- you have a Tomcat running on Red Hat Enterprise Linux (RHEL) on Amazon Web Services (AWS) and you want to monitor it or investigate some issue via JMX.
- you want to use JConsole and/or VisualVM and you want to do it at least partially secure
- you already have ssh access to the AWS Linux machine running your Tomcat.
The solution implies 3 steps (excluding Tomcat restart) on server side and 3 steps on client side:
Server side:
- download http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.23/bin/extras/catalina-jmx-remote.jar and put it in tomcat/lib
- add following listener to server.xml:
<listener classname="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
rmiregistryportplatform="10001"
rmiserverportplatform="10002"
uselocalports="true" />
-
add following settings in tomcat/bin/setenv.sh:
CATALINA_OPTS="-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false"
$CATALINA_OPTS
Client side:
- download http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.23/bin/extras/catalina-jmx-remote.jar and put it in JDK/JRE/lib/ext (same file as downloaded at Server step 1)
- start ssh tunnel with:
ssh user@aws-host -L10001:127.0.0.1:10001 -L10002:127.0.0.1:10002
- Start JConsole and enter the following remote service URL:
service:jmx:rmi://127.0.0.1:10002/jndi/rmi://127.0.0.1:10001/jmxrmi
Of course, if you want to configure plain authentication or even SSL for even greater security, all you have to do is add the corresponding standard JMX settings on the server side, and client side.
Happy monitoring.