[ 
https://issues.apache.org/jira/browse/ARTEMIS-3730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17508999#comment-17508999
 ] 

Ning Kang commented on ARTEMIS-3730:
------------------------------------

I think the problem is still related to the firewall.

 

Connecting to ActiveMQQueueConnectionFactory uses a different url 
(tcp://broker_host:1414?sslEnabled=true) than the url by using JMX.

 

 

 

 

> SSL connection for JMX does not work behinds firewall
> -----------------------------------------------------
>
>                 Key: ARTEMIS-3730
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3730
>             Project: ActiveMQ Artemis
>          Issue Type: Bug
>    Affects Versions: 2.20.0
>            Reporter: Ning Kang
>            Priority: Major
>
> We are using Artemis 2.20.0 as JMS broker, and got some problems when 
> connecting from client side via SSL for JMX connection. There is a firewall 
> between the server and client side, it only allows SSL communication in a few 
> ports (1416 and 1417 ports are allowed for SSL communication).
>  
> We have setup the JMX connections on the broker side by adding the following 
> settings.
> 1. In management.xml, add this element
> {code:java}
> <connector connector-host="0.0.0.0"
> connector-port="1416"
> rmi-registry-port="1417"
> secured="true"
> key-store-path="/home/xxxxx/keys/keystore.jks"
> key-store-password="ENC(-xxxxxxxxxxxxxx)"
> />{code}
> 2. In artemis.profile, add this in JAVA_ARGS
> {code:java}
> -Djava.rmi.server.hostname= {broker_hostname}{code}
> 3. In broker.xml, add this
> {code:java}
> <jmx-management-enabled>true</jmx-management-enabled>{code}
>  
> On the client side, the code is like this
> {code:java}
> Map<String,String[]> env = new HashMap<String, String[]>();
> String[] account = {BROKER_USER, BROKER_PASSWORD};
> env.put(JMXConnector.CREDENTIALS, account);
> JMXConnector connector = JMXConnectorFactory.connect(new 
> JMXServiceURL("service:jmx:rmi:///jndi/rmi://broker_host:1416/jmxrmi"), env);
> MBeanServerConnection connection = connector.getMBeanServerConnection();{code}
> and add these JAVA_ARGS to start the client program
> {code:java}
> -Djavax.net.ssl.trustStore=./trustStore.jks 
> -Djavax.net.ssl.trustStorePassword=password 
> -Dcom.sun.management.jmxremote.ssl=true 
> -Dcom.sun.management.jmxremote.authenticate=true 
> -Dcom.sun.management.jmxremote.registry.ssl=true 
> -Djava.rmi.server.hostname=broker_host 
> -Dcom.sun.management.jmxremote.rmi.port=1417 
> -Djavax.net.debug=all{code}
>  
> When running on a node without the firewall, the client can connect with the 
> broker without any problem, I can also see the SSL handshake debug 
> information.
>  
> However, if I run the client on another node behinds the firewall, the 
> program breaks at the line of JMXConnectorFactory.connect(), and I got the 
> following error.
> {code:java}
> java.lang.IllegalStateException: Failed to execute CommandLineRunner
>     at 
> org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:787)
>  ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     at 
> org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:768)
>  ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:322) 
> ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1226) 
> ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     at 
> org.springframework.boot.SpringApplication.run(SpringApplication.java:1215) 
> ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     at nl.mendesgans.test.jmx.Application.main(Application.java:19) 
> ~[classes!/:na]
>     at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native 
> Method) ~[na:na]
>     at 
> java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
>  ~[na:na]
>     at 
> java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>  ~[na:na]
>     at java.base/java.lang.reflect.Method.invoke(Method.java:566) ~[na:na]
>     at 
> org.springframework.boot.loader.MainMethodRunner.run(MainMethodRunner.java:48)
