1

I have a RHEL6 server running Apache ActiveMQ, and I cannot find a way to disable remote access to JMX. I can disable JMX entirely, but that restricts the functionality of ActiveMQ, which uses JMX to access the broker to get status information, or communicate shutdown requests (ActiveMQ falls back to SIGKILL!). I want to have ActiveMQ be accessible through JMX, but only from localhost.

According to Apache's website, remote connections should be disabled by default, but I'm able to connect to the default 1099 port from other machines. As far as I can tell, the settings for JMX are left as default.

I'm aware of a number similar questions, but proposed solutions haven't been working for me, in particular:

  • Adding -Dcom.sun.management.jmxremote.host=localhost and/or -Dcom.sun.management.jmxremote.local.only=true doesn't help
  • Adding -Djava.rmi.server.hostname=localhost also doesn't help

This even though this solution and some comments to it seem to indicate that the Java version I'm running (>8u102) fixes some known problems.

Some solutions talk about it being necessary to switch to "coding" (e.g., this or this) but it's unclear to me how such an approach could be used with ActiveMQ.

Daniele
  • 41
  • 3

1 Answers1

0

In bin/env (of the Apache ActiveMQ build) add this:

-Dcom.sun.management.jmxremote.host=127.0.0.1

Then observe that JMX port binds only to the localhost ip

% netstat -na | grep 1099
tcp4       0      0  127.0.0.1.11099        *.*                    LISTEN
Matt Pavlovich
  • 4,087
  • 1
  • 9
  • 17
  • I tried that again, and it is still not working. netstat shows the local address `0.0.0.0:1099` and foreign address `0.0.0.0:*` – Daniele Feb 10 '21 at 20:47