Justin, Thanks a million. I had <ignore-scheme> in there, but it was in the wrong spot, and I had only just now figured out that it should go into the <cors /> block. Once I fixed that, it works.
Thanks!!!!! csl On July 1, 2025, Justin Bertram <jbert...@apache.org> wrote: > I believe you're hitting a behavior noted in the upgrade documentation > [1]. > In short, try adding <ignore-scheme/> to the <cors> element of your > etc/jolokia-access.xml. > > > Justin > > [1] > https://activemq.apache.org/components/artemis/documentation/latest/versions.html#upgrading- > from-2-39-0 > > On Tue, Jul 1, 2025 at 1:49 PM Chad Lauritsen <c...@hey.com.invalid> > wrote: > > > Switching to my personal email because work one mangles urls. > > > > I did a little testing with docker, no Kubernetes. Upshot is the > problem > > occurs when the browser origin URL scheme is https. > > > > I can reproduce with these 2 scripts: > > > > # begin run_nginx.sh > > #!/bin/bash > > > > pushd $(mktemp -d) > > pwd > > mkdir certs > > openssl req -x509 -nodes -days 365 \ > > -newkey rsa:2048 \ > > -keyout certs/key.pem \ > > -out certs/cert.pem \ > > -subj "/CN=artemis.planetlauritsen.com" > > > > > > cat <<'%' > nginx.conf > > events {} > > > > http { > > server { > > listen 80; > > listen 443 ssl; > > server_name localhost; > > > > ssl_certificate /etc/nginx/certs/cert.pem; > > ssl_certificate_key /etc/nginx/certs/key.pem; > > > > location / { > > proxy_pass http://host.docker.internal:18161 > > <http://host.docker.internal:18161/>; > > proxy_set_header Host $host; > > proxy_set_header X-Real-IP $remote_addr; > > } > > } > > } > > % > > > > docker run --rm -p 80:80 -p 443:443 \ > > -v "$PWD/nginx.conf":/etc/nginx/nginx.conf:ro \ > > -v "$PWD/certs":/etc/nginx/certs:ro \ > > nginx > > ############# end run_nginx.sh > > > > ###### begin run_artemis.sh > > docker run --rm -ti --name artemis -p 18161:8161 apache/activemq- > > artemis:2.41.0-alpine > > ###### end run_artemis.sh > > > > > > When I visit http://artemis.planetlauritsen.com it works > > When I visit https://artemis.planetlauristen.com (accepting self- > signed > > certificate) it doesn't work. > > > > -- > > Chad Lauritsen > > IT Architect > > The Sherwin-Williams Company > > (216) 849-5945 > > Book Time with me > > < > > > https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink > > > > > > > > > > > From: Chad S Lauritsen <chad.s.laurit...@sherwin.com.INVALID> > > Date: Tuesday, July 1, 2025 at 1:58PM > > To: users@activemq.apache.org <users@activemq.apache.org> > > Subject: Re: [EXTERNAL] Re: Artemis Console in Kubernetes > > > > Forgot to include that: Artemis 2.41.0. Running in a container image > > that I’ve derived from apache/activemq-artemis: 2.41.0-alpine > > In my derived image, I added a Login module that I wrote, and some > extra > > TLS CA certs. Otherwise I’d just use the publicly available image. > > > > -- > > Chad Lauritsen > > IT Architect > > The Sherwin-Williams Company > > (216) 849-5945 > > Book Time with > > me<< > > > https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!5RqjpK6haIsIkWPFBTOzq366DCs70X_WH9NDVHVJCUf- > > Vh9NAJs2K1yi687JxQZTqUIBxSnmMsLXoX5BeQV78r17NyHXGr2-JYIIbzx > > > <https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!5RqjpK6haIsIkWPFBTOzq366DCs70X_WH9NDVHVJCUf- > Vh9NAJs2K1yi687JxQZTqUIBxSnmMsLXoX5BeQV78r17NyHXGr2-JYIIbzx>>_$ > > > > > > > > > From: Justin Bertram <jbert...@apache.org> > > Date: Tuesday, July 1, 2025 at 1:00PM > > To: users@activemq.apache.org <users@activemq.apache.org> > > Subject: [EXTERNAL] Re: Artemis Console in Kubernetes > > [Caution] External email. Be sure you trust or verify the sender > before > > entering usernames or passwords when prompted by a link. > > > > What version of ActiveMQ Artemis are you using? > > > > > > Justin > > > > On Tue, Jul 1, 2025 at 11:52AM Chad S Lauritsen > > <chad.s.laurit...