>  ~[bmgm-jmx-client-tester-LOCALBUILD-SNAPSHOT.jar:na]
>     at org.springframework.boot.loader.Launcher.launch(Launcher.java:87) 
> ~[bmgm-jmx-client-tester-LOCALBUILD-SNAPSHOT.jar:na]
>     at org.springframework.boot.loader.Launcher.launch(Launcher.java:51) 
> ~[bmgm-jmx-client-tester-LOCALBUILD-SNAPSHOT.jar:na]
>     at org.springframework.boot.loader.JarLauncher.main(JarLauncher.java:52) 
> ~[bmgm-jmx-client-tester-LOCALBUILD-SNAPSHOT.jar:na]
> Caused by: java.io.IOException: Failed to retrieve RMIServer stub: 
> javax.naming.CommunicationException [Root exception is 
> java.rmi.ConnectIOException: error during JRMP connection establishment; 
> nested exception is:
>     java.net.SocketException: Connection reset]
>     at 
> java.management.rmi/javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:370)
>  ~[na:na]
>     at 
> java.management/javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270)
>  ~[na:na]
>     at 
> nl.mendesgans.test.jmx.ArtemisServerConfig.getMBeanServerConnection(ArtemisServerConfig.java:51)
>  ~[classes!/:na]
>     at 
> nl.mendesgans.test.jmx.ArtemisServerConfig.activeMQServerControl(ArtemisServerConfig.java:33)
>  ~[classes!/:na]
>     at 
> nl.mendesgans.test.jmx.ArtemisService.getAllQueues(ArtemisService.java:19) 
> ~[classes!/:na]
>     at nl.mendesgans.test.jmx.Application.run(Application.java:24) 
> ~[classes!/:na]
>     at 
> org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:784)
>  ~[spring-boot-2.2.6.RELEASE.jar!/:2.2.6.RELEASE]
>     ... 13 common frames omitted
> Caused by: javax.naming.CommunicationException: null
>     at 
> jdk.naming.rmi/com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:137)
>  ~[na:na]
>     at 
> java.naming/com.sun.jndi.toolkit.url.GenericURLContext.lookup(GenericURLContext.java:207)
>  ~[na:na]
>     at 
> java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409) 
> ~[na:na]
>     at 
> java.management.rmi/javax.management.remote.rmi.RMIConnector.findRMIServerJNDI(RMIConnector.java:1839)
>  ~[na:na]
>     at 
> java.management.rmi/javax.management.remote.rmi.RMIConnector.findRMIServer(RMIConnector.java:1813)
>  ~[na:na]
>     at 
> java.management.rmi/javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:302)
>  ~[na:na]
>     ... 19 common frames omitted
> Caused by: java.rmi.ConnectIOException: error during JRMP connection 
> establishment; nested exception is:
>     java.net.SocketException: Connection reset
>     at 
> java.rmi/sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:300)
>  ~[na:na]
>     at 
> java.rmi/sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:196) 
> ~[na:na]
>     at java.rmi/sun.rmi.server.UnicastRef.newCall(UnicastRef.java:343) 
> ~[na:na]
>     at 
> java.rmi/sun.rmi.registry.RegistryImpl_Stub.lookup(RegistryImpl_Stub.java:116)
>  ~[na:na]
>     at 
> jdk.naming.rmi/com.sun.jndi.rmi.registry.RegistryContext.lookup(RegistryContext.java:133)
>  ~[na:na]
>     ... 24 common frames omitted
> Caused by: java.net.SocketException: Connection reset
>     at java.base/java.net.SocketInputStream.read(SocketInputStream.java:186) 
> ~[na:na]
>     at java.base/java.net.SocketInputStream.read(SocketInputStream.java:140) 
> ~[na:na]
>     at 
> java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252) 
> ~[na:na]
>     at 
> java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:271) 
> ~[na:na]
>     at java.base/java.io.DataInputStream.readByte(DataInputStream.java:270) 
> ~[na:na]
>     at 
> java.rmi/sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:239)
>  ~[na:na]
>     ... 28 common frames omitted{code}
>  
> By following the reference from 
> [https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html,
>  
> |https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html]I
>  have changed the url to 
> "service:jmx:rmi://broker_host:1416/jndi/rmi://broker_host:1417/jmxrmi" on 
> the client side, but still get the same error.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

Reply via email to