如何在ActiveMQ中使用防火墙? [英] How to use firewall with ActiveMQ?
问题描述
我在运行 Zookeeper
和 ActiveMQ
的 3个虚拟机中配置了此端口
root @ mom3:〜#ufw status verbose
Status:active
Logging:on(low )
默认值:拒绝(传入),允许(传出),禁用(路由)
新配置文件:跳过
从
执行操作----- -----
22允许在任何地方
2881允许在任何地方
2888允许在任何地方
3888允许在任何地方
61616允许在任何地方
61617允许进入任何地方(v6)
2881(v6)允许进入任何地方(v6)
2888(v6)允许进入任何地方(v6)
3888(v6)允许在任何地方(v6)
61616(v6)允许在任何地方(v6)
61617(v6)允许在任何地方(v6)
何时我尝试启动 ActiveMQ
,它会得到一个随机端口来使用它:
信息|主人开始:tcp://mom1.company.com:37649
警告|
WARN |存储更新,等待1个副本上,以赶上日志位置0。
WARN |存储更新,等待1个副本上,以赶上日志位置0。存储更新,等待1个副本以赶上日志位置0。
但是当我禁用时我的防火墙, ActiveMQ
通常从开始。
如何我可以每次使用相同的端口来在防火墙中创建新规则吗?
编辑
基于@ Daniel的建议,这是我对 activemq.xml
文件的配置。
< ; persistenceAdapter>
< replicatedLevelDB
目录= $ {activemq.data} / leveldb
复制副本= 3
bind = tcp://0.0.0.0:0:61616
zkAddress = mom1.company.com:2881,mom2.company.com:2881,mom3.company.com:2881
zkPassword =密码
zkPath = / activemq / leveldb-stores
hostname = mom3.company
/>
< / persistenceAdapter>
...
< transportConnectors>
< ;!-DOS保护,将并发连接限制为1000,帧大小限制为100MB->
< transportConnector name = openwire uri = tcp://0.0.0.0:61616?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< transportConnector name = amqp uri = amqp://0.0.0.0:5672?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< transportConnector name = stomp uri = stomp://0.0.0.0:61613?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< transportConnector name = mqtt uri = mqtt://0.0.0.0:1883?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< transportConnector name = ws uri = ws://0.0.0.0:61614?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< transportConnector name = ssl uri = ssl://0.0.0.0:61617?maximumConnections = 1000& amp; wireFormat.maxFrameSize = 104857600 />
< / transportConnectors>
由于您正在写有关动物园管理员的文章,所以我隐约记得当我使用主/从复制的levelDB安装程序时,此日志行将继续,并假定您也在使用一个。如果确实如此,那么您看到的端口就是主服务器启动的绑定端口,客户端可以将其附加到客户端并开始复制数据。可以使用copyedLevelDB部分中的bind参数在您的代理XML配置中轻松配置此端口,例如
< broker brokerName =经纪人 ...>
...
< persistenceAdapter>
< replicatedLevelDB
目录= activemq-data
复制副本= 3
bind = tcp://0.0.0.0:< myDesiredPort>
zkAddress = zoo1.example.org:2181,zoo2.example.org:2181,zoo3.example.org:2181
zkPassword =密码
zkPath = / activemq / leveldb-stores
hostname = broker1.example.org
/>
< / persistenceAdapter>
...
< / broker>然后,
将始终对绑定端口使用 myDesiredPort。因为通常在没有设置此参数的情况下,默认端口是61619,所以您现在可能已经配置了此元素,但是使用bind = tcp://0.0.0.0:0动态选择一个。有关复制的levelDB的更多说明和可用参数的完整列表,请参见文档
希望这可以解决您的问题,但如果不是您的设置,请在您的问题中添加Broker配置,这将使您更容易找到实际的罪魁祸首。 / p>
I have this ports configured in my 3 virtual machines running Zookeeper
and ActiveMQ
.
root@mom3:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
2881 ALLOW IN Anywhere
2888 ALLOW IN Anywhere
3888 ALLOW IN Anywhere
61616 ALLOW IN Anywhere
61617 ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
2881 (v6) ALLOW IN Anywhere (v6)
2888 (v6) ALLOW IN Anywhere (v6)
3888 (v6) ALLOW IN Anywhere (v6)
61616 (v6) ALLOW IN Anywhere (v6)
61617 (v6) ALLOW IN Anywhere (v6)
When I tried to start ActiveMQ
, it gets a random port to use it:
INFO | Master started: tcp://mom1.company.com:37649
WARN | Store update waiting on 1 replica(s) to catch up to log position 0.
WARN | Store update waiting on 1 replica(s) to catch up to log position 0.
WARN | Store update waiting on 1 replica(s) to catch up to log position 0.
But when I disable my firewall, ActiveMQ
start normally.
How can I use the same port every time, in order to create a new rule in my firewall ?
EDIT
Based on @Daniel's suggestion this is my configuration for activemq.xml
file.
<persistenceAdapter>
<replicatedLevelDB
directory="${activemq.data}/leveldb"
replicas="3"
bind="tcp://0.0.0.0:0:61616"
zkAddress="mom1.company.com:2881,mom2.company.com:2881,mom3.company.com:2881"
zkPassword="password"
zkPath="/activemq/leveldb-stores"
hostname="mom3.company"
/>
</persistenceAdapter>
...
<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?maximumConnections=1000&wireFormat.maxFrameSize=104857600"/>
</transportConnectors>
Since you are writting about a zookeeper and I vaguelly rememeber this log line from when I was working with a master/slave replicated levelDB Setup I'll go ahead and assume you are also using one. If this is indeed the case then the port you are seeing there is the "bind" port the master starts up for clients to attach themselves to and start replicating data. This port can easily be configured in your brokers XML configuration using the bind parameter in the replicatedLevelDB section, for example
<broker brokerName="broker" ... >
...
<persistenceAdapter>
<replicatedLevelDB
directory="activemq-data"
replicas="3"
bind="tcp://0.0.0.0:<myDesiredPort>"
zkAddress="zoo1.example.org:2181,zoo2.example.org:2181,zoo3.example.org:2181"
zkPassword="password"
zkPath="/activemq/leveldb-stores"
hostname="broker1.example.org"
/>
</persistenceAdapter>
...
</broker>
will then always use "myDesiredPort" for the bind port. Since normally 61619 is the default port when this parameter is not set at all you probably already have this element configured right now, however with bind="tcp://0.0.0.0:0" which dynamically choses one. For more explanation and a full list of available parameters for the replicated levelDB see the documentation
Hope this solves your Problem, if this is however not your setup please add your Broker configuration to your question this will make it easier to find the actual culprit without guessing.
这篇关于如何在ActiveMQ中使用防火墙?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!