Author: buildbot Date: Fri Jun 12 18:21:03 2015 New Revision: 954613 Log: Production update by buildbot for activemq
Modified: websites/production/activemq/content/cache/main.pageCache websites/production/activemq/content/how-do-i-use-ssl.html websites/production/activemq/content/jmx.html Modified: websites/production/activemq/content/cache/main.pageCache ============================================================================== Binary files - no diff available. Modified: websites/production/activemq/content/how-do-i-use-ssl.html ============================================================================== --- websites/production/activemq/content/how-do-i-use-ssl.html (original) +++ websites/production/activemq/content/how-do-i-use-ssl.html Fri Jun 12 18:21:03 2015 @@ -99,8 +99,8 @@ <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[keytool -genkey -alias client -keyalg RSA -keystore client.ks]]></script> </div></div></li><li><p>Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[keytool -import -alias broker -keystore client.ts -file broker_cert]]></script> -</div></div></li></ol><h3 id="HowdoIuseSSL-StartingtheBroker">Starting the Broker</h3><h4 id="HowdoIuseSSL-Usingthejavax.net.ssl.*SystemProperties">Using the javax.net.ssl.* System Properties</h4><p>Before starting the broker's VM set the SSL_OPTS enviorment variable so that it knows to use the broker keystore.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[export SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password +</div></div></li></ol><h3 id="HowdoIuseSSL-StartingtheBroker">Starting the Broker</h3><h4 id="HowdoIuseSSL-Usingthejavax.net.ssl.*SystemProperties">Using the javax.net.ssl.* System Properties</h4><p>Before starting the broker's VM set the ACTIVEMQ_SSL_OPTS environment variable so that it knows to use the broker keystore.  (note that in previous versions of ActiveMQ this property was called SSL_OPTS in some scripts.  As of v5.12.0 all scripts use ACTIVEMQ_SSL_OPTS)</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[export ACTIVEMQ_SSL_OPTS = -Djavax.net.ssl.keyStore=/path/to/broker.ks -Djavax.net.ssl.keyStorePassword=password ]]></script> </div></div><h4 id="HowdoIuseSSL-UsingSpringtoconfigureSSLforaBrokerinstance">Using Spring to configure SSL for a Broker instance</h4><p>Sometimes the use of javax.net.ssl.* system properties is not appropriate as they effect all SSL users in a JVM. ActiveMQ 5.2.x adds an <sslContext> element to the <amq:broker> that allows a broker specific set of SSL properties to be configured.</p><p>The SslContext <a shape="rect" class="external-link" href="https://svn.apache.org/repos/asf/activemq/trunk/activemq-unit-tests/src/test/java/org/apache/activemq/transport/tcp/SslContextBrokerServiceTest.java">test case</a> validates starting an SSL transport listener using the configuration specified in the broker Xbean. The SslContext element is added to the broker as follows:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[<beans @@ -137,7 +137,7 @@ javax.net.ssl.trustStore=/path/to/client <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[keytool -import -alias client -keystore broker.ts -file client_cert]]></script> </div></div></li><li><p>Add</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[-Djavax.net.ssl.trustStore=/path/to/broker.ts]]></script> -</div></div><p>to SSL_OPTS</p></li><li><p>Instruct ActiveMQ to require client authentication by setting the following in activemq.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +</div></div><p>to ACTIVEMQ_SSL_OPTS</p></li><li><p>Instruct ActiveMQ to require client authentication by setting the following in activemq.xml:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ <transportConnectors> <transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" /> </transportConnectors>]]></script> Modified: websites/production/activemq/content/jmx.html ============================================================================== --- websites/production/activemq/content/jmx.html (original) +++ websites/production/activemq/content/jmx.html Fri Jun 12 18:21:03 2015 @@ -123,16 +123,16 @@ controlRole readwrite monitorRole abc123 controlRole abcd1234 ]]></script> -</div></div><p>(Make sure both files are not world readable - more info can be find <a shape="rect" class="external-link" href="http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#auth" rel="nofollow">here</a> to protect files)</p><p>For more details you can see the <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html">Monitoring Tomcat Document</a></p><p>3. Modify the "activemq" startup script (in bin) to enable the Java 1.5+ JMX connector</p><p>Find the "SUNJMX=" line and change it too:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> +</div></div><p>(Make sure both files are not world readable - more info can be find <a shape="rect" class="external-link" href="http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#auth" rel="nofollow">here</a> to protect files)</p><p>For more details you can see the <a shape="rect" class="external-link" href="http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html">Monitoring Tomcat Document</a></p><p>3. Modify the "activemq" startup script (in bin) to enable the Java 1.5+ JMX connector</p><p>Find the "ACTIVEMQ_SUNJMX_START=" line and change it too the following: (note that in previous versions of ActiveMQ this property was called SUNJMX in some scripts.  As of v5.12.0 all scripts use ACTIVEMQ_SUNJMX_START):</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> <script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[1. Windows - SUNJMX=-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ + ACTIVEMQ_SUNJMX_START=-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.password.file=%ACTIVEMQ_BASE%/conf/jmx.password \ -Dcom.sun.management.jmxremote.access.file=%ACTIVEMQ_BASE%/conf/jmx.access 2. Unix - SUNJMX="-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ + ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_BASE}/conf/jmx.password \ -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_BASE}/conf/jmx.access" ]]></script> @@ -141,7 +141,7 @@ controlRole abcd1234 ACTIVEMQ_HOME=DRIVE_LETTER:/where/ActiveMQ/is/installed ACTIVEMQ_BASE=%ACTIVEMQ_HOME% -SUNJMX=-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ +ACTIVEMQ_SUNJMX_START=-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.password.file=%ACTIVEMQ_BASE%/conf/jmx.password \ -Dcom.sun.management.jmxremote.access.file=%ACTIVEMQ_BASE%/conf/jmx.access @@ -149,7 +149,7 @@ SUNJMX=-Dcom.sun.management.jmxremote.po ACTIVEMQ_HOME=DRIVE_LETTER:/where/ActiveMQ/is/installed ACTIVEMQ_BASE=${ACTIVEMQ_HOME} -SUNJMX="-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ +ACTIVEMQ_SUNJMX_START="-Dcom.sun.management.jmxremote.port=1616 -Dcom.sun.management.jmxremote.ssl=false \ -Dcom.sun.management.jmxremote.password.file=${ACTIVEMQ_BASE}/conf/jmx.password \ -Dcom.sun.management.jmxremote.access.file=${ACTIVEMQ_BASE}/conf/jmx.access" ]]></script> @@ -164,10 +164,10 @@ SUNJMX="-Dcom.sun.management.jmxrem </broker> ]]></script> </div></div><p>In 4.0.1 or later, on Java 1.5 or later we try and use the default platform MBeanServer (so that things like the JVM threads & memory settings are visible).