This is an automated email from the ASF dual-hosted git repository.
jbertram pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new e6cd1d5d2f NO-JIRA clarify new Jolokia security in versions.adoc
new bda594e010 This closes #5612
e6cd1d5d2f is described below
commit e6cd1d5d2f8fa029458dd05d8f281b922c4369ec
Author: carlitros900 <[email protected]>
AuthorDate: Mon Apr 7 21:31:36 2025 +0200
NO-JIRA clarify new Jolokia security in versions.adoc
Document that behind a web server proxy that transforms https into http
the new web console is show empty. This can be solved changing the proxy
or using a new jolokia parameter
https://github.com/jolokia/jolokia/issues/731
---
docs/user-manual/versions.adoc | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/docs/user-manual/versions.adoc b/docs/user-manual/versions.adoc
index 652f55e42a..118f39a9a6 100644
--- a/docs/user-manual/versions.adoc
+++ b/docs/user-manual/versions.adoc
@@ -36,6 +36,11 @@ From a user's perspective the main change is that the
prominently featured "tree
The categorized resource tabs which were available previously are now the main
and recommended way to interact with the broker.
These tabs offer a paged view which is filterable and sortable and scales well
for resource heavy use-cases.
+
+It's also worth noting that any request with an origin header using the
`https` scheme which is ultimately received by Jolokia via HTTP is now
discarded by default since it is deemed insecure.
+If you use a TLS proxy that transforms secure requests to insecure requests
(e.g. in a Kubernetes environment) then consider changing the proxy to preserve
HTTPS and switching the xref:embedded-web-server.adoc[embedded web server] to
HTTPS.
+If that isn't feasible then you can accept the risk by adding
`<ignore-scheme/>` to `etc/jolokia-access.xml`.
+See the https://jolokia.org/reference/html/manual/security.html[Jolokia
documentation] for more details.
++
The behavior and presentation should be more consistent overall, and anything
that was possible before should still be possible since the underlying
management API has not changed.
+
In order to upgrade an existing instance of 2.39.0 to 2.40.0 you can use the
xref:upgrading.adoc#upgrading-tool[`upgrade` command] which will *automatically
perform* all the changes or you can make the following changes manually:
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact
