Sending message to ActiveMQ over internet

I want to implement messaging over internet. But didn't have IP Public yet. So I want to ask any one here about sending message to ActiveMQ using JMS over internet?

Could It 开发者_JS百科be done ?

Yes, it exposes a normal TCP based endpoint(by default at port 61616). However, this would not be a recommended deployment model - a better model will be to expose a http based endpoint using a servlet container which internally hands over the message to the activemq broker.

There a lot of good solutions that can do this -

1. Spring Integration , Apache Camel
2. Exposing a Webservice endpoint using say Apache CXF (which will bring you a standards based interface), which will internally hand over the message to ActiveMQ.

yes, It can be done. we are currently running a little under a thousand "consumers" which connect to our brokers over the internet.

As to the insecurity of traffic over the internet, i do not agree completely:

exposing a webservice is just as riskfull as exposing the broker. In the end, you are never 100% sure your own code or the code or the underlying application (Apache CXF, Webserver, application server, database server, message broker) contain flaws that could be a security risk. Second to that, HTTP is just as much TCP traffic as ActiveMQ is ( Stomp or openwire protocol)

That being said, you can take all measures to make the risk as small as possible.

we have done the following:

• User & Password Required to connect to the broker (ActiveMQ suports a wide range of Authentication solutions and you can roll your own if required)

• Switch port to a different number so detection is more difficult

• if you have control over the consumers aswell, apply IP filters in the firewall for what ip's can connect to the broker ( unfortunately, this was not possible in our case)

• encrypt your messages

• We have added an application level Authentication aswell using a token. This way, every message is authenticated in our own application

-> if all of these are implemented, I think you are pretty safe and as a bonus, you do not need the extra layer of webservices ( if this application needs to scale, you will need to scale your webservices equally with your brokers.

Plain connections (openwire) should be fine. It's much simpler to stick with the standard setup than to try setting up web services and whatnot. Just make sure to encrypt the channels with SSL. If you use plain passwords, they can possibly be picked up over public networks (unlikely but anyway) - that's why I prefer SSL.

Actually, ActiveMQ is a very good way to do communication over the Internet since it supports transactions and persistence, making it cope well with network stability issues.

However, you need a public IP (or some NAT/port forwarding solution form a public IP) on the machine running the ActiveMQ server for this to work.