Recipe for setting up remote monitoring of Tomcat and Jetty containers using standard JDK tools

Conducting interviews with Java developers for about 6 years, I noticed that no one of the candidates who came came to know that it was possible to remotely monitor the state of the JVM with servlet containers using standard JDK tools.
Therefore, further step by step recipe, how to configure and use this great opportunity

Monitoring tools

---

• JConsole is a GUI tool for monitoring and managing both local and remote JVM and applications. We read about the official docks
• JVisualVM - simply - this is the JConsole + profiler. About this tool perfectly written by TheShade

Both software products are located in % JAVA_HOME% / bin JDK and use JMX technology - Java Management Extensions

Tomcat setup

---

% CATALINA_HOME% is the directory where Tomcat is installed.
')

1. In the directory % CATALINA_HOME% / conf create a config file remote.users with the contents of the form
   

   _1 _1 _2 _2 

   
   The name of the file can be given any at your discretion. The file contains logins and passwords in an explicit (unfortunately) form of users who will be entitled to perform remote monitoring.
   For example:
   

    tartaren from_tarascon portos passwordportos 

   
   
2. In the directory % CATALINA_HOME% / conf create a config file remote.acl with the contents of the form
   

    _1 _ _2 _ 

   
   The name of the file can be given any at your discretion. ACCESS RIGHT - one of two readwrite or readonly constants.
   For example:
   

    tartaren readonly portos readwrite 

   
   
3. chmod 400 remote.users
4. chmod 400 remote.acl
5. chown tomcat: tomcat remote.users
   (user and tomcat group may need to be replaced according to the situation)
6. chown tomcat: tomcat remote.acl
   (user and tomcat group may need to be replaced according to the situation)
7. Find the run script catalina.sh (usually found in % CATALINA_HOME% / bin )
8. In the script before the launch section add the command:
   

    CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.password.file=___remote.users -Dcom.sun.management.jmxremote.access.file=___remote.acl -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=_ -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<b>IP_" 

   
   IP_ADRES - The IP address of the Tomcat server.
   PORT NUMBER — The port number on which the Tomcat server will respond to JConsole or JVisualVM requests.
   For example:
   

     * * * fi CATALINA_OPTS="$CATALINA_OPTS $JPDA_OPTS" shift fi CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote.password.file=/usr/share/apache-tomcat-7.0.22/conf/remote.users -Dcom.sun.management.jmxremote.access.file=/usr/share/apache-tomcat-7.0.22/conf/remote.acl -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=7777 -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=1.1.1.1" if [ "$1" = "debug" ] ; then if $os400; then echo "Debug command not available on OS400" exit 1 * * * 

   
   
9. If you want to disable password authentication, you need to add -Dcom.sun.management.jmxremote.authenticate = false to the list of parameters CATALINA_OPTS
   
10. To make changes in the config and script take effect, you need to restart Tomcat using standard tools.

Jetty Setup

---

1. Create files remote.users and remote.acl (or with any other names at your discretion) in the directories that suit you.
2. chmod 400 remote.users
3. chmod 400 remote.acl
4. chown jetty: jetty remote.users
   (user and jetty group may need to be replaced according to the situation)
5. chown jetty: jetty remote.acl
   (user and tomcat group may need to be replaced according to the situation)
6. Most often, Jetty is used in conjunction with Maven. To run create script reboot.sh
   

    export MAVEN_OPTS="-Dcom.sun.management.jmxremote.password.file=/___/remote.users -Dcom.sun.management.jmxremote.access.file=/___/remote.acl -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=__ -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=IP_" mvn -P dev clean compile jetty:run 

   
   
7. chmod + x reboot.sh
8. Start (restart) Jetty with the command ./reboot.sh

JConsole connection

---

1. run jconsole
2. in the form that appears:

• select remote access mode
• enter the IP or domain name of the servlet container with the port number in the format
  IP_OR_DOMEN: NUMBER_PORT
• fill in the Username and Password
• press the [Connect] button

JConsole does not save connection settings and must be entered every time.
If you disable monitoring password authentication in the servlet container, you can connect using the jconsole IP_ORI_DOMEN: PORT NUMBER command

JVisualVM connection

---

1. run JVisualVM
2. choose in the menu File-> Add JMX connection
3. in the form that appears:
4. Connection - enter the IP or domain name of the servlet container with the port number in the format
   IP_OR_DOMEN: NUMBER_PORT
5. if there is a desire - turn on the "checkbox" Display name and enter the desired alias for this connection
6. enable checkbox Use security credentials
7. fill in the Username and Password
8. optionally enable “daw” Save security credentials
9. Click [OK]
10. in the left tree, in the Remote item a new section will appear with our container
11. On this container, right-click and select the Open item.