I need to connect VisualVM to remote JMX. It seems that VisualVM can only connect using IP:PORT but cannot with the specified subdomain.
Here are my settings:
docker-compose.yaml
version: "3.9"
services:
app-prod-web:
container_name: app-prod-web
image: app-prod-web:latest
ports:
- "127.0.0.1:8080:8080"
- "127.0.0.1:8083:8083"
env_file:
- .env
build:
dockerfile: Dockerfile
context: .
args:
- JAR_FILE=web/target/*.jar
environment:
- JAVA_OPTS=-Xms512m -Xmx1024m -XX:+UseG1GC -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.rmi.port=8083 -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=8083 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=sub.domain.com
nginx config for sub.domain.com
map $http_x_forwarded_for $is_allowed_jmx {
"34.96.11.5" 1; # My NOT REAL IP
default 0; # default value (forbidden)
}
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/cert.pem;
ssl_certificate_key /etc/ssl/key.pem;
server_name sub.domain.com www.sub.domain.com;
location / {
if ($is_allowed_jmx = 0) {
return 403 "Forbidden";
}
proxy_pass http://127.0.0.1:8083/;
proxy_redirect http://$host:8883 $scheme://$host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I was only able to connect to JMX via IP:PORT if I specified the docker ports
like this
ports:
- "8080:8080"
- "8083:8083"
and hostname like this
-Djava.rmi.server.hostname=134.435.22.12
But in this case, Docker simply bypasses the firewall and NGINX due to its specifics.
When I add a JMX connection in VisualVM and enter my domain in the Connection field, the program requires you to add a colon and specify the port, until I add the port the OK button is inactive. This is confusing since I'm using a subdomain and not an IP and port
