ActiveMQ Artemis not displaying the web console when run in Docker
I am deploying the ActiveMQ Artemis in Docker from the quay.io using docker desktop in my local machine (using Windows 10).
I issued below command to start the latest image:
docker run -e AMQ_USER=admin -e AMQ_PASSWORD=admin -p8161:8161 -p61616:61616 -p5672:5672 --rm --name artemis quay.io/artemiscloud/activemq-artemis-broker
Note: dev.latest tag is not available, so used the latest tag.
The ActiveMQ Artemis instance in the Docker container starts successfully, and I'm able to login to the web console:
...
2022-06-18 20:08:26,820 INFO [org.apache.activemq.artemis.core.server] AMQ221007: Server is now live
2022-06-18 20:08:26,821 INFO [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.22.0 [broker, nodeID=68f4db2b-ef42-11ec-b609-0242ac110002]
2022-06-18 20:08:27,607 INFO [org.apache.activemq.hawtio.branding.PluginContextListener] Initialized activemq-branding plugin
2022-06-18 20:08:27,746 INFO [org.apache.activemq.hawtio.plugin.PluginContextListener] Initialized artemis-plugin plugin
2022-06-18 20:08:28,414 INFO [io.hawt.HawtioContextListener] Initialising hawtio services
2022-06-18 20:08:28,438 INFO [io.hawt.system.ConfigManager] Configuration will be discovered via system properties
2022-06-18 20:08:28,443 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 2.14.2
2022-06-18 20:08:28,459 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "admin" role principal classes: "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal"
2022-06-18 20:08:28,480 INFO [io.hawt.web.auth.LoginRedirectFilter] Hawtio loginRedirectFilter is using 1800 sec. HttpSession timeout
2022-06-18 20:08:28,520 INFO [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled
2022-06-18 20:08:28,539 INFO [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/home/jboss/broker/etc/jolokia-access.xml]
2022-06-18 20:08:28,788 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://172.17.0.2:8161
2022-06-18 20:08:28,789 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://172.17.0.2:8161/console/jolokia
2022-06-18 20:08:28,790 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://172.17.0.2:8161/console
2022-06-18 20:14:28,681 INFO [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout
2022-06-18 20:14:30,401 INFO [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled
2022-06-18 20:14:34,273 INFO [io.hawt.web.auth.LoginServlet] Logging in user: admin
I am unable to view the Consumer, Producer, Sessions, Queues, etc tags.
I understand that we need to modify the IPs in jolokia-access.xml and restart, but I can't edit the file within docker exec -it artemis bash within the image and restart it if executed without --rm in Docker run command.
Is there any envrionment variable to disable cors or strict in jolokia-access.xml?
Below is what I see at http://localhost:8161/console:
The log indicates that the console is available at http://172.17.0.2:8161/console. However, this is not accessible since the docker is totally a different network. When I try to access it I get below message:
This site can’t be reached 172.17.0.2 took too long to respond
And when I access the end point http://localhost:8161/console/jolokia I get the message:
{ error_type: "java.lang.Exception", error: "java.lang.Exception : Origin null is not allowed to call this agent", status: 403 }
Solution
In order to bypass the jolokia in the docker,
- I created a reverse proxy using nginx server in the docker and set the headers.
Below is the steps I followed,
- Run an nginx instance,
> docker run -d --name nginx-proxy -p 80:80 nginx
- copy the existing
default.confto local system, using below command
# my present working directory is a temp folder
> docker cp nginx-proxy:/etc/nginx/conf.d/default.conf .
- Identified the hostname/ip address of the aretmis container, since i need to set this to the header of Origin
> docker exec artemis hostname -i
- Updated below content to the
default.conffile
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
if ($request_method = 'OPTIONS') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204; break;
}
if ($request_method = 'POST') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_pass http://172.17.0.2:8161/;
proxy_set_header Origin http://172.17.0.2;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Note: don't forget the
;at the end.copy the default to the nginx server, we can validate and reload the new config without stopping the container.
# I am in my temp directory
# to copy use below command
> docker cp default.conf nginx-proxy:/etc/nginx/conf.d/default.conf
# to validate the config file use below command
> docker exec nginx-proxy nginx -t
# to restart send singal using below command
> docker exec nginx-proxy nginx -r reload
Since we are exposing the 80 port for the nginx container, we can hit the
http://localhost:80/consoleto access the ArtemisMQ page.This can be use only for Development purpose. Not suitable for production.
Refered How to set nginx reverse proxy blog
Additional Note:
- I had to validate whether i am able to access the jolokia endpoint from within the the nginx server of docker, used below command.
> docker exec -it nginx-proxy bash
The curl command I used to verify.
root@681b68921481:/# curl -H "Origin: http://172.17.0.2" http://admin:amdin@172.17.0.2:8161/console/jolokia/
- Output:
{"request":{"type":"version"},"value":{"agent":"1.7.0","protocol":"7.2","config":{"listenForHttpService":"true","authIgnoreCerts":"false","agentId":"172.17.0.2-1-6c008c24-servlet","debug":"fal
se","agentType":"servlet","policyLocation":"file:\/home\/jboss\/broker\/etc\/jolokia-access.xml","agentContext":"\/jolokia","serializeException":"false","mimeType":"text\/plain","dispatcherCla
sses":"org.jolokia.http.Jsr160ProxyNotEnabledByDefaultAnymoreDispatcher","multicastGroup":"239.192.48.84","authMode":"basic","authMatch":"any","streaming":"true","canonicalNaming":"true","hist
oryMaxEntries":"10","allowErrorDetails":"false","allowDnsReverseLookup":"true","realm":"jolokia","includeStackTrace":"false","multicastPort":"24884","mbeanQualifier":"qualifier=hawtio","useRes
- Docker Compose prompted error: no configuration file provided: not found
- Docker start privileged?
- Gilab CI: load ssh key from environment variable
- Docker build "Could not resolve 'archive.ubuntu.com'" apt-get fails to install anything
- PostgreSQL database not connecting to spring-boot application
- how to stop/pause a pod in kubernetes
- Why is Docker installed but not Docker Compose?
- Docker compose can not start service network not found after restart docker
- Using Docker with nodejs with node-gyp dependencies
- Unable to load dynamic library 'oci8.so' (PHP 7.2)
- How do you connect to postgres running in a Docker container on OSx?
- Interactive shell in Docker image with Amazon ECS with `aws ecs run-task` followed by `aws ecs execute-command`
- My docker container has no internet
- docker:Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
- COPY with docker but with exclusion
- 'name' does not match any of the regexes: '^x-' while trying to set the project name in a docker-compose.yml
- ERROR DockerEnvironmentFactory: Docker container xxxxx logs, when trying to run Apache Beam pipeline written in Go using Spark runner
- Can't push docker image to Gitlab registry from pipeline: "denied: access forbidden"
- Kind kubernetes cluster failed to pull docker images
- How to run a command once in Docker compose
- Docker: adding a file from a parent directory
- Adding files to standard images using docker-compose
- Docker Image > 1GB in size from python:3.8.3-alpine
- Cannot remove Docker container with status "Created"
- docker: executable file not found in $PATH
- Spring Boot application shutting down immediately after start
- Locating data volumes in Docker Desktop (Windows)
- Setup custom cleanup for docker images in nexus repository
- How to assign more memory to docker container
- Sort by memory usage in docker stats