This is an automated email from the ASF dual-hosted git repository. jbonofre pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push: new 398cdc674 AMQ-9296: Add authentication support in docker images new 9aedca006 Merge pull request #1114 from jbonofre/AMQ-9296 398cdc674 is described below commit 398cdc6740760410f40253bb6ea79e790a605d3c Author: JB Onofré <j...@nanthrax.net> AuthorDate: Wed Nov 8 17:34:14 2023 +0100 AMQ-9296: Add authentication support in docker images --- assembly/src/docker/Dockerfile | 5 ++- assembly/src/docker/README.md | 14 +++++- assembly/src/docker/docker-compose.yml | 4 +- assembly/src/docker/entrypoint.sh | 81 ++++++++++++++++++++++++++++++++++ 4 files changed, 101 insertions(+), 3 deletions(-) diff --git a/assembly/src/docker/Dockerfile b/assembly/src/docker/Dockerfile index 8c8a2dd46..819b64c11 100644 --- a/assembly/src/docker/Dockerfile +++ b/assembly/src/docker/Dockerfile @@ -30,11 +30,14 @@ ENV ACTIVEMQ_OPTS $ACTIVEMQ_OPTS -Djetty.host=0.0.0.0 # activemq_dist can point to a directory or a tarball on the local system ARG activemq_dist=NOT_SET +COPY entrypoint.sh /usr/local/bin/entrypoint.sh + # Install build dependencies and activemq ADD $activemq_dist $ACTIVEMQ_INSTALL_PATH RUN set -x && \ cp -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* $ACTIVEMQ_HOME && \ rm -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* -EXPOSE 8161 61616 5672 61613 1883 61614 +EXPOSE 8161 61616 5672 61613 1883 61614 1099 +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] CMD ["activemq", "console"] diff --git a/assembly/src/docker/README.md b/assembly/src/docker/README.md index 81e49feb7..ae6edf645 100644 --- a/assembly/src/docker/README.md +++ b/assembly/src/docker/README.md @@ -144,7 +144,8 @@ docker kill activemq ### Ports -* ActiveMQ web console on `8161` +* ActiveMQ WebConsole on `8161` +* ActiveMQ JMX MBean server on `1099` * ActiveMQ tcp connector on `61616` * ActiveMQ AMQP connector on `5672` * ActiveMQ STOMP connector on `61613` @@ -152,3 +153,14 @@ docker kill activemq * ActiveMQ WS connector on `61614` Edit the `docker-compose.yml` file to edit port settings. + +### Environment variables + +| Environment Variable | Description | +|----------------------|-------------| +| `ACTIVEMQ_CONNECTION_USER` | Username to access transport connector on the broker (JMS, ...). If not set, no user and password are required | +| `ACTIVEMQ_CONNECTION_PASSWORD` | Password to access transport connector on the broker (JMS, ...). It should be used with `ACTIVEMQ_CONNECTION_USER`. | +| `ACTIVEMQ_JMX_USER` | Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed. | +| `ACTIVEMQ_JMX_PASSWORD` | Password to access the JMX MBean server of the broker. It should be used with `ACTIVEMQ_JMX_USER`/ | +| `ACTIVEMQ_WEB_USER` | Username to access the ActiveMQ WebConsole. | +| `ACTIVEMQ_WEB_PASSWORD` | Password to access the ActiveMQ WebConsole. | \ No newline at end of file diff --git a/assembly/src/docker/docker-compose.yml b/assembly/src/docker/docker-compose.yml index 49410ef8d..bac8027f3 100644 --- a/assembly/src/docker/docker-compose.yml +++ b/assembly/src/docker/docker-compose.yml @@ -26,7 +26,8 @@ services: - "61613" - "1883" - "61614" - - "8161" + - "8161"` + - "1099" ports: - "8161:8161" - "61616:61616" @@ -34,6 +35,7 @@ services: - "61613:61613" - "1883:1883" - "61614:61614" + - "1099:1099" command: activemq console stdin_open: true tty: true diff --git a/assembly/src/docker/entrypoint.sh b/assembly/src/docker/entrypoint.sh new file mode 100755 index 000000000..566e5ba40 --- /dev/null +++ b/assembly/src/docker/entrypoint.sh @@ -0,0 +1,81 @@ +#!/bin/sh + +################################################################################ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +################################################################################ + +# Transport/connection security +if [ -n "${ACTIVEMQ_CONNECTION_USER}" ]; then + if [ -f "${ACTIVEMQ_HOME}/conf/connection.security.enabled" ]; then + echo "ActiveMQ Connection Security enabled" + else + echo "Enabling ActiveMQ Connection Security" + sed -i "s/activemq.username=system/activemq.username=${ACTIVEMQ_CONNECTION_USER}/" ${ACTIVEMQ_HOME}/conf/credentials.properties + sed -i "s/activemq.password=manager/activemq.password=${ACTIVEMQ_CONNECTION_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/credentials.properties + read -r -d '' REPLACE << END + <plugins> + <simpleAuthenticationPlugin> + <users> + <authenticationUser username="$\{activemq.username}" password="$\{activemq.password}"/> + </users> + </simpleAuthenticationPlugin> + </plugins> + </broker> +END + REPLACE=${REPLACE//$\\/$} + REPLACE=${REPLACE//\//\\\/} + REPLACE=$(echo $REPLACE | tr '\n' ' ') + sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml + touch "${ACTIVEMQ_HOME}/conf/connection.security.enabled" + fi +fi + +# JMX security +if [ -n "${ACTIVEMQ_JMX_USER}" ]; then + if [ -f "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" ]; then + echo "JMX Security already enabled" + else + echo "Enabling ActiveMQ JMX security" + read -r -d '' REPLACE << END + <managementContext> + <managementContext createConnector="true" /> + </managementContext> + </broker> +END + REPLACE=${REPLACE//\//\\\/} + REPLACE=${REPLACE//$\\/$} + REPLACE=$(echo $REPLACE | tr '\n' ' ') + sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml + sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.access + sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.password + if [ -n "${ACTIVEMQ_JMX_PASSWORD}" ]; then + sed -i "s/\ activemq/\ ${ACTIVEMQ_JMX_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/jmx.password + fi + touch "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" + fi +fi + +# WebConsole security +if [ -n "${ACTIVEMQ_WEB_USER}" ]; then + echo "Enabling ActiveMQ WebConsole security" + sed -i s/admin=/${ACTIVEMQ_WEB_USER}=/g ${ACTIVEMQ_HOME}/conf/users.properties + if [ -n "${ACTIVEMQ_WEB_PASSWORD}" ]; then + sed -i s/=admin/=${ACTIVEMQ_WEB_PASSWORD}/g ${ACTIVEMQ_HOME}/conf/users.properties + fi +fi + +exec "$@" \ No newline at end of file