Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

...

Variable

Default

Description

x.y.z

5.5.0

Current stable ActiveMQ version

ACTIVEMQ_HOME

/usr/local/apache-activemq-x.y.z

Installation directory

INSTANCE_NAME

broker

Name of broker - should maybe correlate with host name?

Installing ActiveMQ
  1. Download the latest stable ActiveMQ release (apache-activemq-x.y.z.tar.gz).
  2. Move to the installation root cd /usr/local.
  3. Unpack the release tar xzvf /path/to/apache-activemq-x.y.z.tar.gz
  4. Create ActiveMQ user account useradd activemq
  5. Set up key store in /usr/local/apache-activemq-x.y.z/conf/broker.ks
  6. Create trust store and import trusted certificates into /usr/local/apache-activemq-x.y.z/conf/broker.ts
  7. Edit the configuration files vim /usr/local/apache-activemq-x.y.z/conf/{activemq,jetty}.xmlSet up key store in
  8. Give the activemq user ownership of the installation directory chown -R activemq:activemq /usr/local/apache-activemq-x.y.z/conf/broker.ksCreate trust store and import trusted certificates into (or at least the data-directory which houses the log file)
  9. Make sure the keystore is only readable by the activemq user (chmod 600 /usr/local/apache-activemq-x.y.z/conf/broker.tsks)
  10. Setup service script
  11. Make sure the relevant ports are open in the firewall (8161 if the administration interface should be accessible, 61617 for SSL if this guide is followed and optionally 61616 for TCP)
Importing certificates into java trust store

Anchor
truststore
truststore

If (re-)starting from scratch remove the trust store file beforehand as duplicate aliases are not allowed.

No Format

#!/bin/bash

TRUST_STORE=broker.ts
CERTIFICATES=*.crt # This could be a list instead e.g. "clientA.crt other_file.crt"

for cert in ${CERTIFICATES};
do
        # imports each certificate under an alias that matches its file name
        keytool -alias "${cert}" -importcert -noprompt -keystore "${TRUST_STORE}" -storepass 123456 -file "${cert}"
done
Configuring ActiveMQ

Anchor
conf
conf

Allowing SSL access to the ActiveMQ broker is done by adding a suitable transport connector to the activemq.xml configuration file (NOTE: elements must occur in alphabetical order):

Code Block
xml
xml

    <transportConnectors>
        <transportConnector uri="ssl://0.0.0.0:61617?wantClientAuth=true&amp;needClientAuth=true"/>
    </transportConnectors>

If connections are allowed only over SSL the tcp transportConnector should be removed.

Specifying the location of the key and trust stores used by the server is done in the sslContext section of the same configuration file (again placed in alphabetical order, which will usually mean just before transportConnectors):

Code Block
xml
xml

    <sslContext>
        <sslContext keyStore="file://${activemq.base}/conf/broker.ks"
                    keyStorePassword="123456"
                    trustStore="file://${activemq.base}/conf/broker.ts"
                    trustStorePassword="123456"/>
    </sslContext>

To join multiple brokers into a network of brokers create suitable networkConnector-elements in the configuration file:

Code Block
xml
xml

    <networkConnectors>
        <networkConnector name="other-broker-name" uri="static:(ssl://other-host-name:61617)"/>
    </networkConnectors>
Service/Init Script

Anchor
servicescript
servicescript

...

No Format
#!/bin/bash
#
# activemq       Starts ActiveMQ.
#
# chkconfig: 345 88 12
# description: ActiveMQ is a JMS Messaging Queue Server.
### BEGIN INIT INFO
# Provides: $activemq
### END INIT INFO

# Source function library.
. /etc/init.d/functions

[ -f /home/activemq/activemq-start.sh ] || exit 0
[ -f /home/activemq/activemq-stop.sh ] || exit 0

RETVAL=0

umask 077

start() {
       echo -n $"Starting ActiveMQ: "
       daemon su -c /home/activemq/activemq-start.sh activemq
       echo
       return $RETVAL
}
stop() {
       echo -n $"Shutting down ActiveMQ: "
       daemon su -c /home/activemq/activemq-stop.sh activemq
       echo
       return $RETVAL
}
restart() {
       stop
       start
}
case "$1" in
start)
       start
       ;;
stop)
       stop
       ;;
restart|reload)
       restart
       ;;
*)
       echo $"Usage: $0 {start|stop|restart}"
       exit 1
esac

exit $?
Importing certificates into java trust store

...

If (re-)starting from scratch remove the trust store file beforehand as duplicate aliases are not allowed.

No Format

#!/bin/bash

TRUST_STORE=broker.ts
CERTIFICATES=*.crt # This could be a list instead e.g. "clientA.crt other_file.crt"

for cert in ${CERTIFICATES};
do
        # imports each certificate under an alias that matches its file name
        keytool -alias "${cert}" -importcert -noprompt -keystore "${TRUST_STORE}" -storepass 123456 -file "${cert}"
done