Is it possible to expose ActiveMQ Artemis (2.16.0) Management Console with HTTPS instead of plain HTTP?
Can't find any documentation on neither in Artemis docs or hawt.io to do that kind of setup.
Check out this documentation from the ActiveMQ Artemis User Manual.
You can simply set the bind attribute of the web element in bootstrap.xml to use https instead of http. Then, of course, you'll need to configure the other relevant settings like keyStorePath, keyStorePassword, etc.
Related
How i can configure Apache ActiveMQ Artemis to send AMQP 1.0 connection-level redirect and link-level redirect to a client that are connected or trying to connect to broker.
ActiveMQ Artemis doesn't expose the ability to statically configure connection-level or link-level redirects.
The REST API for Kafka Connect is not secured and authenticated.
Since its not authenticated, the configuration for a connector or Tasks are easily accessible by anyone. Since these configurations may contain about how to access the Source System [in case of SourceConnector] and destination system [in case of SinkConnector], Is there a standard way to restrict access to these APIs?
In Kafka 2.1.0, there is possibility to configure http basic authentication for REST interface of Kafka Connect without writing any custom code.
This became real due to implementation of REST extensions mechanism (see KIP-285).
Shortly, configuration procedure as follows:
Add extension class to worker configuration file:
rest.extension.classes = org.apache.kafka.connect.rest.basic.auth.extension.BasicAuthSecurityRestExtension
Create JAAS config file (i.e. connect_jaas.conf) for application name 'KafkaConnect':
KafkaConnect {
org.apache.kafka.connect.rest.basic.auth.extension.PropertyFileLoginModule required
file="/your/path/rest-credentials.properties";
};
Create rest-credentials.properties file in above-mentioned directory:
user=password
Finally, inform java about you JAAS config file, for example, by adding command-line property to java:
-Djava.security.auth.login.config=/your/path/connect_jaas.conf
After restarting Kafka Connect, you will be unable to use REST API without basic authentication.
Please keep in mind that used classes are rather examples than production-ready features.
Links:
Connect configuratin
BasicAuthSecurityRestExtension
JaasBasicAuthFilter
PropertyFileLoginModule
This is a known area in need of improvement in the future but for now you should use a firewall on the Kafka Connect machines and either an API Management tool (Apigee, etc) or a Reverse proxy (haproxy, nginx, etc.) to ensure that HTTPS is terminated at an endpoint that you can configure access control rules on and then have the firewall only accept connections from the secure proxy. With some products the firewall, access control, and SSL/TLS termination functions can be all done in a fewer number of products.
As of Kafka 1.1.0, you can set up SSL and SSL client authentication for the Kafka Connect REST API. See KIP-208 for the details.
Now you are able to enable certificate based authentication for client access to the REST API of Kafka Connect.
An example here https://github.com/sudar-path/kc-rest-mtls
Is it possible to expose JMX interface over RMI, not over http-remoting? Or expose via both?
It would be great to access Mbeans via url like "service:jmx:rmi//" to be able to establish zabbix gate monitoring. Zabbix has an issue with hard-coded value in connection url ([ZBXNEXT-1274] Configurable JMX Endpoint - ZABBIX SUPPORT)
As far as I understand I need to add additional connector to jmx subsystem. Is is correct?
Part of xml for jmx subsystem is default for now and looks like this:
<subsystem xmlns="urn:jboss:domain:jmx:1.3">
<expose-resolved-model/>
<expose-expression-model/>
<remoting-connector/>
</subsystem>
Thanks!
I'm not sure that it is possibly to add alternative JMX access protocols in WildFly. At least not as a supported configuration option.
It might be possible to expose JMX via the standard JVM parameters, as described in the Java Documentation, but I would not expect it to be working correctly.
An alternative solution for enabling monitoring from Zabbix is to expose some or all of the JMX MBeans through a http or RESTful interface with Jolokia or other similar technology.
zabbix in version 3.4 have Configurable JMX Endpoint.
https://www.zabbix.com/documentation/3.4/manual/config/items/itemtypes/jmx_monitoring
You need only upgrade zabbix, add jar for application server in zabbix and change endpoint in template. I have success setting with wildlfy 10,10.1 and 11. Both modes is supported (domain and standalone).
I'm trying to use JBoss Fuse activemq OSGi bundle. I'm able to produce and consume messages via standard JAVA JMS client, but I'm facing problem using REST API (HTTP)
for istance the curl method prosed by ActiveMQ documentation:
curl -u admin:admin -d "message" http://localhost:61616/api/message/myqueue?type=queue
fail with this message:
only whitespace content allowed before start tag and not m (position: START_DOCUMENT seen m... #1:1)
instead using SOAP UI with GET method to consume a message, the server logs this:
The clientID header specified is invalid. Client sesion has not yet been established for it: myClientID
Anyone has faced the same issue? Could someone explain what is not working?
Thanks
You are sending to port 61616 which is the default OpenWire port which will not work as a REST endpoint. You need to send them to the correct port which you need to check in your ActiveMQ broker configuration.
I'd like to connect to the JMX server on a WebSphere application server instance using a SOAP over HTTP connector but I don't know where to find a compatible SOAP protocol provider.
I get a MalformedURLException when using a JMXServiceURL starting service:jmx:soap:... that says Unsupported protocol: soap. What jar(s)/protocol provider string do I need to include?
Update: I am playing with a standalone Java client.
Unfortunately, IBM only provides a proprietary API to connect with SOAP over HTTP. They don't provide an implementation of the standard JMX API for that protocol. I faced the same issue and I developed such a connector (which is basically a thin JMX compliant wrapper around IBM's proprietary API), which is now available as Open Source. You can find more information here:
https://github.com/kszbcss/xm4was/wiki/JmxClientConnector
The following document describes how to set up a standard JMX tool (VisualVM) to use that connector:
https://github.com/kszbcss/xm4was/wiki/VisualVMHowTo
As you can see from these documents, after adding the relevant JARs to the class path and setting the necessary system properties, you would simply connect using wssoap as protocol.
Check that in the path Application servers > <server_name> > Administration services > JMX connectors the relative SOAPConnector exists and is Enabled.
Refer at Infocenter for more information.