Re: Artemis Console in Kubernetes

[Chad Lauritsen]

Switching to my personal email because work one mangles urls.

I did a little testing with docker, no Kubernetes. Upshot is the problem
occurs when the browser origin URL scheme is https. 

I can reproduce with these 2 scripts:

# begin run_nginx.sh
#!/bin/bash
 
pushd $(mktemp -d)
pwd
mkdir certs
openssl req -x509 -nodes -days 365 \
  -newkey rsa:2048 \
  -keyout certs/key.pem \
  -out certs/cert.pem \
  -subj "/CN=artemis.planetlauritsen.com"
 
 
cat <<'%' > nginx.conf
events {}
 
http {
  server {
    listen 80;
    listen 443 ssl;
    server_name localhost;
 
    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
 
    location / {
      proxy_pass http://host.docker.internal:18161
<http://host.docker.internal:18161/>;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
    }
  }
}
%
 
docker run --rm -p 80:80 -p 443:443 \
  -v "$PWD/nginx.conf":/etc/nginx/nginx.conf:ro \
  -v "$PWD/certs":/etc/nginx/certs:ro \
  nginx
 ############# end run_nginx.sh

###### begin run_artemis.sh
docker run --rm -ti --name artemis -p 18161:8161 apache/activemq-
artemis:2.41.0-alpine
###### end run_artemis.sh


When I visit http://artemis.planetlauritsen.com it works
When I visit https://artemis.planetlauristen.com (accepting self-signed
certificate) it doesn't work.
 
-- 
Chad Lauritsen
IT Architect
The Sherwin-Williams Company
(216) 849-5945
Book Time with me
<https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink>

 
 
From: Chad S Lauritsen <chad.s.laurit...@sherwin.com.INVALID>
Date: Tuesday, July 1, 2025 at 1:58PM
To: users@activemq.apache.org <users@activemq.apache.org>
Subject: Re: [EXTERNAL] Re: Artemis Console in Kubernetes

Forgot to include that: Artemis 2.41.0. Running in a container image
that I’ve derived from apache/activemq-artemis: 2.41.0-alpine
In my derived image, I added a Login module that I wrote, and some extra
TLS CA certs. Otherwise I’d just use the publicly available image.

--
Chad Lauritsen
IT Architect
The Sherwin-Williams Company
(216) 849-5945
Book Time with
me<<https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!5RqjpK6haIsIkWPFBTOzq366DCs70X_WH9NDVHVJCUf-
Vh9NAJs2K1yi687JxQZTqUIBxSnmMsLXoX5BeQV78r17NyHXGr2-JYIIbzx>_$ >


From: Justin Bertram <jbert...@apache.org>
Date: Tuesday, July 1, 2025 at 1:00PM
To: users@activemq.apache.org <users@activemq.apache.org>
Subject: [EXTERNAL] Re: Artemis Console in Kubernetes
 [Caution] External email. Be sure you trust or verify the sender before
entering usernames or passwords when prompted by a link.

What version of ActiveMQ Artemis are you using?


Justin

On Tue, Jul 1, 2025 at 11:52AM Chad S Lauritsen
<chad.s.laurit...@sherwin.com.invalid> wrote:

> Hello activemq list.
>
> New subscriber here.
>
> We have ActiveMQ artemis running in Kubernetes clusters. I would like
to
> expose the Artemis console using a Kubernetes Ingress. Basically, this
> handles the TLS termination for HTTPS, makes the application available
at a
> specific hostname, and forwards the HTTP requests to port 8161 of the
> container running artemis.
>
> Using the Kubernetes ingress, I access the console using a URL like
> <https://artemis.lb0020-ingress.stores.sherwin.com/>
> I can open the application, and get to the login page, but after
logging
> in, it renders a basically empty shell with header, but nothing
related to
> the broker in the console.
>
> When I use a different technique, i.e. Kubernetes port-fowarding, such
> that I can access the console at
https://urldefense.com/v3/__http://localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-
SEpo$<https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$>
<https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-
SEpo$%3chttps:/urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$%3e>  then it works with
> no issues.
>
> In both cases, I’m accessing the same port of the same container.
>
> Digging deeper by watching the developer console in the web browser, I
> noticed a key difference in behavior when the javascript application
> attempts to make a request to the `/jolokia` endpoint.
>
>   *   When using
https://urldefense.com/v3/__http://localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-
zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$<https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$>
<https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-
zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3chttps:/urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3e>  origin, (the one
that works OK) it
> access /console/jolokia successfully.
>   *   When using the Kubernetes ingress,
> https://artemis.lb0020-ingress.stores.sherwin.com
<https://artemis.lb0020-ingress.stores.sherwin.com/>  , the attempts to
access
> jolokia fail. There are 2 attempts made, both fail and no further
requests
> tried
>      *   /jolokia – yields 404
>      *   /hawtio/jolokia – yields 404
>
> I haven’t been fruitful with debugging the minified JS web application
to
> see what’s going on here. I think only the minified JS is checked in
to the
> central repository.
>
> Has anyone encountered this and solved it?
>
> Thanks,
>
> --
> Chad Lauritsen
> IT Architect
> The Sherwin-Williams Company
> (216) 849-5945
> Book Time with me<
>
https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-
zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$<https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$>
<https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-
zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3chttps://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-
0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3e>
> >
>
>

csl