Chapter 16: Monitoring and Managing Tomcat with JMX Configuring Tomcat for Remote Monitoring For security reasons, the default Tomcat server configuration has remote JMX based monitoring disabled. To enable remote monitoring, edit the setenv.bat file that you ve created in the bin directory to contain the following: set CATALINA_OPTS=-Dcom.sun.management.jmxremote -Djava.rmi.server.hostname=192.168.23.2 -Dcom.sun.management.jmxremote.port=8999 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false Type all of the preceding code on one single line, and be very careful to avoid typos. You need to replace the java.rmi.server.hostname property with your own IP address or host name. On a machine with multiple network connections, you must specify the IP address or host name of the network connection that you are remote managing from. It can be useful to restrict remote management to a specific network connection for example, the internal intranet only. You can also select an available port for use on your specified connection. While the previous configuration allows for remote monitoring, it is wide open and insecure. Anyone can connect to the server over the network, if they know the port, using any JMX client. The previous configuration should be enabled only in a test network and never for production. Please be aware that the Manager JMXProxy is by definition remotely accessible because it works through a browser-based interface. In fact, enabling the Manager application in a production environment is a security risk in itself. See Chapter 14 for more information on disabling the Manager application. To connect and manage the Tomcat server configured previously, on your client machine start jconsole, select Remote Process, and type 192.168.23.2:8999 (replace with your own host name/ip and management port that you have specified). (See Figure 16-6 .) Once connected, you can view all the Tomcat exposed management components and their attributes and modify the value of writable properties. Jconsole works in exactly the same way remotely as it does with local JVMs. When using Windows, Tomcat must be running on an NTFS formatted volume because of a known bug related to file access permissions. Securing the Remote Management Connection with SSL and User Authentication For maximum security, remote management should not be enabled in production. However, if you must enable remote management, you should at least: . Restrict the remote management connection to be within the internal network (or VPN) only . Enable authentication . Enable SSL transport You restrict the remote management connection by specifying the java.rmi.server.hostname property on the Tomcat instance being managed (shown in the last section).
If you looking for unlimited one inclusive web hosting plan please check cheap web hosting website.
This entry was posted
on Friday, October 30th, 2009 at 7:15 pm and is filed under tomcat.
You can follow any responses to this entry through the RSS 2.0 feed.
Responses are currently closed, but you can trackback from your own site.