artemis (2.23.1) broker url configuration question - https proxy in between and netty http(s) support

Wed, 13 Jul 2022 03:05:44 -0700 

Hi,

so far I was successful configuring artemis and my client to use the
"raw" protocol with ssl support.

Now I need to put a https proxy in between (which does need client
auth) but I am failing to get a connection to the broker - the docs [1]
have this for netty http:

=> Netty HTTP tunnels packets over the HTTP protocol. It can be useful in 
scenarios where firewalls only allow HTTP traffic to pass.


So my broker has this listening (acceptor) url (running under the
hostname artemis and has ssl enabled)

tcp://0.0.0.0:61616?tcpSendBufferSize=1048576;tcpReceiveBufferSize=1048
576;amqpMinLargeMessageSize=102400;protocols=CORE,AMQP,STOMP,HORNETQ,MQ
TT,OPENWIRE;useEpoll=true;amqpCredits=1000;amqpLowCredits=300;amqpDupli
cateDetection=true;supportAdvisory=false;suppressInternalManagementObje
cts=false;sslEnabled=true;keyStorePath=${data.dir}/../etc/ssl.p12;keySt
orePassword=ssl


My client uses this broker url:

    
tcp://localhost:8890/ssl-broker?sslEnabled=true;needClientAuth=true;keyStorePath=/tmp/ssl-restclient.p12;keyStorePassword=ssl

And the httpd proxy (listening on localhost:8890 and doing the ssl +
client auth stuff) in between is configured like this (just the forward
rules - omitted the https config stuff):

    RewriteCond %{HTTP:Upgrade} websocket [NC]
    RewriteCond %{HTTP:Connection} upgrade [NC]
    RewriteRule ^/?(.*) "wss://artemis:61616/$1" [P,L]

    RewriteRule ^/?(.*) https://artemis:61616/$1 [P,L]

    ProxyPassReverse "/" "https://artemis:61616/";


Proxy-Log output is:

172.17.0.1 - - [13/Jul/2022:09:39:10 +0000] "ARTEMIS" 400 226

and the client has this in the logs:

Caused by: 
org.apache.activemq.artemis.api.core.ActiveMQConnectionTimedOutException: 
AMQ219013: Timed out waiting to receive cluster topology. Group:null
        at 
org.apache.activemq.artemis.core.client.impl.ServerLocatorImpl.createSessionFactory(ServerLocatorImpl.java:748)
        at 
org.apache.activemq.artemis.jms.client.ActiveMQConnectionFactory.createConnectionInternal(ActiveMQConnectionFactory.java:865)
        ... 16 common frames omitted

I am a little bit lost as the docs read for netty http:

=> With single port support Apache ActiveMQ Artemis will now automatically 
detect if http is being used and configure itself.


So how does artemis work with netty http and https proxies in between?
Any pointers appreciated what I need to configure on the client side to get a 
successful connection.


[1] 
https://activemq.apache.org/components/artemis/documentation/latest/configuring-transports.html

thanks

Torsten

Reply via email to