mirror of https://github.com/apache/activemq.git
AMQ-9296: Add authentication support in docker images
This commit is contained in:
parent
d23da10da8
commit
398cdc6740
|
@ -30,11 +30,14 @@ ENV ACTIVEMQ_OPTS $ACTIVEMQ_OPTS -Djetty.host=0.0.0.0
|
|||
# activemq_dist can point to a directory or a tarball on the local system
|
||||
ARG activemq_dist=NOT_SET
|
||||
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
|
||||
# Install build dependencies and activemq
|
||||
ADD $activemq_dist $ACTIVEMQ_INSTALL_PATH
|
||||
RUN set -x && \
|
||||
cp -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-* $ACTIVEMQ_HOME && \
|
||||
rm -r $ACTIVEMQ_INSTALL_PATH/apache-activemq-*
|
||||
|
||||
EXPOSE 8161 61616 5672 61613 1883 61614
|
||||
EXPOSE 8161 61616 5672 61613 1883 61614 1099
|
||||
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
||||
CMD ["activemq", "console"]
|
||||
|
|
|
@ -144,7 +144,8 @@ docker kill activemq
|
|||
|
||||
### Ports
|
||||
|
||||
* ActiveMQ web console on `8161`
|
||||
* ActiveMQ WebConsole on `8161`
|
||||
* ActiveMQ JMX MBean server on `1099`
|
||||
* ActiveMQ tcp connector on `61616`
|
||||
* ActiveMQ AMQP connector on `5672`
|
||||
* ActiveMQ STOMP connector on `61613`
|
||||
|
@ -152,3 +153,14 @@ docker kill activemq
|
|||
* ActiveMQ WS connector on `61614`
|
||||
|
||||
Edit the `docker-compose.yml` file to edit port settings.
|
||||
|
||||
### Environment variables
|
||||
|
||||
| Environment Variable | Description |
|
||||
|----------------------|-------------|
|
||||
| `ACTIVEMQ_CONNECTION_USER` | Username to access transport connector on the broker (JMS, ...). If not set, no user and password are required |
|
||||
| `ACTIVEMQ_CONNECTION_PASSWORD` | Password to access transport connector on the broker (JMS, ...). It should be used with `ACTIVEMQ_CONNECTION_USER`. |
|
||||
| `ACTIVEMQ_JMX_USER` | Username to access the JMX MBean server of the broker. If set, ActiveMQ accepts remote JMX connection, else, only local connection are allowed. |
|
||||
| `ACTIVEMQ_JMX_PASSWORD` | Password to access the JMX MBean server of the broker. It should be used with `ACTIVEMQ_JMX_USER`/ |
|
||||
| `ACTIVEMQ_WEB_USER` | Username to access the ActiveMQ WebConsole. |
|
||||
| `ACTIVEMQ_WEB_PASSWORD` | Password to access the ActiveMQ WebConsole. |
|
|
@ -26,7 +26,8 @@ services:
|
|||
- "61613"
|
||||
- "1883"
|
||||
- "61614"
|
||||
- "8161"
|
||||
- "8161"`
|
||||
- "1099"
|
||||
ports:
|
||||
- "8161:8161"
|
||||
- "61616:61616"
|
||||
|
@ -34,6 +35,7 @@ services:
|
|||
- "61613:61613"
|
||||
- "1883:1883"
|
||||
- "61614:61614"
|
||||
- "1099:1099"
|
||||
command: activemq console
|
||||
stdin_open: true
|
||||
tty: true
|
||||
|
|
|
@ -0,0 +1,81 @@
|
|||
#!/bin/sh
|
||||
|
||||
################################################################################
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
################################################################################
|
||||
|
||||
# Transport/connection security
|
||||
if [ -n "${ACTIVEMQ_CONNECTION_USER}" ]; then
|
||||
if [ -f "${ACTIVEMQ_HOME}/conf/connection.security.enabled" ]; then
|
||||
echo "ActiveMQ Connection Security enabled"
|
||||
else
|
||||
echo "Enabling ActiveMQ Connection Security"
|
||||
sed -i "s/activemq.username=system/activemq.username=${ACTIVEMQ_CONNECTION_USER}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
|
||||
sed -i "s/activemq.password=manager/activemq.password=${ACTIVEMQ_CONNECTION_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/credentials.properties
|
||||
read -r -d '' REPLACE << END
|
||||
<plugins>
|
||||
<simpleAuthenticationPlugin>
|
||||
<users>
|
||||
<authenticationUser username="$\{activemq.username}" password="$\{activemq.password}"/>
|
||||
</users>
|
||||
</simpleAuthenticationPlugin>
|
||||
</plugins>
|
||||
</broker>
|
||||
END
|
||||
REPLACE=${REPLACE//$\\/$}
|
||||
REPLACE=${REPLACE//\//\\\/}
|
||||
REPLACE=$(echo $REPLACE | tr '\n' ' ')
|
||||
sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
|
||||
touch "${ACTIVEMQ_HOME}/conf/connection.security.enabled"
|
||||
fi
|
||||
fi
|
||||
|
||||
# JMX security
|
||||
if [ -n "${ACTIVEMQ_JMX_USER}" ]; then
|
||||
if [ -f "${ACTIVEMQ_HOME}/conf/jmx.security.enabled" ]; then
|
||||
echo "JMX Security already enabled"
|
||||
else
|
||||
echo "Enabling ActiveMQ JMX security"
|
||||
read -r -d '' REPLACE << END
|
||||
<managementContext>
|
||||
<managementContext createConnector="true" />
|
||||
</managementContext>
|
||||
</broker>
|
||||
END
|
||||
REPLACE=${REPLACE//\//\\\/}
|
||||
REPLACE=${REPLACE//$\\/$}
|
||||
REPLACE=$(echo $REPLACE | tr '\n' ' ')
|
||||
sed -i "s/<\/broker>/$REPLACE/" ${ACTIVEMQ_HOME}/conf/activemq.xml
|
||||
sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.access
|
||||
sed -i "s/admin/${ACTIVEMQ_JMX_USER}/" ${ACTIVEMQ_HOME}/conf/jmx.password
|
||||
if [ -n "${ACTIVEMQ_JMX_PASSWORD}" ]; then
|
||||
sed -i "s/\ activemq/\ ${ACTIVEMQ_JMX_PASSWORD}/" ${ACTIVEMQ_HOME}/conf/jmx.password
|
||||
fi
|
||||
touch "${ACTIVEMQ_HOME}/conf/jmx.security.enabled"
|
||||
fi
|
||||
fi
|
||||
|
||||
# WebConsole security
|
||||
if [ -n "${ACTIVEMQ_WEB_USER}" ]; then
|
||||
echo "Enabling ActiveMQ WebConsole security"
|
||||
sed -i s/admin=/${ACTIVEMQ_WEB_USER}=/g ${ACTIVEMQ_HOME}/conf/users.properties
|
||||
if [ -n "${ACTIVEMQ_WEB_PASSWORD}" ]; then
|
||||
sed -i s/=admin/=${ACTIVEMQ_WEB_PASSWORD}/g ${ACTIVEMQ_HOME}/conf/users.properties
|
||||
fi
|
||||
fi
|
||||
|
||||
exec "$@"
|
Loading…
Reference in New Issue