JMX connection to Tomcat running on Amazon EC2

Question

My Tomcat 7 process, which I run on a server on Amazon EC2, has settings such as these in CATALINA_OPTS which should allow me to connect for JMX monitoring remotely:

-Dcom.sun.management.jmxremote.port=8086
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

However, connecting remotely does not work with either jconsole or jvisualvm. It just times out.

I've triple-checked that the EC2 security group allows access to the JMX remote port from my IP (and only from my IP).

Are there any settings missing?

score 3 · Accepted Answer · answered Jan 15 '12 at 09:36

Specify the java.rmi.server.hostname option too, so that it points to the public DNS name of your EC2 server:

-Djava.rmi.server.hostname=your.public.dns

That was sufficient to get it working for me, but for more tips, try this blog post:
JMX Monitoring on Amazon EC2

score 3 · Answer 2 · answered Aug 20 '12 at 11:39

Here is more complete explanation of how to do it without messing with the group security (aka firewall):

Server side:

download http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.23/bin/extras/catalina-jmx-remote.jar and put it in tomcat/lib

add following listener to server.xml:

<listener classname="org.apache.catalina.mbeans.JmxRemoteLifecycleListener"
    rmiregistryportplatform="10001" 
    rmiserverportplatform="10002" 
    uselocalports="true" />

add following settings in tomcat/bin/setenv.sh:

CATALINA_OPTS="-Dcom.sun.management.jmxremote \
 -Dcom.sun.management.jmxremote.ssl=false \
 -Dcom.sun.management.jmxremote.authenticate=false"
export CATALINA_OPTS

Restart tomcat

Client side:

download same catalina-jmx-remote.jar and put it in JDK/JRE/lib/ext (same file as downloaded at Server step 1)
start ssh tunnel with:

ssh user@aws-host -L10001:127.0.0.1:10001 -L10002:127.0.0.1:10002
Start JConsole and enter the following remote service URL:

service:jmx:rmi://127.0.0.1:10002/jndi/rmi://127.0.0.1:10001/jmxrmi

You have JConsole connected over SSH to your tomcat running on AWS.

As posted on: http://www.cod.ro/2012/08/monitoring-tomcat-7-on-rhel-aws-using.html

score 3 · Answer 3 · answered Mar 24 '15 at 16:18

If you're having trouble setting the correct hostname for java.rmi.server.hostname try the following:

-Djava.rmi.server.hostname=$(/usr/bin/curl -s --connect-timeout 2 instance-data.ec2.internal/latest/meta-data/public-hostname)

This is convenient to use in an Elastic Beanstalk environment where instances will come and go.

score 0 · Answer 4 · edited Sep 08 '16 at 00:54

I also tried using the JmxRemoteLifecycleListener and it didn't work for me.

This is what it worked for me:

I choose 1005 as JMX port and my setenve.sh is like:

CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=10005 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.local.only=false -Djava.rmi.server.hostname=localhost"

Redirect using SSH the JMX port and the RMI

Run visualvm using the following URI:

service:jmx:rmi:///jndi/rmi://localhost:10005/jmxrmi

If you need more information have a look to this post: http://ignaciosuay.com/how-to-connect-a-java-profiler-like-visualvm-or-jconsole-to-a-remote-tomcat-running-on-amazon-ec2/

JMX connection to Tomcat running on Amazon EC2

4 Answers4

Server side:

Client side: