Jolokia: Difference between revisions

From Open-Xchange
(markup stuff)
Line 44: Line 44:
This is by default set through the use of <code>com.openexchange.jolokia.restrict.to.localhost = true</code> and can be changed by either setting it to <code>false</code> or providing a <code>jolokia-access.xml</code> inside <code>/opt/open-xchange/etc/</code>
This is by default set through the use of <code>com.openexchange.jolokia.restrict.to.localhost = true</code> and can be changed by either setting it to <code>false</code> or providing a <code>jolokia-access.xml</code> inside <code>/opt/open-xchange/etc/</code>


for further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable.
For further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable.


=== Jolokia with Grizzly ===
=== Jolokia with Grizzly ===

Revision as of 14:15, 25 September 2013

How to interact with Jolokia for Open-Xchange

Open-Xchange does support Jolokia as a remote JMX-Bridge over HTTP.

By Version 7.4.0 ongoing, it is located inside Open-Xchange Bundle and configured by jolokia.properties

Additional information can be found at http://www.jolokia.org/ .

jolokia.properties

Key Default value Comment
com.openexchange.jolokia.start false start switch for jolokia
com.openexchange.jolokia.servlet.name /monitoring/jolokia Under what servlet name jolokia will be published, please bear in mind that this should not be forwarded by apache and kept internal
com.openexchange.jolokia.user User used for authentication with HTTP Basic Authentication. If not given, Jolokia will not start!
com.openexchange.jolokia.password Password used for authentification, if not set "secret" is used.
com.openexchange.jolokia.restrict.to.localhost true This setting will restrict jolokia access to localhost. It is completly ignored when a jolokia-access.xml is present

Keep in mind that Jolokia will not start unless you set com.openexchange.jolokia.start = true , com.openexchange.jolokia.user = yourUser and to com.openexchange.jolokia.password = yourPassword.

When using Munin-Scripts with Jolokia, this user and password also need to be changed.

Things to mention about Jolokia

As Jolokia represents a JMX-Interface it is highly recommended not to forward it to the internet!

This is by default set through the use of com.openexchange.jolokia.restrict.to.localhost = true and can be changed by either setting it to false or providing a jolokia-access.xml inside /opt/open-xchange/etc/

For further information how to setup this file, http://www.jolokia.org/reference/html/security.html is a good start as all those settings are usable.

Jolokia with Grizzly

When using Grizzly, you can connect to jolokia directly with the servers address, e.g.: http://oxserver1:8009/monitoring/jolokia

Jolokia with AJP

When using AJP, you need to enable forwarding for each server, keep in mind that those should be only accessable inside your intranet.

An Apache proxy_ajp.conf could look like this:

   <Location /internal>
       # restrict access to internal
       Order Deny,Allow
       Deny from all
       Allow from 127.0.0.1
       # you might add more ip addresses / networks here 
       # if the apache is not on the same machine as the OX-server 
       # Allow from 192.168 10 172.16
   </Location>
   ...
   <Proxy /internal/ox1/monitoring>
       ProxyPass ajp://oxhost1:8009/monitoring
   </Proxy>
   ...

Jolokia on oxhost1 is accessable by http://apacheaddress/internal/ox1/monitoring/jolokia.