@sherwin.com.invalid> wrote: > > > > > Hello activemq list. > > > > > > New subscriber here. > > > > > > We have ActiveMQ artemis running in Kubernetes clusters. I would > like > > to > > > expose the Artemis console using a Kubernetes Ingress. Basically, > this > > > handles the TLS termination for HTTPS, makes the application > available > > at a > > > specific hostname, and forwards the HTTP requests to port 8161 of > the > > > container running artemis. > > > > > > Using the Kubernetes ingress, I access the console using a URL > like > > > <https://artemis.lb0020-ingress.stores.sherwin.com/> > > > I can open the application, and get to the login page, but after > > logging > > > in, it renders a basically empty shell with header, but nothing > > related to > > > the broker in the console. > > > > > > When I use a different technique, i.e. Kubernetes port-fowarding, > such > > > that I can access the console at > > > > > https://urldefense.com/v3/__http://localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH- > > > <https://urldefense.com/v3/__http://localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-> > > SEpo$< > > > https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$ > > > <https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$> > > > > > < > > > https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH- > > > <https://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-> > > SEpo$%3chttps:/ > > > urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$%3e > > > <http://urldefense.com/v3/__http:/localhost:8161__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cMH-SEpo$%3e>> > > then it works with > > > no issues. > > > > > > In both cases, I’m accessing the same port of the same container. > > > > > > Digging deeper by watching the developer console in the web > browser, I > > > noticed a key difference in behavior when the javascript > application > > > attempts to make a request to the `/jolokia` endpoint. > > > > > > * When using > > > > > https://urldefense.com/v3/__http://localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok- > > zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$< > > > https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$ > > > <https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$> > > > > > < > > > https://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok- > > zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3chttps:/ > > > urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3e > > > <http://urldefense.com/v3/__http:/localhost:8181__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cOTmDBO8$%3e>> > > origin, (the one > > that works OK) it > > > access /console/jolokia successfully. > > > * When using the Kubernetes ingress, > > > https://artemis.lb0020-ingress.stores.sherwin.com > > <https://artemis.lb0020-ingress.stores.sherwin.com/> , the attempts > to > > access > > > jolokia fail. There are 2 attempts made, both fail and no further > > requests > > > tried > > > * /jolokia – yields 404 > > > * /hawtio/jolokia – yields 404 > > > > > > I haven’t been fruitful with debugging the minified JS web > application > > to > > > see what’s going on here. I think only the minified JS is checked > in > > to the > > > central repository. > > > > > > Has anyone encountered this and solved it? > > > > > > Thanks, > > > > > > -- > > > Chad Lauritsen > > > IT Architect > > > The Sherwin-Williams Company > > > (216) 849-5945 > > > Book Time with me< > > > > > > > > https://urldefense.com/v3/__https://outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok- > > zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$< > > > https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$ > > > <https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$> > > > > > < > > > https://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok- > > zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3chttps:// > > > urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3e > > > <http://urldefense.com/v3/__https:/outlook.office.com/bookwithme/user/34f1d9682592497aa53064b106f4a...@sherwin.com?anonymous&ep=plink__;!!Cg_6rE7FVGHU6vd7!7g9alVw1tNvF2PZCl1j7dQfqWEJUvg0Dxm2DJTYxU- > 0oWyr3r2Sok-zfidBCxIclbiPW8YGsQvUSda4cvDFniH8$%3e> > > > > > > > > > > > > > > > > > csl > >
