Jolokia: Difference between revisions
(markup stuff) |
|||
Line 44: | Line 44: | ||
This is by default set through the use of <code>com.openexchange.jolokia.restrict.to.localhost = true</code> and can be changed by either setting it to <code>false</code> or providing a <code>jolokia-access.xml</code> inside <code>/opt/open-xchange/etc/</code> | This is by default set through the use of <code>com.openexchange.jolokia.restrict.to.localhost = true</code> and can be changed by either setting it to <code>false</code> or providing a <code>jolokia-access.xml</code> inside <code>/opt/open-xchange/etc/</code> | ||
For further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable. | |||
=== Jolokia with Grizzly === | === Jolokia with Grizzly === |
Revision as of 14:15, 25 September 2013
How to interact with Jolokia for Open-Xchange
Open-Xchange does support Jolokia as a remote JMX-Bridge over HTTP.
By Version 7.4.0 ongoing, it is located inside Open-Xchange Bundle and configured by jolokia.properties
Additional information can be found at http://www.jolokia.org/ .
jolokia.properties
Key | Default value | Comment |
---|---|---|
com.openexchange.jolokia.start | false | start switch for jolokia |
com.openexchange.jolokia.servlet.name | /monitoring/jolokia | Under what servlet name jolokia will be published, please bear in mind that this should not be forwarded by apache and kept internal |
com.openexchange.jolokia.user | User used for authentication with HTTP Basic Authentication. If not given, Jolokia will not start! | |
com.openexchange.jolokia.password | Password used for authentification, if not set "secret" is used. | |
com.openexchange.jolokia.restrict.to.localhost | true | This setting will restrict jolokia access to localhost. It is completly ignored when a jolokia-access.xml is present |
Keep in mind that Jolokia will not start unless you set com.openexchange.jolokia.start = true
, com.openexchange.jolokia.user = yourUser
and to com.openexchange.jolokia.password = yourPassword
.
When using Munin-Scripts with Jolokia, this user and password also need to be changed.
Things to mention about Jolokia
As Jolokia represents a JMX-Interface it is highly recommended not to forward it to the internet!
This is by default set through the use of com.openexchange.jolokia.restrict.to.localhost = true
and can be changed by either setting it to false
or providing a jolokia-access.xml
inside /opt/open-xchange/etc/
For further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable.
Jolokia with Grizzly
When using Grizzly, you can connect to jolokia directly with the servers address, e.g.: http://oxserver1:8009/monitoring/jolokia
Jolokia with AJP
When using AJP, you need to enable forwarding for each server, keep in mind that those should be only accessable inside your intranet.
An Apache proxy_ajp.conf could look like this:
<Location /internal>
# restrict access to internal
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
# you might add more ip addresses / networks here
# if the apache is not on the same machine as the OX-server
# Allow from 192.168 10 172.16
</Location>
...
<Proxy /internal/ox1/monitoring>
ProxyPass ajp://oxhost1:8009/monitoring
</Proxy>
...
Jolokia on oxhost1 is accessable by http://apacheaddress/internal/ox1/monitoring/jolokia
.