• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Bear Bibeault
  • Liutauras Vilda
Sheriffs:
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Jj Roberts
  • Tim Holloway
  • Piet Souris
Bartenders:
  • Himai Minh
  • Carey Brown
  • salvin francis

Getting connection timed out while trying to access ActiveMQ over https

 
Ranch Hand
Posts: 238
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have a RHEL 7 server where I have ActiveMQ installed (version : apache-activemq-5.15.11).I am trying to run the web console over https and hence I went through the instructions mentioned in the documentation here(https://activemq.apache.org/web-console.html) and made changes in my jetty.xml and un-commented the following section:

                   

when I am trying to access the web console like the following:

https://myserver.com:8162/admin/index.jsp

I am getting connection getting timed out in the browser.

Questions :


1) Am I trying to access it properly - via port 8162? It works fine with port 8161 and over http like the following:

http://myserver.com:8161/admin/index.jsp

2) Are there any additional changes needed to make it work over https?

My jetty.xml is below for reference:


 



 
 
Saloon Keeper
Posts: 22784
153
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Likes 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Tomcat and jetty are two completely different webapp server products from two completely different suppliers. Tomcat has no idea of what to do with a "jetty.xml".

Aside from that, your "jetty.xml" looks a lot like a Spring Framework applicationContext.xml file.

So you might want to go back and make sure that your overall setup is correct.
 
Jack Tauson
Ranch Hand
Posts: 238
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Tomcat and jetty are two completely different webapp server products from two completely different suppliers. Tomcat has no idea of what to do with a "jetty.xml".

Aside from that, your "jetty.xml" looks a lot like a Spring Framework applicationContext.xml file.

So you might want to go back and make sure that your overall setup is correct.



Yeah, I couldn't find anything related to ActiveMQ on this forum and hence posted in Tomcat forum.

"jetty.xml" comes with activemq.

Not sure what part I am missing as I did exactly what the documentation has mentioned.
 
Tim Holloway
Saloon Keeper
Posts: 22784
153
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ah. I see. And yes, it does appear we have a hole in our forum offerings. I think I'll ask the Jedi Council about that.

Yeah, ActiveMQ has and embedded jetty webserver for its console. It makes sense now.

Anyway, have you checked this out: https://activemq.apache.org/web-console ? It seems straightforward. And I see that apparently jetty is now Spring-configured.

A note, however. Unless you are in a really paranoid shop. the ActiveMQ console should not really require SSL because it shouldn't be accessible outside of a very limited sublan or VLAN. One used only by system services and administrators. And if you are generous enough to allow access to the wider world, you might consider using a reverse proxy such as nginx, which is a lot easier to set up for SSL.
 
Jack Tauson
Ranch Hand
Posts: 238
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Ah. I see. And yes, it does appear we have a hole in our forum offerings. I think I'll ask the Jedi Council about that.

Yeah, ActiveMQ has and embedded jetty webserver for its console. It makes sense now.

Anyway, have you checked this out: https://activemq.apache.org/web-console ? It seems straightforward. And I see that apparently jetty is now Spring-configured.

A note, however. Unless you are in a really paranoid shop. the ActiveMQ console should not really require SSL because it shouldn't be accessible outside of a very limited sublan or VLAN. One used only by system services and administrators. And if you are generous enough to allow access to the wider world, you might consider using a reverse proxy such as nginx, which is a lot easier to set up for SSL.



Yeah, I made my changes from there only. That page  has the following instructions which I followed.

webpage


It's not very clear to me if after making changes, I should be trying to access the web console like this https://myserver.com:8162/admin/index.jsp ?

I checked using PortQuery tool the status of the port 8162 and got the following:



So I am wondering if the port 8162 is not open on RHEL server so that my local machine could access that?
 
Tim Holloway
Saloon Keeper
Posts: 22784
153
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Red Hat has always been concerned with security, so unless you explicitly opened that port on the ActiveMQ machine's firewall, it will be blocked. Looks like you did an nmap and that's what it said, in fact.

The netstat command can be run on the server machine itself to determine if the port is open.
 
Jack Tauson
Ranch Hand
Posts: 238
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Tim Holloway wrote:Red Hat has always been concerned with security, so unless you explicitly opened that port on the ActiveMQ machine's firewall, it will be blocked. Looks like you did an nmap and that's what it said, in fact.

The netstat command can be run on the server machine itself to determine if the port is open.



So based on the configurations related changes I did, I am correctly using port 8162 in the URL over https, right?

https://myserver.com:8162/admin/index.jsp

I will ask network team to open port 8162 then.
 
What do you have in that there bucket? It wouldn't be a tiny ad by any chance ...
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic