I recently had to configure a Tomcat to allow remote access to the JMX service. It involved some configuration to get a connection through the firewall so I’ve made a configuration-guide for those interested.
Using tools like VisualVM or JConsole can tell you a lot about how your application is performing. A typical use case could be monitoring the CPU and memory load or gather information about the running threads. Some more advanced features include reading and manipulating data by calling MBeans .
The idea is to use the JMX api to connect to MBeans on a remote Tomcat. Connecting to a local Tomcat takes no effort at all. Just start your Tomcat, open VisualVM, and click on the local application you wish to monitor. Connecting to a remote Tomcat requires some additional configuration.
JMX allows you to specify a server port by using the com.sun.management.jmxremote.port system-property. Access to this port allows the JMX-Client to connect to the RMI-registry where the client may find the location of the RMI-server. The problem is that the RMI-server is assigned a random port which will probably be blocked if you are behind a firewall !
In the Tomcat binary distribution download location you will find a folder named (version)/bin/extras with the file catalina-jmx-remote.jar. Copy this jar to the lib folder of your Tomcat installation.
Edit the server.xml in the conf folder of the Tomcat installation to include the new Listener:
In this example the registry will be located on port 9090, the rmi-server will be accessible on 9191
Create 2 new files in the same conf directory: jmxremote.password and jmxremote.access
file jmxremote.password, contains users and passwords
file jmxremote.access, specifies the authorizations for users
Add the following system-properties to your Tomcat startup-script, or your environment:
And finally don’t forget to open the two specified ports (in our example 9090 and 9191) on your firewall, in a Linux environment with Iptables you can use the following configuration:
Now you can connect with your favorite JMX client by using the url: