ActiveMQ Artemis does not display console when runs in K8S
I deployed apache/activemq-artemis:2.40.0-alpine in k8s cluster. First run goes well, but when I open console I'm unable to view literally everything but white list:
Log:
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-amqp-protocol]. Adding protocol support for: AMQP │
│ 2025-04-08 18:01:11,109 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-hornetq-protocol]. Adding protocol support for: HORNETQ │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-mqtt-protocol]. Adding protocol support for: MQTT │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-openwire-protocol]. Adding protocol support for: OPENWIRE │
│ 2025-04-08 18:01:11,110 INFO [org.apache.activemq.artemis.core.server] AMQ221043: Protocol module found: [artemis-stomp-protocol]. Adding protocol support for: STOMP │
│ 2025-04-08 18:01:11,298 INFO [org.apache.activemq.artemis.core.server] AMQ221034: Waiting indefinitely to obtain primary lock │
│ 2025-04-08 18:01:11,299 INFO [org.apache.activemq.artemis.core.server] AMQ221035: Primary Server Obtained primary lock │
│ 2025-04-08 18:01:11,510 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address DLQ supporting [ANYCAST] │
│ 2025-04-08 18:01:11,594 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue DLQ on address DLQ │
│ 2025-04-08 18:01:11,804 INFO [org.apache.activemq.artemis.core.server] AMQ221080: Deploying address ExpiryQueue supporting [ANYCAST] │
│ 2025-04-08 18:01:11,805 INFO [org.apache.activemq.artemis.core.server] AMQ221003: Deploying ANYCAST queue ExpiryQueue on address ExpiryQueue │
│ 2025-04-08 18:01:12,699 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61616 for protocols [CORE,MQTT,AMQP,STOMP,HORNETQ,OPENWIRE] │
│ 2025-04-08 18:01:12,700 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5445 for protocols [HORNETQ,STOMP] │
│ 2025-04-08 18:01:12,702 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:5672 for protocols [AMQP] │
│ 2025-04-08 18:01:12,703 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:1883 for protocols [MQTT] │
│ 2025-04-08 18:01:12,704 INFO [org.apache.activemq.artemis.core.server] AMQ221020: Started EPOLL Acceptor at 0.0.0.0:61613 for protocols [STOMP] │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221007: Server is now active │
│ 2025-04-08 18:01:12,706 INFO [org.apache.activemq.artemis.core.server] AMQ221001: Apache ActiveMQ Artemis Message Broker version 2.40.0 [0.0.0.0, nodeID=7401e03f-14a3-11f0-ac6e-02d91668a613] │
│ 2025-04-08 18:01:12,713 INFO [org.apache.activemq.artemis] AMQ241003: Starting embedded web server │
│ 2025-04-08 18:01:14,205 INFO [io.hawt.HawtioContextListener] Initialising Hawtio services │
│ 2025-04-08 18:01:14,210 INFO [io.hawt.jmx.JmxTreeWatcher] Welcome to Hawtio 4.2.0 │
│ 2025-04-08 18:01:14,292 INFO [io.hawt.web.auth.AuthenticationConfiguration] Authentication throttling is enabled │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Starting Hawtio authentication filter, JAAS realm: "activemq" authorized role(s): "amq" role principal classes: "org.apache.activemq.artemis.spi.core.securit │
│ 2025-04-08 18:01:14,390 INFO [io.hawt.web.auth.AuthenticationConfiguration] Looking for OIDC configuration file in: /var/lib/artemis-instance/etc/hawtio-oidc.properties │
│ 2025-04-08 18:01:14,505 INFO [io.hawt.web.auth.ClientRouteRedirectFilter] Hawtio ClientRouteRedirectFilter is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241001: HTTP Server started at http://0.0.0.0:8161 │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241002: Artemis Jolokia REST API available at http://0.0.0.0:8161/console/jolokia │
│ 2025-04-08 18:01:14,611 INFO [org.apache.activemq.artemis] AMQ241004: Artemis Console available at http://0.0.0.0:8161/console │
│ 2025-04-08 18:01:28,287 INFO [io.hawt.web.auth.keycloak.KeycloakServlet] Keycloak integration is disabled │
│ 2025-04-08 18:01:34,108 INFO [io.hawt.web.auth.LoginServlet] Hawtio login is using 1800 sec. HttpSession timeout │
│ 2025-04-08 18:01:34,401 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 18:01:47,631 INFO [io.hawt.web.servlets.JolokiaConfiguredAgentServlet] Jolokia overridden property: [key=policyLocation, value=file:/var/lib/artemis-instance/./etc/jolokia-access.xml] │
│ 2025-04-08 18:01:47,634 INFO [io.hawt.web.proxy.ProxyServlet] Proxy servlet is disabled │
│ 2025-04-08 18:02:47,861 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis │
│ 2025-04-08 20:16:49,260 INFO [io.hawt.web.auth.LoginServlet] Logging in user: artemis
moreover, in browser console i see the following error:
