I believe you're hitting a behavior noted in the upgrade documentation [1]. In short, try adding <ignore-scheme/> to the <cors> element of your etc/jolokia-access.xml.
Justin [1] https://activemq.apache.org/components/artemis/documentation/latest/versions.html#upgrading-from-2-39-0 On Tue, Jul 1, 2025 at 1:49 PM Chad Lauritsen <c...@hey.com.invalid> wrote: > Switching to my personal email because work one mangles urls. > > I did a little testing with docker, no Kubernetes. Upshot is the problem > occurs when the browser origin URL scheme is https. > > I can reproduce with these 2 scripts: > > # begin run_nginx.sh > #!/bin/bash > > pushd $(mktemp -d) > pwd > mkdir certs > openssl req -x509 -nodes -days 365 \ > -newkey rsa:2048 \ > -keyout certs/key.pem \ > -out certs/cert.pem \ > -subj "/CN=artemis.planetlauritsen.com" > > > cat <<'%' > nginx.conf > events {} > > http { > server { > listen 80; > listen 443 ssl; > server_name localhost; > > ssl_certificate /etc/nginx/certs/cert.pem; > ssl_certificate_key /etc/nginx/certs/key.pem; > > location / { > proxy_pass http://host.docker.internal:18161 > <http://host.docker.internal:18161/>; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > } > } > } > % > > docker run --rm -p 80:80 -p 443:443 \ > -v "$PWD/nginx.conf":/etc/nginx/nginx.conf:ro \ > -v "$PWD/certs":/etc/nginx/certs:ro \ > nginx > ############# end run_nginx.sh > > ###### begin run_artemis.sh > docker run --rm -ti --name artemis -p 18161:8161 apache/activemq- > artemis:2.41.0-alpine > ###### end run_artemis.sh > > > When I visit http://artemis.planetlauritsen.com it works > When I visit https://artemis.planetlauristen.com (accepting self-signed > certificate) it doesn't work. > > -- > Chad Lauritsen > IT Architect > The Sherwin-Williams Company > (216) 849-5945 > Book Time with me > < > https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink > > > > > > From: Chad S Lauritsen <chad.s.laurit...@sherwin.com.INVALID> > Date: Tuesday, July 1, 2025 at 1:58PM > To: users@activemq.apache.org <users@activemq.apache.org> > Subject: Re: [EXTERNAL] Re: Artemis Console in Kubernetes > > Forgot to include that: Artemis 2.41.0. Running in a container image > that I’ve derived from apache/activemq-artemis: 2.41.0-alpine > In my derived image, I added a Login module that I wrote, and some extra > TLS CA certs. Otherwise I’d just use the publicly available image. > > -- > Chad Lauritsen > IT Architect > The Sherwin-Williams Company > (216) 849-5945 > Book Time with > me<< > https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!5RqjpK6haIsIkWPFBTOzq366DCs70X_WH9NDVHVJCUf- > Vh9NAJs2K1yi687JxQZTqUIBxSnmMsLXoX5BeQV78r17NyHXGr2-JYIIbzx > <https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!5RqjpK6haIsIkWPFBTOzq366DCs70X_WH9NDVHVJCUf-Vh9NAJs2K1yi687JxQZTqUIBxSnmMsLXoX5BeQV78r17NyHXGr2-JYIIbzx>>_$ > > > > > From: Justin Bertram <jbert...@apache.org> > Date: Tuesday, July 1, 2025 at 1:00PM > To: users@activemq.apache.org <users@activemq.apache.org> > Subject: [EXTERNAL] Re: Artemis Console in Kubernetes > [Caution] External email. Be sure you trust or verify the sender before > entering usernames or passwords when prompted by a link. > > What version of ActiveMQ Artemis are you using? > > > Justin > > On Tue, Jul 1, 2025 at 11:52AM Chad S Lauritsen > <chad.s.laurit...@sherwin.com.invalid> wrote: > > > Hello activemq list. > > > > New subscriber here. > > > > We have ActiveMQ artemis running in Kubernetes clusters. I would like > to > > expose the Artemis console using a Kubernetes Ingress. Basically, this > > handles the TLS termination for HTTPS, makes the application available > at a > > specific hostname, and forwards the HTTP requests to port 8161 of the > > container running artemis. > > > > Using the Kubernetes ingress, I access the console using a URL like > > <https://artemis.lb0020-ingress.stores.sherwin.com/> > > I can open the application, and get to the login page, but after > logging > > in, it renders a basically empty shell with header, but nothing > related to > > the broker in the console. > > > > When I use a different technique, i.e. Kubernetes port-fowarding, such > > that I can access the console at > > https://urldefense.com/v3/__http://localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH- > <https://urldefense.com/v3/__http://localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-> > SEpo$< > https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$ > <https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$> > > > < > https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH- > <https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-> > SEpo$%3chttps:/ > urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$%3e > <http://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$%3e>> > then it works with > > no issues. > > > > In both cases, I’m accessing the same port of the same container. > > > > Digging deeper by watching the developer console in the web browser, I > > noticed a key difference in behavior when the javascript application > > attempts to make a request to the `/jolokia` endpoint. > > > > * When using > > https://urldefense.com/v3/__http://localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok- > zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$< > https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$ > <https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$> > > > < > https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok- > zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3chttps:/ > urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3e > <http://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3e>> > origin, (the one > that works OK) it > > access /console/jolokia successfully. > > * When using the Kubernetes ingress, > > https://artemis.lb0020-ingress.stores.sherwin.com > <https://artemis.lb0020-ingress.stores.sherwin.com/> , the attempts to > access > > jolokia fail. There are 2 attempts made, both fail and no further > requests > > tried > > * /jolokia – yields 404 > > * /hawtio/jolokia – yields 404 > > > > I haven’t been fruitful with debugging the minified JS web application > to > > see what’s going on here. I think only the minified JS is checked in > to the > > central repository. > > > > Has anyone encountered this and solved it? > > > > Thanks, > > > > -- > > Chad Lauritsen > > IT Architect > > The Sherwin-Williams Company > > (216) 849-5945 > > Book Time with me< > > > > https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok- > zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$< > https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$ > <https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$> > > > < > https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok- > zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3chttps:// > urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3e > <http://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU-0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3e> > > > > > > > > > > > csl >
