JConsole 通过 ssh 本地端口转发 [英] JConsole over ssh local port forwarding

问题描述

我希望能够远程连接到公开了 JMX 的 Java 服务，但它被防火墙阻止.我尝试使用 ssh 本地端口转发，但是连接失败.看wireshark，好像是jconsole尝试连接的时候，连接到9999端口后想通过一些临时端口连接，被防火墙屏蔽了.

I'd like to be able to remotely connect to a Java service that has JMX exposed, however it is blocked by a firewall. I have tried to use ssh local port forwarding, however the connection fails. Looking at wireshark, it appears that when you try to connect with jconsole, it wants to connect via some ephemeral ports after connecting to port 9999, which are blocked by the firewall.

有没有办法让 jconsole 只通过 9999 连接或使用代理?这篇文章仍然是最佳解决方案吗?或者，我错过了什么?

Is there any way to make jconsole only connect through 9999 or use a proxy? Is this article still the best solution? Or, am I missing something?

推荐答案

有没有办法让 jconsole 只通过 9999 连接或使用代理?这篇文章仍然是最佳解决方案?或者，我错过了什么?

Is there any way to make jconsole only connect through 9999 or use a proxy? Is this article still the best solution? Or, am I missing something?

是的，那篇文章是对的.

Yes, that article is about right.

当您在服务器上指定 JMX 端口时 (-Dcom.sun.management.jmxremote.port=####)，您实际上是在指定只是应用程序的注册端口.当您连接时，它会提供一个额外的服务器端口，jconsole 实际上使用它来完成所有工作.要转发工作，您需要知道注册表和服务器端口.

When you specify the JMX port on your server (-Dcom.sun.management.jmxremote.port=####), you are actually specifying just the registry-port for the application. When you connect it provides an additional server-port that the jconsole actually does all of its work with. To get forwarded to work, you need to know both the registry and server ports.

以下内容应该可以在注册表和服务器端口都设置为 8000 的情况下运行您的应用程序.请参阅 此处了解更多详情.

Something like the following should work to run your application with both the registry and server ports set to 8000. See here for more details.

-Dcom.sun.management.jmxremote.port=8000
-Dcom.sun.management.jmxremote.rmi.port=8000
-Djava.rmi.server.hostname=127.0.0.1

顺便说一句，我的SimpleJMX 库 允许您轻松设置两个端口，您可以设置它们两者都是同一个端口.

As an aside, my SimpleJMX library allows you to set both ports easily and you can set them both to be the same port.

因此，一旦您知道需要转发的端口，您就可以设置您的 ssh 命令.例如，如果您将注册表和服务器端口配置为 8000，您将:

So, once you know both the port(s) you need to forward, you can set up your ssh command. For example, if you configure the registry and server ports as 8000, you would do:

ssh -L 8000:localhost:8000 remote-host

这会创建一个本地端口 8000，它转发到远程主机上的 localhost:8000.如果需要转发多个端口，可以指定多个 -L 参数.然后你可以将你的 jconsole 连接到 localhost:8000，它会适当地连接到远程主机.

This creates a local port 8000 which forwards to localhost:8000 on the remote-host. You can specify multiple -L arguments if you need to forward multiple ports. Then you can connect your jconsole to localhost:8000 and it will connect to the remote-host appropriately.

此外，如果您的服务器有多个接口，您可能需要设置 java.rmi.server.hostname 变量以绑定到正确的接口.

Also, if your server has multiple interfaces, you may need to set the java.rmi.server.hostname variable to bind to the right interface.

-Djava.rmi.server.hostname=10.1.2.3

这篇关于JConsole 通过 ssh 本地端口转发的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！