Artemis container
Docker container for Apache Artemis - Page 3
Messages addresses & roles

Needed messages adresses must be added to the main configuration file template: broker.xml.tmpl. This customization is done within <addresses> element. The location of this addition is indicated by the comment: “Add here the configuration of your addresses”. The following example add an address called functionalTrace.accounting:

<!-- Add here the configuration of your addresses -->
<address name="functionalTrace.accounting"/>

We may setting a role-based security policy through a customization of the <security-settings> element. The default configuration, simply allows some rights for default amq role. Adding other roles and/or modifying existing configuration should done in this element within configuration file template. The location of this addition is indicated by the comment: “Add here the configuration of your additional role-based security settings”. The following example add security setting for added functionalTrace.accounting address, assuming that functrace is an additional role (see below):

<!-- Add here the configuration of your additional role-based security settings -->
<security-setting match="functionalTrace.accounting"/>
  <permission type="createNonDurableQueue" roles="functrace"/>
  <permission type="createDurableQueue" roles="functrace"/>
  ....
  ....
</security-setting>

For further details about configuring messages addresses and role-based security in the broker.xml configuration file see this topic at the Artemis documents.

 
Users list & roles mapping

The users list and users/roles mapping are setting through two files (file names are mandatory):

  • artemis-users.properties: Contains authorized users credentials list, one per line
  • artemis-roles.properties: Contains roles/users mapping, one role per line
Customizing these files allows to define several user / role combinations when needed.

 
TLS & JVM configuration

This configuration is done through parameters stored in the container configuration file. This file is supplied through CONTAINER_CONFIG environment variable. Those parameters are:

TLS parameter Content Possible values JVM parameter Content Possible values
kspwd Server certificate keystore password strong strength password value minmem JVM heap minimum memory allocation Value that depends on the RAM allocated to the container
tspwd Server trusted certificates keystore password strong strength password value maxmem JVM heap maximum memory allocation Value that depends on the RAM allocated to the container
ksipwd Cluster internal certificate keystore password strong strength password value jvmgc JVM Garbage collector setting G1GC or ConcMarkSweepGC
twowayauth Enabling Two-Way client authentication true or false ipv4 IP v4 preference enabling true or false
verifyhost Client host domain verification true or false

When Two-Way client authentication is enabled, the clients who want to connect and use the servers cluster must provide a certificate that trusted by servers. In addition, if client host domain verification is enabled, the client must be running on a host in the domaine contained in the provided certificate.