Differences
This shows you the differences between two versions of the page.
— |
linux_wiki:activemq [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Activemq ====== | ||
+ | |||
+ | **General Information** | ||
+ | |||
+ | ActiveMQ messaging server with amqp+ssl transport connector for an AWS like messaging protocol. | ||
+ | |||
+ | Official Site: http:// | ||
+ | |||
+ | **Checklist** | ||
+ | * Distro(s): CentOS 7 | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Install ====== | ||
+ | |||
+ | Installing ActiveMQ. | ||
+ | |||
+ | * Install Java pre-req.< | ||
+ | * Install ActiveMQ tarball into /opt/ (5.15.3 example)< | ||
+ | tar -zxvf apache-activemq-5.14.3-bin.tar.gz -C / | ||
+ | * Symlink for a version agnostic path (5.15.3 example)< | ||
+ | * Service file | ||
+ | * CentOS 7: Create systemd service file< | ||
+ | |||
+ | [Unit] | ||
+ | Description=activemq message queue | ||
+ | After=network.target | ||
+ | [Service] | ||
+ | PIDFile=/ | ||
+ | ExecStart=/ | ||
+ | ExecStop=/ | ||
+ | User=root | ||
+ | Group=root | ||
+ | [Install] | ||
+ | WantedBy=multi-user.target</ | ||
+ | * Reload systemd daemon< | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Configure ====== | ||
+ | |||
+ | Configuring ActiveMQ. | ||
+ | |||
+ | * Update admin and user passwords< | ||
+ | * Edit transport connectors to use ssl (amqp+ssl), comment out/delete all unused transports< | ||
+ | |||
+ | < | ||
+ | |||
+ | < | ||
+ | |||
+ | </ | ||
+ | * Append SSL options to environment file< | ||
+ | * HTTPS on the web console< | ||
+ | |||
+ | <bean id=" | ||
+ | < | ||
+ | < | ||
+ | <bean id=" | ||
+ | |||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | < | ||
+ | </ | ||
+ | * After verifying above https works, disable (comment out or delete) http web console Connector< | ||
+ | |||
+ | <!-- <bean id=" | ||
+ | < | ||
+ | < | ||
+ | < | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ====== Verify ====== | ||
+ | |||
+ | Verify the above configured settings. | ||
+ | |||
+ | Web console | ||
+ | * https:// | ||
+ | * Check protocols and ciphers< | ||
+ | * Ensure **insecure web portal is not reachable** via: http:// | ||
+ | |||
+ | Transport | ||
+ | * Check secure transport port< | ||
+ | |||
+ | sslscan --no-failed ip.address.goes.here: | ||
+ | * Ensure **insecure transport port is not** reachable< | ||
+ | |||
+ | ---- | ||