远程 JMX 连接
我正在尝试打开与远程计算机上运行的 java 应用程序的 JMX 连接。
应用程序 JVM 使用以下选项进行配置:
- com.sun.management.jmxremote
- com.sun.management.jmxremote.port=1088
- com.sun.management.jmxremote.authenticate=false
- com.sun.management.jmxremote.ssl=false
我可以使用 jconsole 或 jvisualvm 使用 localhost:1088 进行连接。 但我无法使用 xxx.xxx.xxx.xxx:1088 从远程计算机进行连接。
服务器之间或操作系统上没有防火墙。 但为了消除这种可能性,我telnet xxx.xxx.xxx.xxx 1088并且我认为它已连接,因为控制台屏幕变成空白。
两台服务器都是 Windows Server 2008 x64。 尝试过 64 位 JVM 和 32 位,都不起作用。
I'm trying to open a JMX connection to java application running on a remote machine.
The application JVM is configured with the following options:
- com.sun.management.jmxremote
- com.sun.management.jmxremote.port=1088
- com.sun.management.jmxremote.authenticate=false
- com.sun.management.jmxremote.ssl=false
I'm able to connect using localhost:1088 using jconsole or jvisualvm.
But I'm not able to connect using xxx.xxx.xxx.xxx:1088 from a remote machine.
There is no firewall between the servers, or on the OS. But to eliminate this possibility I telnet xxx.xxx.xxx.xxx 1088 and I think it connects, as the console screen turns blank.
Both servers are Windows Server 2008 x64. Tried with 64-bit JVM and 32-bit, neither work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(12)
如果是在 Linux 上,问题将是 localhost 是环回接口,您需要应用程序来绑定到网络接口。
您可以使用 netstat 来确认它没有绑定到预期的网络接口。
您可以通过使用系统参数
java.rmi.server.hostname="YOUR_IP"调用程序来完成此工作,无论是作为环境变量还是使用Had it been on Linux the problem would be that localhost is the loopback interface, you need to application to bind to your network interface.
You can use the netstat to confirm that it is not bound to the expected network interface.
You can make this work by invoking the program with the system parameter
java.rmi.server.hostname="YOUR_IP", either as an environment variable or using我花了一天多的时间尝试让 JMX 从本地主机外部工作。 SUN/Oracle 似乎没有提供关于此的良好文档。
确保以下命令返回真实的 IP 或主机名。 如果它确实返回 127.0.0.1、127.0.1.1 或 localhost 之类的内容,它将无法工作,您必须更新
/etc/hosts文件。这是甚至从外部启用 JMX 所需的命令,
正如您所假设的那样,myserver.example.com 必须与
hostname -i返回的内容匹配。显然,您需要确保防火墙不会阻止您,但我几乎可以肯定这不是您的问题,问题在于未记录的最后一个参数。
I've spend more than a day trying to make JMX to work from outside localhost. It seems that SUN/Oracle failed to provide a good documentation on this.
Be sure that the following command returns you a real IP or HOSTNAME. If it does return something like 127.0.0.1, 127.0.1.1 or localhost it will not work and you will have to update
/etc/hostsfile.Here is the command needed to enable JMX even from outside
Where as you assumed, myserver.example.com must match what
hostname -ireturns.Obviously, you need to be sure that the firewall does not block you, but I'm almost sure that this is not your problem, the problem being the last parameter that is not documented.
在我使用 Tomcat 和 Java 8 进行的测试中,除了为 JMX 指定的端口之外,JVM 还打开了一个临时端口。 下面的代码解决了我的问题; 如果您遇到 JMX 客户端(例如 VisualVM 无法连接的问题),请尝试一下。
另请参阅 为什么配置JMX时Java会打开3个端口?
In my testing with Tomcat and Java 8, the JVM was opening an ephemeral port in addition to the one specified for JMX. The following code fixed me up; give it a try if you are having issues where your JMX client (e.g. VisualVM is not connecting.
