Chapter 4. Configuration

Procedure

1. Open the BROKER_INSTANCE_DIR/etc/jolokia-access.xml file in a text editor.

2. Within the <cors> section, edit the allow-origin settings to add each URL that you want to allow to access AMQ Console. For example:

   <cors>
      <!-- allow access to web console from localhost -->
      <allow-origin>https://localhost:8161/*</allow-origin>
      <!-- Check for the proper origin on the server side, too -->
      <strict-checking/>
   </cors>

   Copy to Clipboard Toggle word wrap
3. Save the file.

Procedure

1. Open the BROKER_INSTANCE_DIR/etc/bootstrap.xml file.

2. In the <web> element, add the following attributes:

   <web bind="https://localhost:8161"
       path="web"
       keyStorePath="<path_to_KeyStore>"
       keyStorePassword="<password>"
       clientAuth="<true/false>"
       trustStorePath="<path_to_TrustStore>"
       trustStorePassword="<password>">
       ...
   </web>

   Copy to Clipboard Toggle word wrap

   bind

   Change the URI scheme to https.

   keyStorePath

   The path of the KeyStore file. For example:

   keyStorePath="${artemis.instance}/etc/keystore.jks"

   Copy to Clipboard Toggle word wrap

   keyStorePassword

   The KeyStore’s password.

   clientAuth

   Specifies whether client authentication is required. The default is false, but you can change it to true to enable authentication.

   trustStorePath

   The path of the TrustStore file. This attribute is only needed if clientAuth is true.

   trustStorePassword

   The TrustStore’s password.

Procedure

1. Open the router’s configuration file.

   The default router configuration file is located at /etc/qpid-dispatch/qdrouterd.conf. If you have multiple routers, you should open the configuration file of the router through which you want to connect to AMQ Console.

2. Add an incoming connection for AMQ Console management traffic.

   listener {
       name: NAME
       role: normal
       host: HOST
       port: PORT
       http: yes
       ...
   }

   Copy to Clipboard Toggle word wrap

   name

   The name of the incoming connection.

   role

   Set this to normal.

   host

   Either an IP address (IPv4 or IPv6) or hostname.

   port

   The port number or symbolic service name.

   http

   Set this to yes.

3. If necessary, secure the AMQ Console connection to the router.

   By default, the router does not authenticate or encrypt the AMQ Console connection, which means that any user can connect to the router anonymously through AMQ Console.

   However, you can configure the router to use SASL to authenticate incoming connections from AMQ Console. This means that for users to access the router through AMQ Console, they must provide their credentials and be authenticated by the router.

   1. In the router configuration file, set up SASL.

      For more information, see Setting Up SASL for Authentication and Payload Encryption in Using AMQ Interconnect.

   2. Configure a secure SASL mechanism for the AMQ Console listener.

      For more information, see Adding SSL/TLS Client Authentication to an Incoming Connection in Using AMQ Interconnect.