I deployed apache/activemq-artemis:2.40.0-alpine
in k8s cluster. First run goes well, but when I open console I'm unable to view literally everything but white list:
Log:
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol support for: AMQP │
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding protocol support for: HORNETQ │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol support for: MQTT │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding protocol support for: OPENWIRE │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol support for: STOMP │
│ 2025-04-08 18:01:11,298 INFO [org.apache.activemq.artemis.core.server] AMQ221034: Waiting indefinitely to obtain primary lock │
│ 2025-04-08 18:01:11,299 INFO [org.apache.activemq.artemis.core.server] AMQ221035: Primary Server Obtained primary lock │
│ 2025-04-08 18:01:11,510 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address DLQ supporting [ANYCAST] │
│ 2025-04-08 18:01:11,594 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue DLQ on address DLQ │
│ 2025-04-08 18:01:11,804 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST] │
│ 2025-04-08 18:01:11,805 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue │
│ 2025-04-08 18:01:12,699 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61616 for protocols [CORE,MQTT,AMQP,STOMP,HORNETQ,OPENWIRE] │
│ 2025-04-08 18:01:12,700 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5445 for protocols [HORNETQ,STOMP] │
│ 2025-04-08 18:01:12,702 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5672 for protocols [AMQP] │
│ 2025-04-08 18:01:12,703 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:1883 for protocols [MQTT] │
│ 2025-04-08 18:01:12,704 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61613 for protocols [STOMP] │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221007: Server is now active │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.40.0 [0.0.0.0, nodeID=7401e03f-14a3-11f0-ac6e-02d91668a613] │
│ 2025-04-08 18:01:12,713 INFO [org.apache.activemq.artemis] AMQ241003: Starting embedded web server │
│ 2025-04-08 18:01:14,205 INFO [io.hawt.HawtioContextListener] Initialising Hawtio services │
│ 2025-04-08 18:01:14,210 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 4.2.0 │
│ 2025-04-08 18:01:14,292 INFO [io.hawt.web.auth.AuthenticationConfiguration] Authentication throttling is enabled │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting Hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "amq" role principal classes: "org.apache.activemq.artemis.spi.core.securit │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Looking for OIDC configuration file in: /var/lib/artemis-instance/etc/hawtio-oidc.properties │
│ 2025-04-08 18:01:14,505 INFO [io.hawt.web.auth.ClientRouteRedirectFilter] Hawtio ClientRouteRedirectFilter is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://0.0.0.0:8161 │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://0.0.0.0:8161/console │
│ 2025-04-08 18:01:28,287 INFO [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled │
│ 2025-04-08 18:01:34,108 INFO [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:34,401 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 18:01:47,631 INFO [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/var/lib/artemis-instance/./etc/jolokia-access.xml] │
│ 2025-04-08 18:01:47,634 INFO [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled │
│ 2025-04-08 18:02:47,861 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 20:16:49,260 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis
moreover, in browser console i see the following error:
My current ingress configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/component: Ingress
name: amq-artemis
annotations:
external-dns.alpha.kubernetes.io/hostname: hidden
external-dns.alpha.kubernetes.io/ingress-hostname-source: annotation-only
cert-manager.io/cluster-issuer: hidden
cert-manager.io/duration: 2160h
cert-manager.io/renew-before: 720h
nginx.ingress.kubernetes.io/keepalive_timeout: "1200"
nginx.ingress.kubernetes.io/proxy-body-size: "250m"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "amq-artemis"
nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
nginx.ingress.kubernetes.io/session-cookie-secure: "true"
nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
nginx.ingress.kubernetes.io/app-root: /console/artemis
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_busy_buffers_size 256k;
client_body_buffer_size 10m;
send_timeout 300;
spec:
ingressClassName: nginx
tls:
- hosts:
- hidden
secretName: artemis-fqdn-cert
rules:
- host: hidden
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /jolokia
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /hawtio
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /console
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
I run broker with the following parameters: --relax-jolokia --name art --http-host 0.0.0.0
I have tried with various of ingress rules and annotations, but futile. Any idea what it could be?
ActiveMQ Artemis 2.40.0 introduced a new web console based on a new version of Hawtio and Jolokia. Due to this change any request with an origin header using the https
scheme which is ultimately received by Jolokia via HTTP is now discarded by default since it is deemed insecure. If you use a TLS proxy that transforms secure requests to insecure requests (e.g. in a Kubernetes environment) then consider changing the proxy to preserve HTTPS and switching the embedded web server to HTTPS. If that isn’t feasible then you can accept the risk by adding <ignore-scheme/>
to etc/jolokia-access.xml
. See the Jolokia documentation for more details.