Hi, I'm a new ActiveMQ user (ActiveMQ 5.4.0 on Ubuntu Lucid Lynx) and have been trying to lock-down/secure an ActiveMQ instance for this entire afternoon without really getting anywhere appreciable. I was hoping someone here could help me.
Specifically, what I want is for ActiveMQ to: 1) Bind all administrative and miscellaneous sockets to localhost.</li> 2) Bind only the STOMP transport to a private network.</li> I've achieved #2, but #1 really elludes me badly. The bindings of my ActiveMQ server currently look like this, according to netstat: -----SNIP----- Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp6 0 0 10.179.68.234:61617 :::* LISTEN 5119/java tcp6 0 0 :::33689 :::* LISTEN 5119/java tcp6 0 0 :::11099 :::* LISTEN 5119/java tcp6 0 0 :::11100 :::* LISTEN 5119/java -----SNIP----- As you can see, the transport binding (port 61617) is correctly on the private network; but the other three are wildcard bindings that I really want turned into localhost bindings, but I cannot for the life of me figure out how to do it. The command-line that ActiveMQ is currently executed as is: -----SNIP----- /usr/bin/java -Xms256M -Xmx256M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties -Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=127.0.0.1 -Dactivemq.classpath=/opt/apache-activemq-5.4.0/conf; -Dactivemq.home=/opt/apache-activemq-5.4.0 -Dactivemq.base=/opt/apache-activemq-5.4.0 -jar /opt/apache-activemq-5.4.0/bin/run.jar xbean:file:/etc/activemq.xml -----SNIP----- ... and my /etc/activemq.xml file looks like this (comments trimmed out): -----SNIP----- <beans xmlns="http://www.springframework.org/schema/beans"; xmlns:amq="http://activemq.apache.org/schema/core"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://activemq.apache.org/schema/core http://activemq.apache.org/schema/core/activemq-core.xsd";> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> <property name="locations"> <value>file:${activemq.base}/conf/credentials.properties</value> </property> </bean> <broker xmlns="http://activemq.apache.org/schema/core"; brokerName="localhost" dataDirectory="${activemq.base}/data" persistent="false" useJmx="true"> <destinationPolicy> <policyMap> <policyEntries> <policyEntry topic=">" producerFlowControl="false"> <pendingSubscriberPolicy> <vmCursor /> </pendingSubscriberPolicy> </policyEntry> <policyEntry queue=">" producerFlowControl="false"> </policyEntry> </policyEntries> </policyMap> </destinationPolicy> <managementContext> <managementContext connectorPort="11099" jmxDomainName="org.apache.activemq" rmiServerPort="11100"/> </managementContext> <persistenceAdapter> <kahaDB directory="${activemq.base}/data/kahadb"/> </persistenceAdapter> <transportConnectors> <transportConnector name="stomp" uri="stomp://10.179.68.234:61617?transport.closeAsync=false"/> </transportConnectors> </broker> </beans> -----SNIP----- I am reasonably certain that the "extra" ports (i.e. ports 33689, 11099, and 11100 in the above netstat output) are due to jmx/rmi but I cannot for the life of me figure out how to secure them by forcing them to bind localhost instead of binding to the wildcard address. Can anyone point me in the right direction as to how to achieve this, please? Thanks. -- View this message in context: http://old.nabble.com/Bind-only-to-localhost-private-network-tp29526752p29526752.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
