ActiveMQ 5.16.2 使用 HTTPS 保护 Webconsole
ActiveMQ 5.16.2 Securing Webconsole using HTTPS
我已按照 this guide 保护 ActiveMQ 5.16.2 Web 控制台。我在 jetty.xml:
中进行了以下配置
默认情况下,身份验证设置为 true,所以我就这样保留了:
<property name="authenticate" value="true" />
我生成了一个证书 amqtest.p12 并将其移动到 conf 文件夹中,即:
/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12
我启用了 SecureConnector 并更改了 keyStorePath 和 keyStorePassword:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="$file:${activemq.conf}/amqtest.p12" />
<property name="keyStorePassword" value="changeit" />
</bean>
</constructor-arg>
<property name="port" value="8162" />
</bean>
不幸的是,当我尝试启动 ActiveMQ 时收到以下消息:
INFO | Starting Jetty server
INFO | Creating Jetty connector
WARN | ServletContext@o.e.j.s.ServletContextHandler@1ecfcbc9{/,null,STARTING} has uncovered http methods for path: /
INFO | Listening for connections at ws://amqtest:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector ws started
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) started
INFO | For help or more information please see: http://activemq.apache.org
WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data/kahadb only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
WARN | Temporary Store limit is 51200 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
WARN | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutting down
INFO | Connector openwire stopped
INFO | Connector amqp stopped
INFO | Connector stomp stopped
INFO | Connector mqtt stopped
INFO | Connector ws stopped
INFO | Broker Plugin org.apache.activemq.broker.util.DestinationPathSeparatorBroker stopped
INFO | PListStore:[/home/amquser/apache-activemq-5.16.2/data/localhost/tmp_storage] stopped
INFO | Stopping async queue tasks
INFO | Stopping async topic tasks
INFO | Stopped KahaDB
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) uptime 1.539 seconds
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutdown
INFO | Closing org.apache.activemq.xbean.XBeanBrokerFactory@6973b51b: startup date [Tue Jul 20 19:20:15 GMT 2021]; root of context hierarchy
ERROR | Failed to load: class path resource [activemq.xml], reason: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
我已经使用我的项目团队提供的 Ansible 脚本生成了证书。我之前还用这个 Ansible 脚本生成了另一个证书,它可以激活 ActiveMQ 5.7.0 Web 控制台。因此,我会假设它是正确生成的。
尝试在您的 jetty.xml:
中使用它
<property name="keyStorePath" value="${activemq.conf}/amqtest.p12" />
你有一个额外的 $file: 在那里搞砸了。您可以在错误消息中看到这一点:
java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore```
我已按照 this guide 保护 ActiveMQ 5.16.2 Web 控制台。我在 jetty.xml:
默认情况下,身份验证设置为
true,所以我就这样保留了:<property name="authenticate" value="true" />我生成了一个证书
amqtest.p12并将其移动到conf文件夹中,即:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12我启用了 SecureConnector 并更改了 keyStorePath 和 keyStorePassword:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector"> <constructor-arg ref="Server" /> <constructor-arg> <bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <property name="keyStorePath" value="$file:${activemq.conf}/amqtest.p12" /> <property name="keyStorePassword" value="changeit" /> </bean> </constructor-arg> <property name="port" value="8162" /> </bean>
不幸的是,当我尝试启动 ActiveMQ 时收到以下消息:
INFO | Starting Jetty server
INFO | Creating Jetty connector
WARN | ServletContext@o.e.j.s.ServletContextHandler@1ecfcbc9{/,null,STARTING} has uncovered http methods for path: /
INFO | Listening for connections at ws://amqtest:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector ws started
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) started
INFO | For help or more information please see: http://activemq.apache.org
WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data/kahadb only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
WARN | Temporary Store limit is 51200 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
WARN | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutting down
INFO | Connector openwire stopped
INFO | Connector amqp stopped
INFO | Connector stomp stopped
INFO | Connector mqtt stopped
INFO | Connector ws stopped
INFO | Broker Plugin org.apache.activemq.broker.util.DestinationPathSeparatorBroker stopped
INFO | PListStore:[/home/amquser/apache-activemq-5.16.2/data/localhost/tmp_storage] stopped
INFO | Stopping async queue tasks
INFO | Stopping async topic tasks
INFO | Stopped KahaDB
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) uptime 1.539 seconds
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutdown
INFO | Closing org.apache.activemq.xbean.XBeanBrokerFactory@6973b51b: startup date [Tue Jul 20 19:20:15 GMT 2021]; root of context hierarchy
ERROR | Failed to load: class path resource [activemq.xml], reason: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
我已经使用我的项目团队提供的 Ansible 脚本生成了证书。我之前还用这个 Ansible 脚本生成了另一个证书,它可以激活 ActiveMQ 5.7.0 Web 控制台。因此,我会假设它是正确生成的。
尝试在您的 jetty.xml:
<property name="keyStorePath" value="${activemq.conf}/amqtest.p12" />
你有一个额外的 $file: 在那里搞砸了。您可以在错误消息中看到这一点:
java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore```