4.2. Configuring local and remote access to AMQ Management Console

Procedure

1. Open the <broker_instance_dir>/etc/bootstrap.xml file.

2. Within the web element, observe that the web port is bound only to localhost by default.

   <web path="web">
     <binding uri="http://localhost:8161">
       <app url="redhat-branding" war="redhat-branding.war"/>
       <app url="artemis-plugin" war="artemis-plugin.war"/>
       <app url="dispatch-hawtio-console" war="dispatch-hawtio-console.war"/>
       <app url="console" war="console.war"/>
     </binding>
   </web>

3. To enable connection to the console for the local broker from a remote host, change the web port binding to a network-reachable interface. For example:

   <web path="web">
     <binding uri="http://0.0.0.0:8161">

   In the preceding example, by specifying 0.0.0.0, you bind the web port to all interfaces on the local broker.

4. Save the bootstrap.xml file.
5. Open the <broker_instance_dir>/etc/jolokia-access.xml file.

6. Within the <cors> (that is, Cross-Origin Resource Sharing) element, add an allow-origin entry for each HTTP origin request header that you want to allow to access the console. For example:

   <cors>
      <allow-origin>*://localhost*</allow-origin>
      <allow-origin>*://192.168.0.49*</allow-origin>
      <allow-origin>*://192.168.0.51*</allow-origin>
      <!-- Check for the proper origin on the server side, too -->
      <strict-checking/>
   </cors>

   In the preceding configuration, you specify that the following connections are allowed:

   • Connection from the local host (that is, the host machine for your local broker instance) to the console.

     • The first asterisk (*) wildcard character allows either the http or https scheme to be specified in the connection request, based on whether you have configured the console for secure connections.
     • The second asterisk wildcard character allows any port on the host machine to be used for the connection.
   • Connection from a remote host to the console for the local broker, using the externally-reachable IP address of the local broker. In this case, the externally-reachable IP address of the local broker is 192.168.0.49.
   • Connection from within a console session opened on another, remote broker to the local broker. In this case, the IP address of the remote broker is 192.168.0.51.
7. Save the jolokia-access.xml file.
8. Open the <broker_instance_dir>/etc/artemis.profile file.

9. To enable the Connect tab in the console, set the value of the Dhawtio.disableProxy argument to false.

   -Dhawtio.disableProxy=false

   중요

   It is recommended that you enable remote connections from the console (that is, set the value of the Dhawtio.disableProxy argument to false) only if the console is exposed to a secure network.

10. Add a new argument, Dhawtio.proxyWhitelist, to the JAVA_ARGS list of Java system arguments. As a comma-separated list, specify IP addresses for any remote brokers that you want to connect to from the local broker (that is, by using the Connect tab within a console session running on the local broker). For example:

    -Dhawtio.proxyWhitelist=192.168.0.51

    Based on the preceding configuration, you can use the Connect tab within a console session on the local broker to connect to another, remote broker with an IP address of 192.168.0.51.

11. Save the aretmis.profile file.