ActiveMQ Artemis not displaying the web console when run in Docker
I am deploying the ActiveMQ Artemis in Docker from the quay.io using docker desktop in my local machine (using Windows 10).
I issued below command to start the latest image:
docker run -e AMQ_USER=admin -e AMQ_PASSWORD=admin -p8161:8161 -p61616:61616 -p5672:5672 --rm --name artemis quay.io/artemiscloud/activemq-artemis-broker
Note: dev.latest tag is not available, so used the latest tag.
The ActiveMQ Artemis instance in the Docker container starts successfully, and I'm able to login to the web console:
...
2022-06-18 20:08:26,820 INFO [org.apache.activemq.artemis.core.server] AMQ221007: Server is now live
2022-06-18 20:08:26,821 INFO [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.22.0 [broker, nodeID=68f4db2b-ef42-11ec-b609-0242ac110002]
2022-06-18 20:08:27,607 INFO [org.apache.activemq.hawtio.branding.PluginContextListener] Initialized activemq-branding plugin
2022-06-18 20:08:27,746 INFO [org.apache.activemq.hawtio.plugin.PluginContextListener] Initialized artemis-plugin plugin
2022-06-18 20:08:28,414 INFO [io.hawt.HawtioContextListener] Initialising hawtio services
2022-06-18 20:08:28,438 INFO [io.hawt.system.ConfigManager] Configuration will be discovered via system properties
2022-06-18 20:08:28,443 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 2.14.2
2022-06-18 20:08:28,459 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "admin" role principal classes: "org.apache.activemq.artemis.spi.core.security.jaas.RolePrincipal"
2022-06-18 20:08:28,480 INFO [io.hawt.web.auth.LoginRedirectFilter] Hawtio loginRedirectFilter is using 1800 sec. HttpSession timeout
2022-06-18 20:08:28,520 INFO [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled
2022-06-18 20:08:28,539 INFO [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/home/jboss/broker/etc/jolokia-access.xml]
2022-06-18 20:08:28,788 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://172.17.0.2:8161
2022-06-18 20:08:28,789 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://172.17.0.2:8161/console/jolokia
2022-06-18 20:08:28,790 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://172.17.0.2:8161/console
2022-06-18 20:14:28,681 INFO [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout
2022-06-18 20:14:30,401 INFO [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled
2022-06-18 20:14:34,273 INFO [io.hawt.web.auth.LoginServlet] Logging in user: admin
I am unable to view the Consumer, Producer, Sessions, Queues, etc tags.
I understand that we need to modify the IPs in jolokia-access.xml and restart, but I can't edit the file within docker exec -it artemis bash within the image and restart it if executed without --rm in Docker run command.
Is there any envrionment variable to disable cors or strict in jolokia-access.xml?
Below is what I see at http://localhost:8161/console:
The log indicates that the console is available at http://172.17.0.2:8161/console. However, this is not accessible since the docker is totally a different network. When I try to access it I get below message:
This site can’t be reached 172.17.0.2 took too long to respond
And when I access the end point http://localhost:8161/console/jolokia I get the message:
{ error_type: "java.lang.Exception", error: "java.lang.Exception : Origin null is not allowed to call this agent", status: 403 }
Solution
In order to bypass the jolokia in the docker,
- I created a reverse proxy using nginx server in the docker and set the headers.
Below is the steps I followed,
- Run an nginx instance,
> docker run -d --name nginx-proxy -p 80:80 nginx
- copy the existing
default.confto local system, using below command
# my present working directory is a temp folder
> docker cp nginx-proxy:/etc/nginx/conf.d/default.conf .