My current ingress configuration:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
labels:
app.kubernetes.io/component: Ingress
name: amq-artemis
annotations:
external-dns.alpha.kubernetes.io/hostname: hidden
external-dns.alpha.kubernetes.io/ingress-hostname-source: annotation-only
cert-manager.io/cluster-issuer: hidden
cert-manager.io/duration: 2160h
cert-manager.io/renew-before: 720h
nginx.ingress.kubernetes.io/keepalive_timeout: "1200"
nginx.ingress.kubernetes.io/proxy-body-size: "250m"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4 256k"
nginx.ingress.kubernetes.io/proxy-buffering: 'on'
nginx.ingress.kubernetes.io/proxy-buffer-size: "128k"
nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
nginx.ingress.kubernetes.io/proxy-connect-timeout: "300"
nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/session-cookie-name: "amq-artemis"
nginx.ingress.kubernetes.io/session-cookie-samesite: "None"
nginx.ingress.kubernetes.io/session-cookie-secure: "true"
nginx.ingress.kubernetes.io/session-cookie-path: "/; Secure"
nginx.ingress.kubernetes.io/app-root: /console/artemis
nginx.ingress.kubernetes.io/cors-allow-methods: "PUT, GET, POST, OPTIONS"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
nginx.ingress.kubernetes.io/cors-allow-headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type"
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_busy_buffers_size 256k;
client_body_buffer_size 10m;
send_timeout 300;
spec:
ingressClassName: nginx
tls:
- hosts:
- hidden
secretName: artemis-fqdn-cert
rules:
- host: hidden
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /jolokia
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /hawtio
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
- path: /console
pathType: Prefix
backend:
service:
name: amq-artemis
port:
number: 8161
I run broker with the following parameters: --relax-jolokia --name art --http-host 0.0.0.0
I have tried with various of ingress rules and annotations, but futile. Any idea what it could be?
Solution
ActiveMQ Artemis 2.40.0 introduced a new web console based on a new version of Hawtio and Jolokia. Due to this change any request with an origin header using the https scheme which is ultimately received by Jolokia via HTTP is now discarded by default since it is deemed insecure. If you use a TLS proxy that transforms secure requests to insecure requests (e.g. in a Kubernetes environment) then consider changing the proxy to preserve HTTPS and switching the embedded web server to HTTPS. If that isn’t feasible then you can accept the risk by adding <ignore-scheme/> to etc/jolokia-access.xml. See the Jolokia documentation for more details.
- How to properly handle a redirect as a response in retrofit2
- How do I create an executable fat JAR with Gradle with implementation dependencies?
- Set Jetty session cookie name programmatically
- Common Load Balancer For Spring boot Micro serivce Projects Using AWS EKS and ELB
- Spring Boot Angular18 Uploading Photo
- Calculating distance between two LaB colors Java
- How to fix Eclipse Java Virtual Machine Launcher Error?
- Java based HTTP Client which supports Pipelining
- Migration to Jakarta EE: Unable to find taglib [c] for URI: [jakarta.tags.core]
- Parsing log file with multiline entries
- Convert codepoint to utf-8 byte array in Java using shifting operations
- Convert List<String> to Map<String, Integer>
- How do I call some blocking method with a timeout in Java?
- Java Thread join() with sleep interval causing problem
- How to use wait() and notify() with the use of different classes in Java
- "Comparison method violates its general contract!"
- Swing ComboBox with the choice of "none of the below"
- How to get the project name in eclipse?
- When are connections returned to the connection pool with Spring JPA (Hibernate) Entity Manager?
- Google BigQuery - Streaming Data Into BigQuery
- Explicitly referencing other mappers in MapStruct mapper
- Java switch statement: Constant expression required, but it IS constant
- Trying to print second last word but output shows only "L". What's wrong with my Java code?
- Create a class Student with following attributes
- Understanding upper and lower bounds on ? in Java Generics
- Gradle Composite Project: "Could not resolve" even with correct paths
- spring native process-aot unable to register lambda
- Firebase sendPasswordResetEmail doesn't seem to work correctly with firebase-auth:9.0.2
- how to solve netflix eureka client error in spring boot 3.2.0 and java 17
- Using Java Constructor.newInstance(args) , why the "wrong number of args" error?