AMQ-9296: Add authentication support in docker images

2023-11-08 17:34:14 +01:00 · 2023-11-08 17:34:14 +01:00 · 398cdc6740
parent d23da10da8
commit 398cdc6740
4 changed files with 101 additions and 3 deletions
--- a/assembly/src/docker/Dockerfile
+++ b/assembly/src/docker/Dockerfile
@ -30,11 +30,14 @@ ENV ACTIVEMQ_OPTS $ACTIVEMQ_OPTS -Djetty.host=0.0.0.0
 # activemq_dist can point to a directory or a tarball on the local system
 ARG activemq_dist=NOT_SET
 COPY entrypoint.sh /usr/local/bin/entrypoint.sh
 # Install build dependencies and activemq
 ADD $activemq_dist $ACTIVEMQ_INSTALL_PATH
 RUN set -x && \
  cp -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* $ACTIVEMQ_HOME && \
 	rm -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-*
-EXPOSE 8161 61616 5672 61613 1883 61614
+EXPOSE 8161 61616 5672 61613 1883 61614 1099
 ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
 CMD ["activemq", "console"]
--- a/assembly/src/docker/README.md
+++ b/assembly/src/docker/README.md
@ -144,7 +144,8 @@ docker kill activemq
 ### Ports
-* ActiveMQ web console on `8161`
+* ActiveMQ WebConsole on `8161`
 * ActiveMQ JMX MBean server on `1099`
 * ActiveMQ tcp connector on `61616`
 * ActiveMQ AMQP connector on `5672`
 * ActiveMQ STOMP connector on `61613`
@ -152,3 +153,14 @@ docker kill activemq
 * ActiveMQ WS connector on `61614`
 Edit the `docker-compose.yml` file to edit port settings.
 ### Environment variables
 | Environment Variable | Description |
 |----------------------|-------------|
 | `ACTIVEMQ_CONNECTION_USER` | Username to access transport connector on the broker (JMS, ...). If not set, no user and password are required |
 | `ACTIVEMQ_CONNECTION_PASSWORD` | Password to access transport connector on the broker (JMS, ...). It should be used with `ACTIVEMQ_CONNECTION_USER`. |
 | `ACTIVEMQ_JMX_USER` | Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed. |
 | `ACTIVEMQ_JMX_PASSWORD` | Password to access the JMX MBean server of the broker. It should be used with `ACTIVEMQ_JMX_USER`/  |
 | `ACTIVEMQ_WEB_USER` | Username to access the ActiveMQ WebConsole. |
 | `ACTIVEMQ_WEB_PASSWORD` | Password to access the ActiveMQ WebConsole. |
--- a/assembly/src/docker/docker-compose.yml
+++ b/assembly/src/docker/docker-compose.yml
@ -26,7 +26,8 @@ services:
      - "61613"
      - "1883"
      - "61614"
-      - "8161"
+      - "8161"`
      - "1099"
    ports:
      - "8161:8161"
      - "61616:61616"
@ -34,6 +35,7 @@ services:
      - "61613:61613"
      - "1883:1883"
      - "61614:61614"
      - "1099:1099"
    command: activemq console
    stdin_open: true
    tty: true
--- a/assembly/src/docker/entrypoint.sh
+++ b/assembly/src/docker/entrypoint.sh
@ -0,0 +1,81 @@
 #!/bin/sh
 ################################################################################
 #  Licensed to the Apache Software Foundation (ASF) under one
 #  or more contributor license agreements.  See the NOTICE file
 #  distributed with this work for additional information
 #  regarding copyright ownership.  The ASF licenses this file
 #  to you under the Apache License, Version 2.0 (the
 #  "License"); you may not use this file except in compliance
 #  with the License.  You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 #  Unless required by applicable law or agreed to in writing, software
 #  distributed under the License is distributed on an "AS IS" BASIS,
 #  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 #  See the License for the specific language governing permissions and
 # limitations under the License.
 ################################################################################
 # Transport/connection security
 if [ -n "${ACTIVEMQ_CONNECTION_USER}" ]; then
  if [ -f "${ACTIVEMQ_HOME}/conf/connection.security.enabled" ]; then
    echo "ActiveMQ Connection Security enabled"
  else
    echo "Enabling ActiveMQ Connection Security"
    sed -i "s/activemq.username=system/activemq.username=${ACTIVEMQ_CONNECTION_USER}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
    sed -i "s/activemq.password=manager/activemq.password=${ACTIVEMQ_CONNECTION_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
    read -r -d '' REPLACE << END
      <plugins>
        <simpleAuthenticationPlugin>
          <users>
            <authenticationUser username="$\{activemq.username}" password="$\{activemq.password}"/>
          </users>
        </simpleAuthenticationPlugin>
      </plugins>
    </broker>
 END
    REPLACE=${REPLACE//$\\/$}
    REPLACE=${REPLACE//\//\\\/}
    REPLACE=$(echo $REPLACE | tr '\n' ' ')
    sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
    touch "${ACTIVEMQ_HOME}/conf/connection.security.enabled"
  fi
 fi
 # JMX security
 if [ -n "${ACTIVEMQ_JMX_USER}" ]; then
  if [ -f "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" ]; then
    echo "JMX Security already enabled"
  else
     echo "Enabling ActiveMQ JMX security"
     read -r -d '' REPLACE << END
       <managementContext>
         <managementContext createConnector="true" />
       </managementContext>
     </broker>
 END
     REPLACE=${REPLACE//\//\\\/}
     REPLACE=${REPLACE//$\\/$}
     REPLACE=$(echo $REPLACE | tr '\n' ' ')
     sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
     sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.access
     sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.password
     if [ -n "${ACTIVEMQ_JMX_PASSWORD}" ]; then
       sed -i "s/\ activemq/\ ${ACTIVEMQ_JMX_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/jmx.password
     fi
     touch "${ACTIVEMQ_HOME}/conf/jmx.security.enabled"
  fi
 fi
 # WebConsole security
 if [ -n "${ACTIVEMQ_WEB_USER}" ]; then
  echo "Enabling ActiveMQ WebConsole security"
  sed -i s/admin=/${ACTIVEMQ_WEB_USER}=/g ${ACTIVEMQ_HOME}/conf/users.properties
  if [ -n "${ACTIVEMQ_WEB_PASSWORD}" ]; then
    sed -i s/=admin/=${ACTIVEMQ_WEB_PASSWORD}/g ${ACTIVEMQ_HOME}/conf/users.properties
  fi
 fi
 exec "$@"