- Identified the hostname/ip address of the aretmis container, since i need to set this to the header of Origin
> docker exec artemis hostname -i
- Updated below content to the
default.conffile
server {
listen 80;
listen [::]:80;
server_name localhost;
location / {
if ($request_method = 'OPTIONS') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
add_header 'Access-Control-Max-Age' 86400;
add_header 'Content-Type' 'text/plain charset=UTF-8';
add_header 'Content-Length' 0;
return 204; break;
}
if ($request_method = 'POST') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
if ($request_method = 'GET') {
add_header Origin http://172.17.0.2;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
add_header 'Access-Control-Allow-Headers' 'DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
}
proxy_pass http://172.17.0.2:8161/;
proxy_set_header Origin http://172.17.0.2;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
Note: don't forget the
;at the end.copy the default to the nginx server, we can validate and reload the new config without stopping the container.
# I am in my temp directory
# to copy use below command
> docker cp default.conf nginx-proxy:/etc/nginx/conf.d/default.conf
# to validate the config file use below command
> docker exec nginx-proxy nginx -t
# to restart send singal using below command
> docker exec nginx-proxy nginx -r reload
Since we are exposing the 80 port for the nginx container, we can hit the
http://localhost:80/consoleto access the ArtemisMQ page.This can be use only for Development purpose. Not suitable for production.
Refered How to set nginx reverse proxy blog
Additional Note:
- I had to validate whether i am able to access the jolokia endpoint from within the the nginx server of docker, used below command.
> docker exec -it nginx-proxy bash
The curl command I used to verify.
root@681b68921481:/# curl -H "Origin: http://172.17.0.2" http://admin:amdin@172.17.0.2:8161/console/jolokia/
- Output:
{"request":{"type":"version"},"value":{"agent":"1.7.0","protocol":"7.2","config":{"listenForHttpService":"true","authIgnoreCerts":"false","agentId":"172.17.0.2-1-6c008c24-servlet","debug":"fal
se","agentType":"servlet","policyLocation":"file:\/home\/jboss\/broker\/etc\/jolokia-access.xml","agentContext":"\/jolokia","serializeException":"false","mimeType":"text\/plain","dispatcherCla
sses":"org.jolokia.http.Jsr160ProxyNotEnabledByDefaultAnymoreDispatcher","multicastGroup":"239.192.48.84","authMode":"basic","authMatch":"any","streaming":"true","canonicalNaming":"true","hist
oryMaxEntries":"10","allowErrorDetails":"false","allowDnsReverseLookup":"true","realm":"jolokia","includeStackTrace":"false","multicastPort":"24884","mbeanQualifier":"qualifier=hawtio","useRes
- Why docker container exits immediately
- The Name of Hyperledger Fabric Test Network is not detected by an Application given in the fabric samples
- What is the difference between alpine docker image and busybox docker image?
- Inspect local image with Skopeo
- FastAPI inside docker stopped receiving any requests after a while
- At least one invalid signature was encountered
- docker build --platform=linux/amd64 fails: ERROR: failed to solve: no match for platform in manifest
- Unable to access hiveserver2 via beeline
- What is the "RECLAIMABLE" space displayed in docker system df?
- Deploying sites on Kubernetes pods and deployment not showing
- PostGIS Installation "could not open extension control file"
- Broken urls in Jekyll in Docker
- Docker Desktop for Windows Dashboard runs but not Docker itself
- You're not authorized to run analysis. Please contact the project administrator Sonarqube local
- Traefik can't connect to ACME Server
- How do I configure Nginx Proxy Manager to proxy an OnlyOffice Document Server Docker container?
- bcrypt and Docker bcrypt_lib.node: invalid ELF header
- How to handle long startup times in Azure App Service deployment
- Why set VISIBLE=NOW in /etc/profile?
- Go App deployment error on redhat openshift. CreateContainerError
- error MSB3073: The command "npm install" exited with code 1
- When pushing to ECS, Docker image errors out with module not found error
- Preparation failed: Cannot connect to the Docker daemon at unix:///var/run/docker.sock
- docker-compose is installed but docker compose is not recognized
- How to know if a docker container is running in privileged mode
- What is the point of WORKDIR on Dockerfile?
- How to install PHP composer inside a docker container
- Error starting userland proxy: listen tcp4 0.0.0.0:80: bind: address already in use
- Docker repository server gave HTTP response to HTTPS client
- How can I resolve “server gave HTTP response to HTTPS client”