本文介绍了JConsole通过ssh本地端口转发的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我希望能够远程连接到暴露了JMX的Java服务,但是它被防火墙阻止了。我曾尝试使用ssh本地端口转发,但连接失败。看看wireshark,看来当你尝试连接jconsole时,它想要在连接到被防火墙阻止的端口9999之后通过一些短暂的端口进行连接。



有没有办法让jconsole只通过9999连接或使用代理? 吗?或者说,我失去的东西吗?


解决方案

是的,那篇文章是正确的。



在服务器上指定JMX端口( -Dcom.sun.management.jmxremote.port = #### )时,实际上是在指定只是应用程序的注册表端口。当你连接它时,它提供了一个额外的服务器端口,jconsole实际上完成了它的所有工作。要转发工作,您需要知道两者注册表和服务器端口。



以下内容应该适用于运行您的应用程序均设置为8000注册表和服务器端口请参见。

  -Dcom.sun.management.jmxremote.port = 8000 
-Dcom .sun.management.jmxremote.rmi.port = 8000

顺便说一下,我的允许您轻松设置两个端口,并且可以将它们设置为同一个端口。



因此,一旦您知道需要转发的两个端口,就可以设置 ssh 命令。例如,如果将注册表和服务器端口配置为8000,则可以执行以下操作:

  ssh -L 8000:localhost:8000 remote-host 

这将创建一个本地端口8000,它转发到远程主机上的localhost:8000。如果需要转发多个端口,可以指定多个 -L 参数。然后你可以将你的jconsole连接到localhost:8000,它将适当地连接到远程主机。



另外,如果你的服务器有多个接口,你可能需要设置以下变量以使注册表和服务器端口绑定到正确的接口:

  -Djava.rmi.server.hostname = 10.1.2.3 


I'd like to be able to remotely connect to a Java service that has JMX exposed, however it is blocked by a firewall. I have tried to use ssh local port forwarding, however the connection fails. Looking at wireshark, it appears that when you try to connect with jconsole, it wants to connect via some ephemeral ports after connecting to port 9999, which are blocked by the firewall.

Is there any way to make jconsole only connect through 9999 or use a proxy? Is this article still the best solution? Or, am I missing something?

解决方案

Yes, that article is about right.

When you specify the JMX port on your server (-Dcom.sun.management.jmxremote.port=####), you are actually specifying just the registry-port for the application. When you connect it provides an additional server-port that the jconsole actually does all of its work with. To get forwarded to work, you need to know both the registry and server ports.

Something like the following should work to run your application with both the registry and server ports set to 8000. See here for more details.

-Dcom.sun.management.jmxremote.port=8000
-Dcom.sun.management.jmxremote.rmi.port=8000

As an aside, my SimpleJMX library allows you to set both ports easily and you can set them both to be the same port.

So, once you know both the port(s) you need to forward, you can set up your ssh command. For example, if you configure the registry and server ports as 8000, you would do:

ssh -L 8000:localhost:8000 remote-host

This creates a local port 8000 which forwards to localhost:8000 on the remote-host. You can specify multiple -L arguments if you need to forward multiple ports. Then you can connect your jconsole to localhost:8000 and it will connect to the remote-host appropriately.

Also, if your server has multiple interfaces, you may need to set both the following variable to get the registry and server ports to bind to the right interface:

-Djava.rmi.server.hostname=10.1.2.3

这篇关于JConsole通过ssh本地端口转发的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

09-01 21:26