Unable to connect to remote server from Hawtio dashboard

C

2

6

I have a camel web application running on remote-server-1 which is a tomcat 8 server. I have attached a jolokia jvm agent on this tomcat as follows-

java -jar jolokia-jvm-1.3.5-agent.jar start <PID>

I get the following response on my local machine by accessing http://remote-server-1:port/jolokia-

{
    "request": {
        "type": "version"
    },
    "value": {
        "agent": "1.3.5",
        "protocol": "7.2",
        "config": {
            "maxDepth": "15",
            "discoveryEnabled": "true",
            "maxCollectionSize": "0",
            "agentId": "***.***.***.**-16224-35a7a114-jvm",
            "debug": "false",
            "agentType": "jvm",
            "historyMaxEntries": "10",
            "agentContext": "\/jolokia",
            "maxObjects": "0",
            "debugMaxEntries": "100"
        },
        "info": {
            "product": "tomcat",
            "vendor": "Apache",
            "version": "8.0.35"
        }
    },
    "timestamp": 1491307702,
    "status": 200
}

I also have hawtio.war deployed on my local-tomcat8.5. When I try to connect to this remote agent, I am redirected to login page. I am not able to figure out where am I going wrong. Can anyone help me with this?

Cathay answered 4/4, 2017 at 12:13 Comment(2)

Which hawtio version are you using? – Conversion 4/4, 2017 at 13:39

I'm using hawtio version 1.5.0 – Cathay 4/4, 2017 at 15:15

C

15

From 2.10.1 on: Use hawtio.proxyAllowlist instead of hawtio.proxyWhitelist. (Thanks rastadrian for pointing it out.)

Since hawtio 1.5.0 you need to add remote hosts to the hawtio.proxyWhitelist system property.

http://hawt.io/docs/configuration/#configuration-properties

hawtio.proxyWhitelist - Comma-separated whitelist for target hosts that the hawtio-jmx Connect plugin can connect to via ProxyServlet (default localhost, 127.0.0.1). All hosts that are not listed in this whitelist are denied to connect for security reasons. This option can be set to * to restore old behavior and whitelist all hosts. Prefixing an element of the list with "r:" allows to define a regexp (example: localhost,r:myservers[0-9]+.mydomain.com)

If you are using hawtio.war then modify its WEB-INF/web.xml like this:

  <servlet>
    <servlet-name>jolokia-proxy</servlet-name>
    <servlet-class>io.hawt.web.ProxyServlet</servlet-class>
    <!--
      Comma-separated list of allowed target hosts. It is required for security.
      '*' allows all hosts but keep in mind it's vulnerable to security attacks.
    -->
    <init-param>
      <param-name>proxyWhitelist</param-name>
      <param-value>
        localhost,
        127.0.0.1,
        remote-server-1
      </param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
  </servlet>

Conversion answered 5/4, 2017 at 10:45 Comment(4)

it is worth noting that after version 2.10.1, this attribute has been renamed to hawtio.proxyAllowlist. – Blue 27/7, 2020 at 18:34

Doesn't work in Version 2.16.1. When I try to add a connection, I get "Host not whitelisted". I added -Dhawtio.proxyAllowList=SERVERNAME as well to the command line, same failure (launched with javaw, BTW, not with java, which bombs immediately) – Glossology 26/11, 2022 at 6:21

@Glossology Can you try not hawtio.proxyAllowList but hawtio.proxyAllowlist? – Conversion 26/11, 2022 at 12:33

@Tadayoshi yes, that works, thanks. I'm still not happy with the interface. (1) Can't edit the allow list from within the application (ok, maybe that shouldn't be possible), only the command line. (2) No way to exit the application cleanly. Having launched from the command line, I can only kill the browser (window, running the client), which leaves java running. Oh well, can't have everything... – Glossology 28/11, 2022 at 5:59

M

16

If you are using the runnable JAR version of Hawtio you can pass the parameter hawtio.proxyWhitelist also when starting the application:

java -Dhawtio.proxyWhitelist=SERVERNAME -jar hawtio-app-1.5.3.jar

Monkhmer answered 22/8, 2017 at 15:23 Comment(2)

Doesn't work. When I try to add a connection, I get "Host not whitelisted". I added -Dhawtio.proxyAllowList=SERVERNAME as well to the command line (launched with javaw, not java), same failure. (Version 2.16.1) – Glossology 26/11, 2022 at 6:18

Could it be that it is just a typo with the uppercase letter "L" ? The documentation states that since version 2.10.1 the correct parameter is hawtio.proxyAllowlist. So it should be 'java -Dhawtio.proxyAllowlist=SERVERNAME -jar hawtio-app-2.16.1.jar' in your case – Monkhmer 29/11, 2022 at 9:32

C

15