Also see Why Java opens 3 ports when JMX is configured?
http://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
如果您尝试要访问位于 NAT 后面的服务器 - 您很可能必须使用以下选项启动服务器,
以便发送到客户端的 RMI 存根包含服务器的公共地址,从而允许客户端从外部访问它。
http://blogs.oracle.com/jmxetc/entry/troubleshooting_connection_problems_in_jconsole
If you are trying to access a server which is behind a NAT - you will most probably have to start your server with the option
so that the RMI stubs sent to the client contain the server's public address allowing it to be reached by the clients from the outside.
看来你的结尾引言来得太早了。 它应该在最后一个参数之后。
这个技巧对我有用。
我注意到一些有趣的事情:当我使用以下命令行启动我的应用程序时:
如果我尝试使用 jconsole 从远程计算机连接到此端口,TCP 连接会成功,一些数据在远程 jconsole 和我的 MBean 所在的本地 jmx 代理之间交换已部署,然后 jconsole 显示连接错误消息。 我执行了wireshark捕获,它显示了来自代理和jconsole的数据交换。
因此,这不是网络问题,如果我执行带有或不带有 java.rmi.server.hostname 系统属性的 netstat -an,我将具有以下绑定:
这意味着在这两种情况下,在端口 9999 上创建的套接字接受来自以下位置的连接:任何地址上的任何主机。
我认为该系统属性的内容在连接时的某个地方使用,并与代理用于与 jconsole 通信的实际 IP 地址进行比较。 如果这些地址不匹配,连接就会失败。
我在使用 jconsole 从同一主机连接时没有遇到此问题,仅从真实的物理远程主机连接。 因此,我认为只有当连接来自“外部”时才会进行此检查。
it seams that your ending quote comes too early. It should be after the last parameter.
This trick worked for me.
I noticed something interesting: when I start my application using the following command line:
If I try to connect to this port from a remote machine using jconsole, the TCP connection succeeds, some data is exchanged between remote jconsole and local jmx agent where my MBean is deployed, and then, jconsole displays a connect error message. I performed a wireshark capture, and it shows data exchange coming from both agent and jconsole.
Thus, this is not a network issue, if I perform a netstat -an with or without java.rmi.server.hostname system property, I have the following bindings:
It means that in both cases the socket created on port 9999 accepts connections from any host on any address.
I think the content of this system property is used somewhere at connection and compared with the actual IP address used by agent to communicate with jconsole. And if those address do not match, connection fails.
I did not have this problem while connecting from the same host using jconsole, only from real physical remote hosts. So, I suppose that this check is done only when connection is coming from the "outside".
对我有用的事情是将 /etc/hosts 设置为将主机名指向 ip 而不是环回接口,然后重新启动我的应用程序。
cat /etc/hosts
这是我的配置:
the thing that work for me was to set /etc/hosts to point the hostname to the ip and not to the loopback interface and than restart my application.
cat /etc/hosts
This is my configuration:
非常感谢,它的工作原理如下:
java -Djava.rmi.server.hostname=xxx.xxx.xxx.xxx -Dcom.sun.management.jmxremote -Dcom .sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=25000 -jar myjar.jar
Thanks a lot, it works like this:
java -Djava.rmi.server.hostname=xxx.xxx.xxx.xxx -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.port=25000 -jar myjar.jar
我知道这个线程已经很老了,但是还有一个额外的选项会有很大帮助。 请参阅此处: https://realjenius.com/2012/11/ 21/java7-jmx-tunneling-freedom/
-Dcom.sun.management.jmxremote.rmi.port=1099I know this thread is pretty old, but there's an additional option that will help greatly. See here: https://realjenius.com/2012/11/21/java7-jmx-tunneling-freedom/
-Dcom.sun.management.jmxremote.rmi.port=1099试试这个,我测试了在docker容器内访问JMX
然后
$ jconsole localhost:16000
Try this, I tested to access JMX inside docker container
Then
$ jconsole localhost:16000
要启用 JMX 远程,请传递以下 VM 参数以及 JAVA 命令。
To enable JMX remote, pass below VM parameters along with JAVA Command.
我有同样的问题,我将与本地主机名匹配的任何主机名更改为 0.0.0.0,这样做后似乎可以工作。
I have the same issue and I change any hostname that matches the local host name to 0.0.0.0, it seems to work after I do that.
尝试使用高于 3000 的端口。
Try using ports higher than 3000.