1) Install https-tools on each server where monitoring can possibly run, install https-tools:

sudo yum install httpd-tools
generate encrypted password:
htpasswd -c passwordfile username


htpasswd -c passwordfile test
[demo@demo-vm ~]$ cat passwordfile

2) NOMAD and CONSUL password protected
create consul key for traefik, each “$” should be quoted, it means preceded by a “\” sign:

sudo consul kv put traefik/frontends/nomad/auth/basic/users/0
sudo consul kv put traefik/frontends/consul/auth/basic/users/0

Now access nomad and consul ui via traefik:

3) SERVER MONITORING password protected
take a backup of the abis-monitoring configuration file and edit:

cd /etc/innovatrics/conf.d/
sudo cp -pr abis-monitoring.nomad.hcl abis-monitoring.nomad.hcl.bkp
sudo vim abis-monitoring.nomad.hcl

Add following authentication settings at the end of the service tags (next to the /monitoring_proxy/"):

, "traefik.frontend.auth.basic=test:$apr1$01QUySNB$euQKVb6YCAutVijBxNouu1",


 Restart abis-monitoring:

cd /etc/innovatrics/conf.d
sudo nomad stop abis-monitoring
sudo nomad run abis-monitoring.nomad.hcl

 Test secured access, please note that once password is entered for e.g. the first link, you have to reopen browser
in order to get login window again for the next link:

Example of port forwarding in VirtualBox Manager:

Please also note that port 8443 is specified in this procedure just because of port forwarding set in VM. In real
environment there should be usually no port specification needed if traffic goes through traefik.

4) RESTORE PROCEDURE (Disabling password authentication)

cd /etc/innovatrics/conf.d/
sudo cp -pr abis-monitoring.nomad.hcl.bkp abis-monitoring.nomad.hcl
sudo nomad stop abis-monitoring
sudo nomad run abis-monitoring.nomad.hcl
sudo consul kv delete traefik/frontends/nomad/auth/basic/users/0
sudo consul kv delete traefik/frontends/consul/auth/basic/users/0

PLEASE NOTE that it’s customer’s responsibility to disable direct access towards traefik backends
(defined in https://<IP>/traefik) like http access to the abis monitoring, access to nomad ui on 4646 and
consul on 8500 ports.


sudo vim /opt/innovatrics/external-activemq515/conf/jetty-realm.properties

Change password, e.g. if new admin password is borovicka123 then edit:

admin: borovicka123, admin
If authentication by GUI password is not enabled, then enable it by editing jetty.xml:
<bean id="securityConstraint" class="org.eclipse.jetty.util.security.Constraint">
<property name="name" value="BASIC" />
<property name="roles" value="user,admin" />
<!-- set authenticate=false to disable login
<property name="authenticate" value="true" />-->
<property name="authenticate" value="true" />

 Note: In case of receiving following error while trying to pause AMQ:

curl --user admin:borovicka123,destinationNam
"error_type":"java.lang.exception","error":"java.lang.exception : origin null is not allowed
to call this agent","status":403



Remove following 3 lines for strict checking part from jolokia-access.xml:


Restart AMQ after editing files:

sudo nomad stop activemq
sudo nomad run /etc/innovatrics/conf.d/activemq.nomad.hcl


Now you can test access to ActiveMQ: http://<IP_Address>:8161/activemq/admin/queues.jsp

Relevant ABIS version: 7.X