AMQ-9296: Add authentication support in docker images

This commit is contained in:
JB Onofré 2023-11-08 17:34:14 +01:00
parent d23da10da8
commit 398cdc6740
4 changed files with 101 additions and 3 deletions

View File

@ -30,11 +30,14 @@ ENV ACTIVEMQ_OPTS $ACTIVEMQ_OPTS -Djetty.host=0.0.0.0
# activemq_dist can point to a directory or a tarball on the local system
ARG activemq_dist=NOT_SET
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
# Install build dependencies and activemq
ADD $activemq_dist $ACTIVEMQ_INSTALL_PATH
RUN set -x && \
cp -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* $ACTIVEMQ_HOME && \
rm -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-*
EXPOSE 8161 61616 5672 61613 1883 61614
EXPOSE 8161 61616 5672 61613 1883 61614 1099
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
CMD ["activemq", "console"]

View File

@ -144,7 +144,8 @@ docker kill activemq
### Ports
* ActiveMQ web console on `8161`
* ActiveMQ WebConsole on `8161`
* ActiveMQ JMX MBean server on `1099`
* ActiveMQ tcp connector on `61616`
* ActiveMQ AMQP connector on `5672`
* ActiveMQ STOMP connector on `61613`
@ -152,3 +153,14 @@ docker kill activemq
* ActiveMQ WS connector on `61614`
Edit the `docker-compose.yml` file to edit port settings.
### Environment variables
| Environment Variable | Description |
|----------------------|-------------|
| `ACTIVEMQ_CONNECTION_USER` | Username to access transport connector on the broker (JMS, ...). If not set, no user and password are required |
| `ACTIVEMQ_CONNECTION_PASSWORD` | Password to access transport connector on the broker (JMS, ...). It should be used with `ACTIVEMQ_CONNECTION_USER`. |
| `ACTIVEMQ_JMX_USER` | Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed. |
| `ACTIVEMQ_JMX_PASSWORD` | Password to access the JMX MBean server of the broker. It should be used with `ACTIVEMQ_JMX_USER`/ |
| `ACTIVEMQ_WEB_USER` | Username to access the ActiveMQ WebConsole. |
| `ACTIVEMQ_WEB_PASSWORD` | Password to access the ActiveMQ WebConsole. |

View File

@ -26,7 +26,8 @@ services:
- "61613"
- "1883"
- "61614"
- "8161"
- "8161"`
- "1099"
ports:
- "8161:8161"
- "61616:61616"
@ -34,6 +35,7 @@ services:
- "61613:61613"
- "1883:1883"
- "61614:61614"
- "1099:1099"
command: activemq console
stdin_open: true
tty: true

View File

@ -0,0 +1,81 @@
#!/bin/sh
################################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
################################################################################
# Transport/connection security
if [ -n "${ACTIVEMQ_CONNECTION_USER}" ]; then
if [ -f "${ACTIVEMQ_HOME}/conf/connection.security.enabled" ]; then
echo "ActiveMQ Connection Security enabled"
else
echo "Enabling ActiveMQ Connection Security"
sed -i "s/activemq.username=system/activemq.username=${ACTIVEMQ_CONNECTION_USER}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
sed -i "s/activemq.password=manager/activemq.password=${ACTIVEMQ_CONNECTION_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
read -r -d '' REPLACE << END
<plugins>
<simpleAuthenticationPlugin>
<users>
<authenticationUser username="$\{activemq.username}" password="$\{activemq.password}"/>
</users>
</simpleAuthenticationPlugin>
</plugins>
</broker>
END
REPLACE=${REPLACE//$\\/$}
REPLACE=${REPLACE//\//\\\/}
REPLACE=$(echo $REPLACE | tr '\n' ' ')
sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
touch "${ACTIVEMQ_HOME}/conf/connection.security.enabled"
fi
fi
# JMX security
if [ -n "${ACTIVEMQ_JMX_USER}" ]; then
if [ -f "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" ]; then
echo "JMX Security already enabled"
else
echo "Enabling ActiveMQ JMX security"
read -r -d '' REPLACE << END
<managementContext>
<managementContext createConnector="true" />
</managementContext>
</broker>
END
REPLACE=${REPLACE//\//\\\/}
REPLACE=${REPLACE//$\\/$}
REPLACE=$(echo $REPLACE | tr '\n' ' ')
sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.access
sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.password
if [ -n "${ACTIVEMQ_JMX_PASSWORD}" ]; then
sed -i "s/\ activemq/\ ${ACTIVEMQ_JMX_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/jmx.password
fi
touch "${ACTIVEMQ_HOME}/conf/jmx.security.enabled"
fi
fi
# WebConsole security
if [ -n "${ACTIVEMQ_WEB_USER}" ]; then
echo "Enabling ActiveMQ WebConsole security"
sed -i s/admin=/${ACTIVEMQ_WEB_USER}=/g ${ACTIVEMQ_HOME}/conf/users.properties
if [ -n "${ACTIVEMQ_WEB_PASSWORD}" ]; then
sed -i s/=admin/=${ACTIVEMQ_WEB_PASSWORD}/g ${ACTIVEMQ_HOME}/conf/users.properties
fi
fi
exec "$@"