如何在ActiveMQ中使用防火墙？ [英] How to use firewall with ActiveMQ?

查看：139 发布时间：2020/6/1 19:21:43 activemq firewall apache-zookeeper

本文介绍了如何在ActiveMQ中使用防火墙？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我在运行 Zookeeper 和 ActiveMQ 的 3个虚拟机中配置了此端口

  root @ mom3：〜＃ufw status verbose 
 Status：active 
 Logging：on（low ）
默认值：拒绝（传入），允许（传出），禁用（路由）
新配置文件：跳过
 
从
执行操作----- ----- 
 22允许在任何地方
 2881允许在任何地方
 2888允许在任何地方
 3888允许在任何地方
 61616允许在任何地方
 61617允许进入任何地方（v6）
 2881（v6）允许进入任何地方（v6）
 2888（v6）允许进入任何地方（v6）
 3888（v6）允许在任何地方（v6）
 61616（v6）允许在任何地方（v6）
 61617（v6）允许在任何地方（v6）

何时我尝试启动 ActiveMQ ，它会得到一个随机端口来使用它：

 信息|主人开始：tcp：//mom1.company.com：37649 
警告| 
 WARN |存储更新，等待1个副本上，以赶上日志位置0。 
 WARN |存储更新，等待1个副本上，以赶上日志位置0。存储更新，等待1个副本以赶上日志位置0。

但是当我禁用时我的防火墙， ActiveMQ 通常从开始。

如何我可以每次使用相同的端口来在防火墙中创建新规则吗？

编辑
基于@ Daniel的建议，这是我对 activemq.xml 文件的配置。

 < ; persistenceAdapter> 
< replicatedLevelDB 
目录= $ {activemq.data} / leveldb 
复制副本= 3 
 bind = tcp：//0.0.0.0：0：61616  
 zkAddress = mom1.company.com:2881,mom2.company.com:2881,mom3.company.com:2881 
 zkPassword =密码 
 zkPath = / activemq / leveldb-stores 
 hostname = mom3.company 
 /> 
< / persistenceAdapter> 
 
 ... 
< transportConnectors> 
< ;!-DOS保护，将并发连接限制为1000，帧大小限制为100MB-> 
< transportConnector name = openwire uri = tcp：//0.0.0.0：61616？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< transportConnector name = amqp uri = amqp：//0.0.0.0：5672？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< transportConnector name = stomp uri = stomp：//0.0.0.0：61613？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< transportConnector name = mqtt uri = mqtt：//0.0.0.0：1883？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< transportConnector name = ws uri = ws：//0.0.0.0：61614？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< transportConnector name = ssl uri = ssl：//0.0.0.0：61617？maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 /> 
< / transportConnectors>

解决方案

由于您正在写有关动物园管理员的文章，所以我隐约记得当我使用主/从复制的levelDB安装程序时，此日志行将继续，并假定您也在使用一个。如果确实如此，那么您看到的端口就是主服务器启动的绑定端口，客户端可以将其附加到客户端并开始复制数据。可以使用copyedLevelDB部分中的bind参数在您的代理XML配置中轻松配置此端口，例如

 < broker brokerName =经纪人 ...> 
 ... 
< persistenceAdapter> 
< replicatedLevelDB 
目录= activemq-data 
复制副本= 3 
 bind = tcp：//0.0.0.0：< myDesiredPort> 
 zkAddress = zoo1.example.org:2181,zoo2.example.org:2181,zoo3.example.org:2181 
 zkPassword =密码 
 zkPath = / activemq / leveldb-stores 
 hostname = broker1.example.org 
 /> 
< / persistenceAdapter> 
 ... 
< / broker>然后，

将始终对绑定端口使用 myDesiredPort。因为通常在没有设置此参数的情况下，默认端口是61619，所以您现在可能已经配置了此元素，但是使用bind = tcp：//0.0.0.0：0动态选择一个。有关复制的levelDB的更多说明和可用参数的完整列表，请参见文档

希望这可以解决您的问题，但如果不是您的设置，请在您的问题中添加Broker配置，这将使您更容易找到实际的罪魁祸首。 / p>

I have this ports configured in my 3 virtual machines running Zookeeper and ActiveMQ.

root@mom3:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
2881                       ALLOW IN    Anywhere
2888                       ALLOW IN    Anywhere
3888                       ALLOW IN    Anywhere
61616                      ALLOW IN    Anywhere
61617                      ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
2881 (v6)                  ALLOW IN    Anywhere (v6)
2888 (v6)                  ALLOW IN    Anywhere (v6)
3888 (v6)                  ALLOW IN    Anywhere (v6)
61616 (v6)                 ALLOW IN    Anywhere (v6)
61617 (v6)                 ALLOW IN    Anywhere (v6)

When I tried to start ActiveMQ, it gets a random port to use it:

 INFO | Master started: tcp://mom1.company.com:37649
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0. 
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0. 
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0.

But when I disable my firewall, ActiveMQ start normally.

How can I use the same port every time, in order to create a new rule in my firewall ?

EDIT Based on @Daniel's suggestion this is my configuration for activemq.xml file.

<persistenceAdapter>
    <replicatedLevelDB
        directory="${activemq.data}/leveldb"
        replicas="3"
        bind="tcp://0.0.0.0:0:61616"
        zkAddress="mom1.company.com:2881,mom2.company.com:2881,mom3.company.com:2881"
        zkPassword="password"
        zkPath="/activemq/leveldb-stores"
        hostname="mom3.company"
    />
</persistenceAdapter>

...
<transportConnectors>
    <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
    <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>

解决方案

Since you are writting about a zookeeper and I vaguelly rememeber this log line from when I was working with a master/slave replicated levelDB Setup I'll go ahead and assume you are also using one. If this is indeed the case then the port you are seeing there is the "bind" port the master starts up for clients to attach themselves to and start replicating data. This port can easily be configured in your brokers XML configuration using the bind parameter in the replicatedLevelDB section, for example

<broker brokerName="broker" ... >
  ...
  <persistenceAdapter>
    <replicatedLevelDB
      directory="activemq-data"
      replicas="3"
      bind="tcp://0.0.0.0:<myDesiredPort>"
      zkAddress="zoo1.example.org:2181,zoo2.example.org:2181,zoo3.example.org:2181"
      zkPassword="password"
      zkPath="/activemq/leveldb-stores"
      hostname="broker1.example.org"
      />
  </persistenceAdapter>
  ...
</broker>

will then always use "myDesiredPort" for the bind port. Since normally 61619 is the default port when this parameter is not set at all you probably already have this element configured right now, however with bind="tcp://0.0.0.0:0" which dynamically choses one. For more explanation and a full list of available parameters for the replicated levelDB see the documentation

Hope this solves your Problem, if this is however not your setup please add your Broker configuration to your question this will make it easier to find the actual culprit without guessing.

这篇关于如何在ActiveMQ中使用防火墙？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何在ActiveMQ中使用防火墙？ [英] How to use firewall with ActiveMQ?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录关闭

如何在ActiveMQ中使用防火墙？ [英] How to use firewall with ActiveMQ?

问题描述

相关文章

其他开发最新文章

热门教程

热门工具

登录 关闭

登录关闭