尽管代理 URL 为 0.0.0.0,ActiveMQ 远程连接仍被拒绝 [英] ActiveMQ remote connections refused despite 0.0.0.0 in broker URL
问题描述
我有一个 ActiveMQ v5.7.0 代理,在 Karaf v2.3.3 中运行,我想启用远程连接.我已将代理 URL 设置为 0.0.0.0:61616,以使其能够侦听网络流量.我已经打开防火墙以允许来自客户端计算机的流量.但是,所有远程连接都被拒绝.一个快速的 netstat 似乎告诉我代理没有在本地主机之外监听.
I have an ActiveMQ v5.7.0 broker, running in Karaf v2.3.3, that I want to enable for remote connections. I've set the broker URL to 0.0.0.0:61616, to enable it to listen to network traffic. I've opened the firewall to allow the traffic from the client machines. However, all remote connections are being refused. A quick netstat seems to tell me that the broker isn't listening outside of localhost.
jeremy@server:~$ netstat -pan | grep 61616
tcp6 0 0 127.0.0.1:61616 :::* LISTEN -
通过 Hawtio 查看代理告诉我 URL 看起来应该如此.
Looking at the broker via Hawtio tells me that the URL looks as it should.
Transport connectors Openwire: tcp://0.0.0.0:61616?maximumConnections=1000&wireformat.maxFrameSize=104857600
防火墙肯定没问题,因为连接被拒绝而不是被丢弃.
The firewall is definitely OK, as the connections are being refused rather than just being dropped.
代理正确响应来自本地主机的连接.
The broker is responding correctly to connections from localhost.
2013-10-14 17:34:29 Connected to localhost:61613
这是我从远程连接中得到的那种错误:-
This is the sort of error I get from remote connections:-
Error connecting to xxx.xxx.xxx.xxx:61613: IO::Socket::INET: connect: Connection refused at /usr/local/share/perl/5.14.2/Net/Stomp.pm line 102.
编辑:添加了 telnet 输出
EDIT: telnet output added
本地主机端口 61613
Localhost port 61613
jeremy@server:~$ telnet localhost 61613
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
远程连接端口 61613
Remote connection port 61613
jeremy@other-server:~$ telnet xxx.xxx.xxx.xxx 61613
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused
Localhost 连接端口 61616(这个很有意思)
Localhost connection port 61616 (this one is interesting)
jeremy@server:~$ telnet localhost 61616
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
ðActiveMQ Þ
MaxFrameSizÿÿÿ CacheSize
CacheEnabledSizePrefixDisabled MaxInactivityDurationInitalDelay'TcpNoDelayEnabledMaxInactivityDurationu0TightEncodingEnabledStackTraceEnabledPuTTYConnection closed by foreign host.
远程连接端口 61616
Remote connection port 61616
jeremy@other-server:~$ telnet xxx.xxx.xxx.xxx 61616
Trying xxx.xxx.xxx.xxx...
telnet: Unable to connect to remote host: Connection refused
EDIT:添加远程服务器 karaf 日志输出
EDIT: remote server karaf log output added
2013-10-15 19:00:46,599 | ERROR | c.event.invited] | faultJmsMessageListenerContainer | .DefaultMessageListenerContainer 909 | 69 - org.springframework.jms - 3.2.4.RELEASE | Could not refresh JMS Connection for destination 'Consumer.notifications.VirtualTopic.event.invited' - retrying in 5000 ms. Cause: Error while attempting to add new Connection to the pool; nested exception is javax.jms.JMSException: Could not connect to broker URL: tcp://xxx.xxx.xxx.xxx:61616. Reason: java.net.ConnectException: Connection refused
这是 broker.xml.
Here's the broker.xml.
