如何在 ActiveMQ 中使用防火墙? [英] How to use firewall with ActiveMQ?

问题描述

我在运行 Zookeeper 和 ActiveMQ 的 3 个虚拟机中配置了这个端口.

I have this ports configured in my 3 virtual machines running Zookeeper and ActiveMQ.

root@mom3:~# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22                         ALLOW IN    Anywhere
2881                       ALLOW IN    Anywhere
2888                       ALLOW IN    Anywhere
3888                       ALLOW IN    Anywhere
61616                      ALLOW IN    Anywhere
61617                      ALLOW IN    Anywhere
22 (v6)                    ALLOW IN    Anywhere (v6)
2881 (v6)                  ALLOW IN    Anywhere (v6)
2888 (v6)                  ALLOW IN    Anywhere (v6)
3888 (v6)                  ALLOW IN    Anywhere (v6)
61616 (v6)                 ALLOW IN    Anywhere (v6)
61617 (v6)                 ALLOW IN    Anywhere (v6)

当我尝试启动 ActiveMQ 时，它获得一个随机端口来使用它:

When I tried to start ActiveMQ, it gets a random port to use it:

 INFO | Master started: tcp://mom1.company.com:37649
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0. 
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0. 
 WARN | Store update waiting on 1 replica(s) to catch up to log position 0. 

但是当我禁用防火墙时，ActiveMQ正常启动.

But when I disable my firewall, ActiveMQ start normally.

如何每次都使用相同的端口，以便在我的防火墙中创建新规则?

How can I use the same port every time, in order to create a new rule in my firewall ?

编辑根据@Daniel 的建议，这是我对 activemq.xml 文件的配置.

EDIT Based on @Daniel's suggestion this is my configuration for activemq.xml file.

<persistenceAdapter>
    <replicatedLevelDB
        directory="${activemq.data}/leveldb"
        replicas="3"
        bind="tcp://0.0.0.0:0:61616"
        zkAddress="mom1.company.com:2881,mom2.company.com:2881,mom3.company.com:2881"
        zkPassword="password"
        zkPath="/activemq/leveldb-stores"
        hostname="mom3.company"
    />
</persistenceAdapter>

...
<transportConnectors>
    <!-- DOS protection, limit concurrent connections to 1000 and frame size to 100MB -->
    <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="amqp" uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="stomp" uri="stomp://0.0.0.0:61613?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="mqtt" uri="mqtt://0.0.0.0:1883?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="ws" uri="ws://0.0.0.0:61614?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
    <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600"/>
</transportConnectors>

推荐答案

因为你在写关于 Zookeeper 的文章，我模糊地记得当我使用主/从复制 levelDB 设置时的这条日志行，我会继续假设您也在使用一个.如果确实是这种情况，那么您看到的端口就是主服务器启动的绑定"端口，供客户端连接并开始复制数据.可以使用replicatedLevelDB 部分中的bind 参数在您的代理XML 配置中轻松配置此端口，例如

Since you are writting about a zookeeper and I vaguelly rememeber this log line from when I was working with a master/slave replicated levelDB Setup I'll go ahead and assume you are also using one. If this is indeed the case then the port you are seeing there is the "bind" port the master starts up for clients to attach themselves to and start replicating data. This port can easily be configured in your brokers XML configuration using the bind parameter in the replicatedLevelDB section, for example

<broker brokerName="broker" ... >
  ...
  <persistenceAdapter>
    <replicatedLevelDB
      directory="activemq-data"
      replicas="3"
      bind="tcp://0.0.0.0:<myDesiredPort>"
      zkAddress="zoo1.example.org:2181,zoo2.example.org:2181,zoo3.example.org:2181"
      zkPassword="password"
      zkPath="/activemq/leveldb-stores"
      hostname="broker1.example.org"
      />
  </persistenceAdapter>
  ...
</broker>

然后将始终使用myDesiredPort"作为绑定端口.由于通常情况下 61619 是完全未设置此参数时的默认端口，因此您现在可能已经配置了此元素，但是使用 bind="tcp://0.0.0.0:0" 动态选择一个.有关复制 levelDB 的更多解释和可用参数的完整列表，请参阅 文档

will then always use "myDesiredPort" for the bind port. Since normally 61619 is the default port when this parameter is not set at all you probably already have this element configured right now, however with bind="tcp://0.0.0.0:0" which dynamically choses one. For more explanation and a full list of available parameters for the replicated levelDB see the documentation

希望这能解决您的问题，如果这不是您的设置，请将您的 Broker 配置添加到您的问题中，这样可以更轻松地找到真正的罪魁祸首，而无需猜测.

Hope this solves your Problem, if this is however not your setup please add your Broker configuration to your question this will make it easier to find the actual culprit without guessing.

这篇关于如何在 ActiveMQ 中使用防火墙?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！