1

So if I run curl -u admin:password http://10.0.1.195:8161/api/jolokia inside Docker container I will get this error:

curl: (7) Failed to connect to 10.0.1.195 port 8161: No route to host

But if I run same cURL command outside the container on the host machine I am able to access ActiveMQ host on port 8161.

Also, I am able to run curl http://10.0.2.111:8086/ping in the same Docker container which refers to InfluxDB host machine.

I have come to conclusion that my issue is related to ActiveMQ because I am able to connect anywhere else.

ActiveMQ is running on a separate EC2 instance with configured security groups, subnet and VPC. Everything is working fine only accessing this host from inside Docker containers is a problem.

jetty.xml

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
    ...
    <bean id="jettyPort" class="org.apache.activemq.web.WebConsolePort" init-method="start">
        <property name="host" value="0.0.0.0" />
        <property name="port" value="8161" />
    </bean>
    ...
    <bean id="Connector" class="org.eclipse.jetty.server.ServerConnector">
        <constructor-arg ref="Server" />
        <!-- see the jettyPort bean -->
        <property name="host" value="#{systemProperties['jetty.host']}" />
        <property name="port" value="#{systemProperties['jetty.port']}" />
    </bean>
    ...
</beans>

jolokia-access.xml

<?xml version="1.0" encoding="UTF-8"?>
<restrict>
    <remote>
        <host>127.0.0.1</host>
        <host>localhost</host>
        <host>10.0.0.0/16</host>
    </remote>
    <deny>
        <mbean>
            <name>com.sun.management:type=DiagnosticCommand</name>
            <attribute>*</attribute>
            <operation>*</operation>
        </mbean>
        <mbean>
            <name>com.sun.management:type=HotSpotDiagnostic</name>
            <attribute>*</attribute>
            <operation>*</operation>
        </mbean>
    </deny>
</restrict>
Ivalo Pajumets
  • 437
  • 6
  • 11
  • My guess is if this was an ActiveMQ problem then everyone (or at least a significant percentage of folks) running ActiveMQ in Docker would be having this problem and I don't think that's the case. Have you seen https://stackoverflow.com/questions/40214617/docker-no-route-to-host? I'm no Docker expert, but it looks similar to your problem. – Justin Bertram Apr 12 '21 at 14:54
  • @JustinBertram ActiveMQ is not running in Docker, it's installed natively on Ubuntu 20.04. – Ivalo Pajumets Apr 13 '21 at 05:20
  • Is `10.0.1.195` the internal ip of the container issued by docker? Show the results of `docker inspect ` and `docker inspect `. Is `10.0.0.0/16` a valid address for `jolokia-access.xml? Should it be the local address of the interface(s) itself rather than a subnet? – yomateo Apr 13 '21 at 07:53
  • @yomateo `10.0.1.195` is the internal IP of the ActiveMQ host. All the managers, workers, InfluxDB, ActiveMQ etc.. live inside the same VPC and subnets. `10.0.0.0/16` is a valid address for jolokia-access.xml. You can find it here: https://jolokia.org/reference/html/security.html – Ivalo Pajumets Apr 13 '21 at 08:11

0 Answers0