ActiveMQ Artemis does not display console when runs in K8S
I deployed apache/activemq-artemis:2.40.0-alpine in k8s cluster. First run goes well, but when I open console I'm unable to view literally everything but white list:
Log:
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol support for: AMQP │
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding protocol support for: HORNETQ │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol support for: MQTT │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding protocol support for: OPENWIRE │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol support for: STOMP │
│ 2025-04-08 18:01:11,298 INFO [org.apache.activemq.artemis.core.server] AMQ221034: Waiting indefinitely to obtain primary lock │
│ 2025-04-08 18:01:11,299 INFO [org.apache.activemq.artemis.core.server] AMQ221035: Primary Server Obtained primary lock │
│ 2025-04-08 18:01:11,510 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address DLQ supporting [ANYCAST] │
│ 2025-04-08 18:01:11,594 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue DLQ on address DLQ │
│ 2025-04-08 18:01:11,804 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST] │
│ 2025-04-08 18:01:11,805 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue │
│ 2025-04-08 18:01:12,699 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61616 for protocols [CORE,MQTT,AMQP,STOMP,HORNETQ,OPENWIRE] │
│ 2025-04-08 18:01:12,700 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5445 for protocols [HORNETQ,STOMP] │
│ 2025-04-08 18:01:12,702 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5672 for protocols [AMQP] │
│ 2025-04-08 18:01:12,703 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:1883 for protocols [MQTT] │
│ 2025-04-08 18:01:12,704 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61613 for protocols [STOMP] │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221007: Server is now active │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.40.0 [0.0.0.0, nodeID=7401e03f-14a3-11f0-ac6e-02d91668a613] │
│ 2025-04-08 18:01:12,713 INFO [org.apache.activemq.artemis] AMQ241003: Starting embedded web server │
│ 2025-04-08 18:01:14,205 INFO [io.hawt.HawtioContextListener] Initialising Hawtio services │
│ 2025-04-08 18:01:14,210 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 4.2.0 │
│ 2025-04-08 18:01:14,292 INFO [io.hawt.web.auth.AuthenticationConfiguration] Authentication throttling is enabled │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting Hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "amq" role principal classes: "org.apache.activemq.artemis.spi.core.securit │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Looking for OIDC configuration file in: /var/lib/artemis-instance/etc/hawtio-oidc.properties │
│ 2025-04-08 18:01:14,505 INFO [io.hawt.web.auth.ClientRouteRedirectFilter] Hawtio ClientRouteRedirectFilter is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://0.0.0.0:8161 │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://0.0.0.0:8161/console │
│ 2025-04-08 18:01:28,287 INFO [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled │
│ 2025-04-08 18:01:34,108 INFO [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:34,401 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 18:01:47,631 INFO [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/var/lib/artemis-instance/./etc/jolokia-access.xml] │
│ 2025-04-08 18:01:47,634 INFO [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled │
│ 2025-04-08 18:02:47,861 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 20:16:49,260 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis
moreover, in browser console i see the following error:
My current ingress configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/component: Ingress
name: amq-artemis
annotations:
external-dns.alpha.kubernetes.io/hostname: hidden
external-dns.alpha.kubernetes.io/ingress-hostname-source: annotation-only
cert-manager.io/cluster-issuer: hidden
cert-manager.io/duration: 2160h
cert-manager.io/renew-before: 720h
nginx.ingress.kubernetes.io/keepalive_timeout: "1200"
nginx.ingress.kubernetes.io/proxy-body-size: "250m"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "amq-artemis"
nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
nginx.ingress.kubernetes.io/session-cookie-secure: "true"
nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
nginx.ingress.kubernetes.io/app-root: /console/artemis
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_busy_buffers_size 256k;
client_body_buffer_size 10m;
send_timeout 300;
spec:
ingressClassName: nginx
tls:
- hosts:
- hidden
secretName: artemis-fqdn-cert
rules:
- host: hidden
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /jolokia
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /hawtio
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /console
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
I run broker with the following parameters: --relax-jolokia --name art --http-host 0.0.0.0
I have tried with various of ingress rules and annotations, but futile. Any idea what it could be?
Solution
ActiveMQ Artemis 2.40.0 introduced a new web console based on a new version of Hawtio and Jolokia. Due to this change any request with an origin header using the https scheme which is ultimately received by Jolokia via HTTP is now discarded by default since it is deemed insecure. If you use a TLS proxy that transforms secure requests to insecure requests (e.g. in a Kubernetes environment) then consider changing the proxy to preserve HTTPS and switching the embedded web server to HTTPS. If that isn’t feasible then you can accept the risk by adding <ignore-scheme/> to etc/jolokia-access.xml. See the Jolokia documentation for more details.
- Remove ✅, 🔥, ✈ , ♛ and other such emojis/images/signs from Java strings
- Convert String input to int array in Java
- Java - How to create new Entry (key, value)
- Difference between "on-heap" and "off-heap"
- Java: Composite key in hashmaps
- Java FFM `Linker.Option.captureCallState` does not successfully capture `GetLastError` on Windows
- Room - Schema export directory is not provided to the annotation processor so we cannot export the schema
- Why is this code 5 times slower in C# compared to Java?
- Drawing panel to design a house
- Is there a shouldOverrideUrlLoading in GeckoView?
- How to handle any new tab/window creations in GeckoView properly?
- Convert List<String> to Map<String, Integer>
- Searching for a valid pattern in files of under a folder? (Maybe with Perl or with some Apis at Java or anything else)
- using java , what are the methods to find a word inside a string?
- Java regular expression with lookahead
- How to fix Type definition error in Spring Boot application?
- Convert RGB value to HSV
- LWJGL project error in pom.xml: Missing artifact org.lwjgl:lwjgl-platform:jar:natives-windows:${lwjgl.version}
- DateTimeFormatter with "yyyy-MM-dd HH:mm:ss" parses into LocalDateTime with missing seconds
- Spring boot using undefined for x-queue-type instead none
- ServerSocket.accept() fails to stop on close() in Docker
- Could not find org.springframework.cloud:spring-cloud-starter-config:
- Gradle Project: java.lang.NoClassDefFoundError: kotlin/jvm/internal/Intrinsics
- Is Spring Boot emptying "password" fields in the request?
- java util logging configure filter in properties file
- Scheduler not running in Spring Boot
- Project 'X' is missing required Java project: 'Y'
- Purpose of "variant" in Java Locale
- Regex to replace in json string
- Where to find jdk sources for JNI_CreateJavaVM?