Skip to content

Port 5672: RabbitMQ AMQP protocol

Key idea:

Port 5672 (TCP) is the standard for RabbitMQ AMQP protocol. RabbitMQ — a popular message broker built on Erlang/Elixir. Port 5672 — AMQP 0-9-1 (plain). For TLS — 5671. Management UI — 15672. Used in task queues (Celery), microservic

Below: what uses this port, security considerations, online check, FAQ.

Check your host & ports →

What is on this port

RabbitMQ AMQP protocol

RabbitMQ — a popular message broker built on Erlang/Elixir. Port 5672 — AMQP 0-9-1 (plain). For TLS — 5671. Management UI — 15672. Used in task queues (Celery), microservices decoupling, pub/sub.

Security considerations

Always use TLS (5671) + disable guest user (default admin:admin = catastrophe). Per-vhost users with minimal permissions.

Check this port online

Check port online →

Enterno.io Ping + Port checker tests TCP reachability of any port from 3 regions (Moscow / Frankfurt / Virginia).

Understanding RabbitMQ and AMQP Protocol on Port 5672

Port 5672 is the default TCP port for RabbitMQ, which implements the Advanced Message Queuing Protocol (AMQP). AMQP is an open standard protocol for message-oriented middleware, providing a robust framework for messaging that supports various messaging patterns. In RabbitMQ, this port is used for the AMQP 0-9-1 protocol, which is the most widely adopted version.

RabbitMQ facilitates the communication between different services or applications by acting as a message broker. It allows for the asynchronous processing of tasks, making it suitable for microservices architectures and distributed systems. The usage of port 5672 enables clients to connect to the RabbitMQ server to publish and consume messages efficiently.

In addition to standard message queuing, RabbitMQ supports various features such as message persistence, delivery acknowledgments, and routing. These features are crucial for ensuring reliable message delivery, especially in enterprise applications where data integrity and performance are paramount.

For secure connections, RabbitMQ provides an alternative port, 5671, which is used for TLS (Transport Layer Security) encrypted communications. This is vital for protecting sensitive data transmitted over the network.

Practical Examples: Configuring RabbitMQ on Port 5672

Configuring RabbitMQ to use port 5672 typically involves editing the RabbitMQ configuration file. Below are practical examples of how you can set up RabbitMQ to listen on this port:

  • Default Configuration: By default, RabbitMQ listens on port 5672. If you have installed RabbitMQ without any modifications, no additional setup is required.

However, if you need to customize your RabbitMQ configuration, you can do so by editing the rabbitmq.conf file, usually located in the /etc/rabbitmq/ directory on Linux systems. Here’s an example configuration:

# rabbitmq.conf
listeners.tcp.default = 5672

After making changes, remember to restart the RabbitMQ service to apply them:

sudo systemctl restart rabbitmq-server

To check if RabbitMQ is successfully listening on port 5672, you can use the following command:

netstat -tuln | grep 5672

This command will display the services listening on the specified port, confirming that RabbitMQ is active and ready to accept connections.

Security Considerations for Port 5672 in RabbitMQ

When using port 5672 for RabbitMQ, it’s essential to consider security implications to protect your messaging infrastructure. Here are several key security measures to implement:

  • Use TLS Encryption: To secure data in transit, configure RabbitMQ to use port 5671 with TLS. This ensures that messages exchanged between clients and the RabbitMQ server are encrypted, preventing eavesdropping and tampering.
  • Implement Firewall Rules: Restrict access to port 5672 by configuring firewall rules. Only allow trusted IP addresses to connect to your RabbitMQ server. This minimizes the risk of unauthorized access.
  • Enable Authentication: RabbitMQ supports various authentication mechanisms. Ensure that you enable user authentication and use strong, unique passwords for your RabbitMQ users.
  • Authorization Controls: Set up proper authorization controls to manage user permissions. Use RabbitMQ’s built-in mechanisms to restrict what actions users can perform based on their roles.
  • Monitor Traffic: Regularly monitor traffic to and from port 5672 using network monitoring tools. This helps detect any unusual activity that could indicate a security breach.

By implementing these security practices, you can significantly enhance the security posture of your RabbitMQ deployment and protect sensitive information transmitted over the messaging system.

Learn more

Sources

Frequently Asked Questions

Is port 5672 open by default?

No, modern cloud providers (AWS, Google Cloud, Yandex) close all incoming ports by default. You must explicitly allow port 5672 in a Security Group or firewall.

How to check if my port 5672 is reachable?

Use <a href="/en/ping">Enterno Ping + Port Checker</a>. Or in shell: <code>nc -vz example.com 5672</code> or <code>telnet example.com 5672</code>.

Is port 5672 safe to expose?

Depends on the service. RabbitMQ AMQP protocol should never be exposed publicly without authentication + TLS. See <a href="/en/s/research-open-ports-exposure-2026">our 2026 exposure research</a>.

Try the live tool that powered this guide

Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.