This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq.git
The following commit(s) were added to refs/heads/main by this push:
new 398cdc674 AMQ-9296: Add authentication support in docker images
new 9aedca006 Merge pull request #1114 from jbonofre/AMQ-9296
398cdc674 is described below
commit 398cdc6740760410f40253bb6ea79e790a605d3c
Author: JB Onofré <j...@nanthrax.net>
AuthorDate: Wed Nov 8 17:34:14 2023 +0100
AMQ-9296: Add authentication support in docker images
---
assembly/src/docker/Dockerfile | 5 ++-
assembly/src/docker/README.md | 14 +++++-
assembly/src/docker/docker-compose.yml | 4 +-
assembly/src/docker/entrypoint.sh | 81 ++++++++++++++++++++++++++++++++++
4 files changed, 101 insertions(+), 3 deletions(-)
diff --git a/assembly/src/docker/Dockerfile b/assembly/src/docker/Dockerfile
index 8c8a2dd46..819b64c11 100644
--- a/assembly/src/docker/Dockerfile
+++ b/assembly/src/docker/Dockerfile
@@ -30,11 +30,14 @@ ENV ACTIVEMQ_OPTS $ACTIVEMQ_OPTS -Djetty.host=0.0.0.0
# activemq_dist can point to a directory or a tarball on the local system
ARG activemq_dist=NOT_SET
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+
# Install build dependencies and activemq
ADD $activemq_dist $ACTIVEMQ_INSTALL_PATH
RUN set -x && \
cp -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* $ACTIVEMQ_HOME && \
rm -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-*
-EXPOSE 8161 61616 5672 61613 1883 61614
+EXPOSE 8161 61616 5672 61613 1883 61614 1099
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["activemq", "console"]
diff --git a/assembly/src/docker/README.md b/assembly/src/docker/README.md
index 81e49feb7..ae6edf645 100644
--- a/assembly/src/docker/README.md
+++ b/assembly/src/docker/README.md
@@ -144,7 +144,8 @@ docker kill activemq
### Ports
-* ActiveMQ web console on `8161`
+* ActiveMQ WebConsole on `8161`
+* ActiveMQ JMX MBean server on `1099`
* ActiveMQ tcp connector on `61616`
* ActiveMQ AMQP connector on `5672`
* ActiveMQ STOMP connector on `61613`
@@ -152,3 +153,14 @@ docker kill activemq
* ActiveMQ WS connector on `61614`
Edit the `docker-compose.yml` file to edit port settings.
+
+### Environment variables
+
+| Environment Variable | Description |
+|----------------------|-------------|
+| `ACTIVEMQ_CONNECTION_USER` | Username to access transport connector on the
broker (JMS, ...). If not set, no user and password are required |
+| `ACTIVEMQ_CONNECTION_PASSWORD` | Password to access transport connector on
the broker (JMS, ...). It should be used with `ACTIVEMQ_CONNECTION_USER`. |
+| `ACTIVEMQ_JMX_USER` | Username to access the JMX MBean server of the broker.
If set, ActiveMQ accepts remote JMX connection, else, only local connection are
allowed. |
+| `ACTIVEMQ_JMX_PASSWORD` | Password to access the JMX MBean server of the
broker. It should be used with `ACTIVEMQ_JMX_USER`/ |
+| `ACTIVEMQ_WEB_USER` | Username to access the ActiveMQ WebConsole. |
+| `ACTIVEMQ_WEB_PASSWORD` | Password to access the ActiveMQ WebConsole. |
\ No newline at end of file
diff --git a/assembly/src/docker/docker-compose.yml
b/assembly/src/docker/docker-compose.yml
index 49410ef8d..bac8027f3 100644
--- a/assembly/src/docker/docker-compose.yml
+++ b/assembly/src/docker/docker-compose.yml
@@ -26,7 +26,8 @@ services:
- "61613"
- "1883"
- "61614"
- - "8161"
+ - "8161"`
+ - "1099"
ports:
- "8161:8161"
- "61616:61616"
@@ -34,6 +35,7 @@ services:
- "61613:61613"
- "1883:1883"
- "61614:61614"
+ - "1099:1099"
command: activemq console
stdin_open: true
tty: true
diff --git a/assembly/src/docker/entrypoint.sh
b/assembly/src/docker/entrypoint.sh
new file mode 100755
index 000000000..566e5ba40
--- /dev/null
+++ b/assembly/src/docker/entrypoint.sh
@@ -0,0 +1,81 @@
+#!/bin/sh
+
+################################################################################
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+################################################################################
+
+# Transport/connection security
+if [ -n "${ACTIVEMQ_CONNECTION_USER}" ]; then
+ if [ -f "${ACTIVEMQ_HOME}/conf/connection.security.enabled" ]; then
+ echo "ActiveMQ Connection Security enabled"
+ else
+ echo "Enabling ActiveMQ Connection Security"
+ sed -i
"s/activemq.username=system/activemq.username=${ACTIVEMQ_CONNECTION_USER}/"
${ACTIVEMQ_HOME}/conf/credentials.properties
+ sed -i
"s/activemq.password=manager/activemq.password=${ACTIVEMQ_CONNECTION_PASSWORD}/"
${ACTIVEMQ_HOME}/conf/credentials.properties
+ read -r -d '' REPLACE << END
+ <plugins>
+ <simpleAuthenticationPlugin>
+ <users>
+ <authenticationUser username="$\{activemq.username}"
password="$\{activemq.password}"/>
+ </users>
+ </simpleAuthenticationPlugin>
+ </plugins>
+ </broker>
+END
+ REPLACE=${REPLACE//$\\/$}
+ REPLACE=${REPLACE//\//\\\/}
+ REPLACE=$(echo $REPLACE | tr '\n' ' ')
+ sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
+ touch "${ACTIVEMQ_HOME}/conf/connection.security.enabled"
+ fi
+fi
+
+# JMX security
+if [ -n "${ACTIVEMQ_JMX_USER}" ]; then
+ if [ -f "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" ]; then
+ echo "JMX Security already enabled"
+ else
+ echo "Enabling ActiveMQ JMX security"
+ read -r -d '' REPLACE << END
+ <managementContext>
+ <managementContext createConnector="true" />
+ </managementContext>
+ </broker>
+END
+ REPLACE=${REPLACE//\//\\\/}
+ REPLACE=${REPLACE//$\\/$}
+ REPLACE=$(echo $REPLACE | tr '\n' ' ')
+ sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
+ sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.access
+ sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.password
+ if [ -n "${ACTIVEMQ_JMX_PASSWORD}" ]; then
+ sed -i "s/\ activemq/\ ${ACTIVEMQ_JMX_PASSWORD}/"
${ACTIVEMQ_HOME}/conf/jmx.password
+ fi
+ touch "${ACTIVEMQ_HOME}/conf/jmx.security.enabled"
+ fi
+fi
+
+# WebConsole security
+if [ -n "${ACTIVEMQ_WEB_USER}" ]; then
+ echo "Enabling ActiveMQ WebConsole security"
+ sed -i s/admin=/${ACTIVEMQ_WEB_USER}=/g
${ACTIVEMQ_HOME}/conf/users.properties
+ if [ -n "${ACTIVEMQ_WEB_PASSWORD}" ]; then
+ sed -i s/=admin/=${ACTIVEMQ_WEB_PASSWORD}/g
${ACTIVEMQ_HOME}/conf/users.properties
+ fi
+fi
+
+exec "$@"
\ No newline at end of file