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:cm="http://aries.apache.org/blueprint/xmlns/blueprint-cm/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
xmlns:amq="http://activemq.apache.org/schema/core">
<ext:property-placeholder />
<broker xmlns="http://activemq.apache.org/schema/core"
brokerName="jellyfish-messaging"
dataDirectory="${karaf.data}/activemq/localhost"
useShutdownHook="false"
persistent="true"
schedulerSupport="true"
startAsync="true">
<destinationPolicy>
<policyMap>
<policyEntries>
<policyEntry topic=">" producerFlowControl="true" memoryLimit="1mb">
<pendingSubscriberPolicy>
<vmCursor />
</pendingSubscriberPolicy>
</policyEntry>
<policyEntry queue=">" producerFlowControl="true" memoryLimit="1mb">
</policyEntry>
</policyEntries>
</policyMap>
</destinationPolicy>
<persistenceAdapter>
<kahaDB directory="${karaf.data}/activemq/localhost/kahadb"/>
</persistenceAdapter>
<systemUsage>
<systemUsage>
<memoryUsage>
<memoryUsage limit="64 mb"/>
</memoryUsage>
<storeUsage>
<storeUsage limit="100 gb"/>
</storeUsage>
<tempUsage>
<tempUsage limit="50 gb"/>
</tempUsage>
</systemUsage>
</systemUsage>
<!-- The transport connectors ActiveMQ will listen to -->
<transportConnectors>
<!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&wireformat.maxFrameSize=104857600"/>
<transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&wireformat.maxFrameSize=104857600"/>
</transportConnectors>
</broker>
<bean id="jmsConnectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<property name="brokerURL" value="tcp://0.0.0.0:61616" />
</bean>
<bean id="pooledConnectionFactory" class="org.apache.activemq.pool.PooledConnectionFactory">
<property name="maxConnections" value="8" />
<property name="maximumActive" value="500" />
<property name="connectionFactory" ref="jmsConnectionFactory" />
</bean>
<bean id="resourceManager" class="org.apache.activemq.pool.ActiveMQResourceManager" init-method="recoverResource">
<property name="transactionManager" ref="transactionManager" />
<property name="connectionFactory" ref="jmsConnectionFactory" />
<property name="resourceName" value="activemq.localhost" />
</bean>
<bean id="jmsConfig" class="org.apache.camel.component.jms.JmsConfiguration">
<property name="connectionFactory" ref="pooledConnectionFactory" />
<property name="transacted" value="false" />
<property name="concurrentConsumers" value="10" />
</bean>
<bean id="activemq" class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="configuration" ref="jmsConfig" />
</bean>
<reference id="transactionManager" interface="javax.transaction.TransactionManager" />
<service ref="pooledConnectionFactory" interface="javax.jms.ConnectionFactory">
<service-properties>
<entry key="name" value="localhost"/>
</service-properties>
</service>
</blueprint>
谁能告诉我我错过了什么?
Can anyone tell me what I'm missing?
谢谢,
J.
推荐答案
我已经解决了这个问题.这既不是防火墙的问题,也不是 ActiveMQ 配置的问题.
I've solved this. It was neither a problem with the firewall, nor with the ActiveMQ configuration.
定义 ActiveMQ 代理的 Karaf kar 文件包含 activemq-web-console 功能.我们没有使用过这个功能,因为我们是 Hawtio 的粉丝,所以从来没有配置过.
The Karaf kar file in which the ActiveMQ broker was defined included the activemq-web-console feature. We've not been using this feature, as we're fans of Hawtio, so had never configured it.
根据 这个博客发布后,控制台提供了默认设置,包括监听端口 61616.这意味着两个代理在启动时处于竞争状态,而 webconsole 定义的一个通常会获胜.由于默认情况下它没有配置为远程访问,它只锁定本地主机连接的端口.
As per this blog post, the console was coming up with default settings, including listening on port 61616. This meant that two brokers were in a race condition on start-up and the webconsole-defined one was generally winning. Since by default it isn't configured for remote access, it was locking the port for localhost connections only.
赠品是 Karaf 主目录中名为 ${activemq.data}(字面意思)的目录,其中包含第二个 Kahadb 存储库.我们所有的代理配置都设置为使用 data 目录,我们从未专门设置 ActiveMQ 环境变量,因此这导致我们寻找第二个代理可能来自哪里.
The giveaway was a directory called ${activemq.data} (literally) within the Karaf home directory, containing a second Kahadb repository. All of our broker config was set to use the data directory and we've never specifically set the ActiveMQ environment variables, so this led us to look for where a second broker might have come from.
如果我们在 Karaf 会话中完成 activemq:list 可能会更快地发现它,因为它列出了两个经纪人.
Might have spotted it more quickly had we done activemq:list inside a Karaf session, as it was listing two brokers.
简单的解决方案 - 从功能 XML 中删除 activemq-web-console.
Simple solution - delete activemq-web-console from the features XML.
这篇关于尽管代理 URL 为 0.0.0.0,ActiveMQ 远程连接仍被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
