Embedded ActiveMQ settings

The Embedded ActiveMQ settings enable you to configure settings for the Apache ActiveMQ messaging broker that is embedded in each API Gateway instance. You can also configure multiple embedded ActiveMQ brokers to work together as a network of brokers in a group of API Gateway instances. For more details, see Apache ActiveMQ website.

Configure Embedded ActiveMQ settings

Apache ActiveMQ 5.14.3 restricts serializing object message types. To allow the serialization, you must add the impacted packages to the system property in the jvm.xml file.

To allow serialization globally on all API Gateway instances, add the following to INSTALL_DIR/system/conf/jvm.xml:

<VMArg name="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=<list of packages>"/>

Use comma to separate the packages. For example:

<VMArg name="-Dorg.apache.activemq.SERIALIZABLE_PACKAGES=myorg.data,myorg2.data2">

To allow serialization on a particularAPI Gateway instance, add the above code to INSTALL_DIR/groups/<group name>/<instance name>/conf/jvm.xml.

To configure Embedded ActiveMQ settings, select the Environment Configuration > Server Settings node in the Policy Studio tree, and click Messaging > Embedded ActiveMQ. Alternatively, in the Policy Studio main menu, select Tasks > Manage Gateway Settings > Messaging > Embedded ActiveMQ. To apply updates to these settings, click Apply changes at the bottom right of the screen.

General messaging settings

Configure the following ActiveMQ messaging settings:

Enable Embedded ActiveMQ Broker:
Specifies whether to enable starting up the ActiveMQ broker that is embedded in the API Gateway instance. This is not selected by default.

Address:
Specifies the IP address used to open a listening socket for incoming ActiveMQ connections. Defaults to 0.0.0.0, which specifies that all interface addresses should be used.

Port:
Specifies the TCP port for incoming ActiveMQ connections. Defaults to ${env.BROKER.PORT}, which enables the port number to be environmentalized. This means that the port number is specified in the envSettings.props file on a per-server basis. For more details, see the API Gateway DevOps Deployment Guide. Alternatively, you can enter the port number directly in this field (for example, 61616).

Shared Directory:
Specifies the location of the shared directory in your environment that is used by multiple embedded ActiveMQ brokers. This setting is required, and must be configured for high availability and failover. Defaults to INSTALL_DIR/messaging-shared.

SSL settings

Configure the following settings to secure the communication with JMS clients, and between multiple embedded ActiveMQ brokers:

Enable SSL:
Specifies whether to use Secure Sockets Layer (SSL) to secure the communication with JMS clients, and between ActiveMQ brokers.

Server Cert:
When Enable SSL is selected, click to select the server certificate with a private key that is used for SSL communication between ActiveMQ brokers. For details on importing certificates into the certificate store, see Manage X.509 certificates and keys.

Accepted cipher suites:
When Enable SSL is selected, select which cipher suites should be accepted by the JMS server when the SSL communication is being established.

Note   If no cipher suites are selected, the default cipher suites from the Java Security Socket Extension (JSSE) are used.

Require Client Certificates:
When Enable SSL is set, specifies whether to require client certificates for client SSL authentication. For example, for mutual (two-way) SSL communication, you must trust the issuer of the client certificate by importing the client certificate issuer into the certificate store. For details on importing certificates, see Manage X.509 certificates and keys.

When Require client certificates is selected, you can then select the root certificate authorities that are trusted for mutual (two-way) SSL communication between ActiveMQ brokers. For details on importing certificates into the API Gateway certificate store, see Manage X.509 certificates and keys.

Authentication settings

Configure the following to specify authentication settings between multiple embedded ActiveMQ brokers:

Note   The authentication settings are also used by features on the Messaging tab in the API Gateway Manager web console (for example, sending messages and managing durable topic subscriptions). For more details, see Manage embedded ActiveMQ messaging.

Authenticate broker and client connections with the following policy:
When username/password credentials are provided for inter-broker communication, they are delegated to the selected policy for authentication. By default, no policy is selected. To select a policy, click the button on the right, and select a pre-configured policy in the dialog.

Username:
Specifies the username credential when connecting to other ActiveMQ brokers.

Password:
Specifies the password credential when connecting to other ActiveMQ brokers.

Communicate with brokers in the same group:
Every API Gateway instance belongs to a group. This setting specifies whether to communicate only with ActiveMQ brokers in the same API Gateway group. This is the default setting.

Or brokers outside the group registered with the following alias:
Specifies an alias name used to communicate with other ActiveMQ brokers registered with the same alias. This setting enables communication with ActiveMQ brokers that belong to different API Gateway groups.

Related Links