Embedded Web Server
Apache ActiveMQ Artemis embeds the Jetty web server. Its main purpose is to host the Management Console. However, it can also host other web applications like the REST interface or even Spring-based web applications (e.g. using Camel).
Configuration
The embedded Jetty instance is configured in etc/bootstrap.xml
via the web
element, e.g.:
<web path="web">
<binding uri="http://localhost:8161">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</binding>
</web>
The web
element has the following attributes:
path
The name of the subdirectory in which to find the web application archives (i.e. WAR files). This is a subdirectory of the broker's home or instance directory.customizer
The name of customizer class to load.
The web
element should contain at least one binding
element to configure how
clients can connect to the web-server. A binding
element has the following
attributes:
uri
The protocol to use (i.e.http
orhttps
) as well as the host and port on which to listen. This attribute is required.clientAuth
Whether or not clients should present an SSL certificate when they connect. Only applicable when usinghttps
.passwordCodec
The custom coded to use for unmasking thekeystorePassword
andtrustStorePassword
.keyStorePath
The location on disk of the keystore. Only applicable when usinghttps
.keyStorePassword
The password to the keystore. Only applicable when usinghttps
. Can be masked usingENC()
syntax or by definingpasswordCodec
. See more in the password masking chapter.trustStorePath
The location on disk for the truststore. Only applicable when usinghttps
.trustStorePassword
The password to the truststore. Only applicable when usinghttps
. Can be masked usingENC()
syntax or by definingpasswordCodec
. See more in the password masking chapter.includedTLSProtocols
A comma seperated list of included TLS protocols, ie"TLSv1,TLSv1.1,TLSv1.2"
. Only applicable when usinghttps
.excludedTLSProtocols
A comma seperated list of excluded TLS protocols, ie"TLSv1,TLSv1.1,TLSv1.2"
. Only applicable when usinghttps
.includedCipherSuites
A comma seperated list of included cipher suites. Only applicable when usinghttps
.excludedCipherSuites
A comma seperated list of excluded cipher suites. Only applicable when usinghttps
.
Each web application should be defined in an app
element inside an binding
element.
The app
element has the following attributes:
url
The context to use for the web application.war
The name of the web application archive on disk.
It's also possible to configure HTTP/S request logging via the request-log
element which has the following attributes:
filename
The full path of the request log. This attribute is required.append
Whether or not to append to the existing log or truncate it. Boolean flag.extended
Whether or not to use the extended request log format. Boolean flag.logCookies
Logging of the request cookies. Boolean flag.logTimeZone
The output file name of the request log.filenameDateFormat
The log file name date format.retainDays
The number of days before rotated log files are deleted.ignorePaths
Request paths that will not be logged. Comma delimited list.logDateFormat
The timestamp format string for request log entries.logLocale
The locale of the request log.logLatency
Logging of request processing time. Boolean flag.logServer
Logging of the request hostname. Boolean flag.preferProxiedForAddress
Whether the actual IP address of the connection or the IP address from theX-Forwarded-For
header will be logged. Boolean flag.
These attributes are essentially passed straight through to the underlying
org.eclipse.jetty.server.NCSARequestLog
instance. Default values are based on this implementation.
Here is an example configuration:
<web path="web">
<binding uri="http://localhost:8161">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</binding>
<request-log filename="${artemis.instance}/log/http-access-yyyy_MM_dd.log" append="true" extended="true"/>
</web>
Proxy Forwarding
The proxies and load balancers usually support X-Forwarded
headers
to send information altered or lost when a proxy is involved
in the path of the request. Jetty supports the ForwardedRequestCustomizer
customizer to handle X-Forwarded
headers.
Set the customizer
attribute via the web
element to enable the ForwardedRequestCustomizer
customizer, ie:
<web path="web" customizer="org.eclipse.jetty.server.ForwardedRequestCustomizer">
<binding uri="http://localhost:8161">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</binding>
</web>