使用 HTTPS REST 设置 ActiveMQ [英] Setting up ActiveMQ with HTTPS REST
问题描述
通过关注 https://activemq.apache.org/rest.html,我'我能够通过 REST API 推送消息(例如 curl -u admin:admin -d "body=message" http://localhost:8161/api/message/TEST?type=queue
有效,我可以在管理控制台中看到)但是,我希望能够使用 HTTPS.我找到了 https://activemq.apache.org/http-and-https-transports-reference.html 和 http://troyjsd.blogspot.co.uk/2013/06/activemq-https.html 但无法使其工作.基于这两个过时/不完整的链接:
By following https://activemq.apache.org/rest.html, I'm able to push messages via the REST API (e.g. curl -u admin:admin -d "body=message" http://localhost:8161/api/message/TEST?type=queue
works, and I can see in the admin console) However, I'd like to be able to use HTTPS. I found https://activemq.apache.org/http-and-https-transports-reference.html and http://troyjsd.blogspot.co.uk/2013/06/activemq-https.html but couldn't manage to make it work. Based on these two outdated/incomplete links:
- 我添加到 conf/activemq.xml
- 将自签名证书导入 JDK 密钥库(根据 http://troyjsd.blogspot.co.uk/2013/06/activemq-https.html)
- 将 xstream 和 httpclient jars 从 lib/optional 复制到 lib/(显然都在 ActiveMQ 目录下)
所以,
- 如何设置 ActiveMQ 以便它可以与 HTTPS REST 端点一起使用?
- 假设我做了第 1 步,我该如何测试它(类似上面的
curl
命令示例)?
- How can I set ActiveMQ so that it can be used with a HTTPS REST endpoint?
- Assuming I did step 1, how can I test it (a similar
curl
command example like the above)?
我使用 ActiveMQ 5.9.1 和 Mac OS 10.9.4
I use ActiveMQ 5.9.1 and Mac OS 10.9.4
推荐答案
取消注释 conf/jetty.xml 的以下部分.
Uncomment the following section of conf/jetty.xml.
<!--
Enable this connector if you wish to use https with web console
-->
<!--
<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
<property name="port" value="8162" />
<property name="keystore" value="file:${activemq.conf}/broker.ks" />
<property name="password" value="password" />
</bean>
-->
Jetty 不仅支持 WebConsole,还支持 ActiveMQ 中的所有 HTTP 内容.
Jetty powers not only the WebConsole, but all HTTP stuff in ActiveMQ.
它应该可以开箱即用进行测试,但您可能想要推出您自己的密钥库/证书以供实际使用.
It should work out of the box for testing, but you probably want to roll your own keystore/certificate for real use.
如果您提供不安全"标志 -k
,您可以像以前一样在端口 8162 和 HTTPS 上使用 curl.
You could use curl as before on port 8162 with HTTPS given you supply the "insecure" flag -k
.
否则,您需要以 pem 格式创建信任存储并提供它 - 请参阅 此 SO 了解详情.Curl 接受参数 --cacert
和您的证书或其中的颁发 CA.
Otherwise, you need to create a trust store in pem format and supply it - see this SO for details. Curl accept the argument --cacert <filename.pem>
with your certificate or issuing CA in it.
这篇关于使用 HTTPS REST 设置 ActiveMQ的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!