBITMQ_PASSWORD=$(openssl rand -base64 32)
# Update .env file
echo "RABBITMQ_USERNAME=rabbituser" > .env
echo "RABBITMQ_PASSWORD=${RABBITMQ_PASSWORD}" >> .env
echo "RABBITMQ_URI=amqp://rabbituser:${RABBITMQ_PASSWORD}@rabbit:5672/" >> .env
# Create user in RabbitMQ
docker exec <rabbitmq-container> rabbitmqctl add_user rabbituser "${RABBITMQ_PASSWORD}"
docker exec <rabbitmq-container> rabbitmqctl set_user_tags rabbituser administrator
docker exec <rabbitmq-container> rabbitmqctl set_permissions -p / rabbituser ".*" ".*" ".*"- RabbitMQ Access Control Documentation
- Revolt Self-Hosting Guide
- Docker Compose Environment Variables
If you continue to experience issues after applying this fix:
- Check RabbitMQ container logs:
docker-compose logs rabbit - Check service logs:
docker-compose logs api pushd events - Verify network connectivity between containers
- Ensure all containers are on the same Docker network
- Check for firewall or security group rules blocking traffic
This fix documentation is provided as-is for the Revolt community.