</p><p>If you wish to change the Java 5 JMX settings you can use various <a shape="rect" class="external-link" href="http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#properties" rel="nofollow">JMX system properties</a></p><p>For example you can enable remote JMX connections to the Sun JMX connector, via setting the following environment variable (using <strong>set</strong> or <strong>export</strong> depending on your platform). These settings only configure the Sun JMX connector within Java 1.5+, not the JMX connector that ActiveMQ creates by default.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl"> -<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[SUNJMX=-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=1616 \ +<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[ACTIVEMQ_SUNJMX_START=-Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=1616 \ -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false ]]></script> -</div></div><p>(The SUNJMX environment variable is simple used by the "activemq" startup script, as additional startup parameters for java. If you start ActiveMQ directly, you'll have to pass these parameters yourself.)</p><h4 id="JMX-ManagementContextPropertiesReference">ManagementContext Properties Reference</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Property Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default Value</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>useMBeanServer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>If true then it avoids creating a new MBean server if a MBeanServer has already been created in the JVM</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>jmxDomainName</p></td ><td colspan="1" rowspan="1" >class="confluenceTd"><p>org.apache.activemq</p></td><td colspan="1" >rowspan="1" class="confluenceTd"><p>The jmx domain that all objects names >will use</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>createMBeanServer</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>If we should create the MBeanServer is none is >found.</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>createConnector</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>If we should create a JMX connector (to allow remote >management) for the MBeanServer</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>connectorPort</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>1099</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>The port that the JMX connector will use</p></td ></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>connectorHost</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>localhost</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>The host that the JMX connector and RMI server (if >rmiServerPort>0) will use</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>rmiServerPort</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>0</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>The RMI server port, handy if port usage needs to be >restricted behind a firewall</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>connectorPath</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>/jmxrmi</p></td><td colspan="1" rowspan="1" >class="confluenceTd"><p>The path that JMX connector will be registered >under</p></td></tr><tr><td colspan="1" rowspan="1" >class="confluenceTd"><p>findTigerMBeanServer</p></td><td colspan="1" >rowspan="1" class="confluenceTd"><p>true</p></ td><td colspan="1" rowspan="1" class="confluenceTd"><p>Enables/disables the searching for the Java 5 platform MBeanServer</p></td></tr></tbody></table></div></div> +</div></div><p>(The ACTIVEMQ_SUNJMX_START environment variable is simple used by the "activemq" startup script, as additional startup parameters for java. If you start ActiveMQ directly, you'll have to pass these parameters yourself.)</p><h4 id="JMX-ManagementContextPropertiesReference">ManagementContext Properties Reference</h4><div class="table-wrap"><table class="confluenceTable"><tbody><tr><th colspan="1" rowspan="1" class="confluenceTh"><p>Property Name</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Default Value</p></th><th colspan="1" rowspan="1" class="confluenceTh"><p>Description</p></th></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>useMBeanServer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>If true then it avoids creating a new MBean server if a MBeanServer has already been created in the JVM</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>jmxDom ainName</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>org.apache.activemq</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The jmx domain that all objects names will use</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>createMBeanServer</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>If we should create the MBeanServer is none is found.</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>createConnector</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>true</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>If we should create a JMX connector (to allow remote management) for the MBeanServer</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>connectorPort</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>1099</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The port that the JMX connector w ill use</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>connectorHost</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>localhost</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The host that the JMX connector and RMI server (if rmiServerPort>0) will use</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>rmiServerPort</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>0</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The RMI server port, handy if port usage needs to be restricted behind a firewall</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>connectorPath</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>/jmxrmi</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>The path that JMX connector will be registered under</p></td></tr><tr><td colspan="1" rowspan="1" class="confluenceTd"><p>findTigerMBeanServer</p></td><td colspan="1" rowspan="1" class="confluenceTd "><p>true</p></td><td colspan="1" rowspan="1" class="confluenceTd"><p>Enables/disables the searching for the Java 5 platform MBeanServer</p></td></tr></tbody></table></div></div> </td> <td valign="top"> <div class="navigation">