Red Hat Summit Red Hat Summit지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

Chapter 4. Configuration

4.1. Setting Up User Access to AMQ Console
링크 복사

You can access AMQ Console using the broker login credentials. The following table provides information about different methods to add additional broker users to access AMQ Console:

Expand
Authentication MethodDescription

Guest Authentication

Enables anonymous access. In this configuration, any user who connects without credentials or with the wrong credentials will be authenticated automatically and assigned a specific user and role.

For more information, see Enabling Guest Access in Using AMQ Broker.

Basic User and Password Authentication

For each user, you must define a username and password and assign a security role. Users can only log into AMQ Console using these credentials.

For more information, see Enabling Password Authentication in Using AMQ Broker.

LDAP Authentication

Users are authenticated and authorized by checking the credentials against user data stored in a central X.500 directory server.

For more information, see Adding Certificate-Based Authentication in Using AMQ Broker.

4.2. Securing AMQ Console and AMQ Broker Connections
링크 복사

To allow AMQ Console to access resources on the broker, specify the permitted origin URLs that can access it by editing the allow-origin parameters in the access management configuration file on the broker.

Prerequisite

  • You must first upgrade to AMQ Broker 7.1.0, during which the access management configuration file named jolokia-access.xml is added to the broker instance. For more information about upgrading, see Upgrading Your Broker to 7.1.0 in Using AMQ Broker.

Procedure

  1. Open the BROKER_INSTANCE_DIR/etc/jolokia-access.xml file in a text editor.

  2. Within the <cors> section, edit the allow-origin settings to add each URL that you want to allow to access AMQ Console. For example: 

    <cors>
   <!-- allow access to web console from localhost -->
   <allow-origin>https://localhost:8161/*</allow-origin>
   <!-- Check for the proper origin on the server side, too -->
   <strict-checking/>
</cors>
    Copy to Clipboard Toggle word wrap
  3. Save the file.

Related Information

4.3. Securing Network Access to AMQ Console
링크 복사

To secure AMQ Console when it is being accessed over a WAN or the internet, use SSL to specify that network access uses https instead of http.

Prerequisites

The following should be located in the BROKER_INSTANCE_DIR/etc/:

  • Java KeyStore (.jks)
  • Java TrustStore (only if you want to require client authentication)

Procedure

  1. Open the BROKER_INSTANCE_DIR/etc/bootstrap.xml file.

  2. In the <web> element, add the following attributes: 

    <web bind="https://localhost:8161"
    path="web"
    keyStorePath="<path_to_KeyStore>"
    keyStorePassword="<password>"
    clientAuth="<true/false>"
    trustStorePath="<path_to_TrustStore>"
    trustStorePassword="<password>">
    ...
</web>
    Copy to Clipboard Toggle word wrap
    bind
    Change the URI scheme to https.
    keyStorePath

    The path of the KeyStore file. For example: 

    keyStorePath="${artemis.instance}/etc/keystore.jks"
    Copy to Clipboard Toggle word wrap
    keyStorePassword
    The KeyStore’s password.
    clientAuth
    Specifies whether client authentication is required. The default is false, but you can change it to true to enable authentication.
    trustStorePath
    The path of the TrustStore file. This attribute is only needed if clientAuth is true.
    trustStorePassword
    The TrustStore’s password.

4.4. Configuring AMQ Interconnect for AMQ Console
링크 복사

To access AMQ Interconnect from AMQ Console, you must add a listener that accepts incoming WebSocket traffic from AMQ Console.

Procedure

  1. Open the router’s configuration file.

    The default router configuration file is located at /etc/qpid-dispatch/qdrouterd.conf. If you have multiple routers, you should open the configuration file of the router through which you want to connect to AMQ Console.

  2. Add an incoming connection for AMQ Console management traffic. 

    listener {
    name: NAME
    role: normal
    host: HOST
    port: PORT
    http: yes
    ...
}
    Copy to Clipboard Toggle word wrap
    name
    The name of the incoming connection.
    role
    Set this to normal.
    host
    Either an IP address (IPv4 or IPv6) or hostname.
    port
    The port number or symbolic service name.
    http
    Set this to yes.

  3. If necessary, secure the AMQ Console connection to the router.

    By default, the router does not authenticate or encrypt the AMQ Console connection, which means that any user can connect to the router anonymously through AMQ Console.

    However, you can configure the router to use SASL to authenticate incoming connections from AMQ Console. This means that for users to access the router through AMQ Console, they must provide their credentials and be authenticated by the router.

    1. In the router configuration file, set up SASL.

      For more information, see Setting Up SASL for Authentication and Payload Encryption in Using AMQ Interconnect.

    2. Configure a secure SASL mechanism for the AMQ Console listener.

      For more information, see Adding SSL/TLS Client Authentication to an Incoming Connection in Using AMQ Interconnect.

맨 위로 이동
Red Hat logoGithubredditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다. 최신 업데이트를 확인하세요.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

Theme

© 2025 Red Hat