I would like to check JVM state on my server using VisualVM and JMX. But I can’t connect directly to it because is behind firewall or in inaccessible network. Luckily I can connect through SSH to machine which can access my server.
I need to enable JMX for my application on server. Add following parameters into java command line of application:
-Dcom.sun.management.jmxremote.port=9872 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
Check that you can connect to your application with this setting when debugging on local computer using JMX:
OK, so it works locally, great! Now try to deploy your app to server and try to run ssh with port forwarding from your computer:
ssh -L 9872:192.168.11.52:9872 email@example.com
So try to redirect port 9872 on server through tunnel between my and mediator computer to my local port 9872. But when I try to connect to localhost 9872 I get message:
(“Cannot connect to localhost:9872 using service:jmx:rmi:////jndi/rmi://localhost:9872/jmxrmi”)
Beside communication on JMX port (in my case 9872) VisualVM tries to communicate by random other port using RMI. But because only one port was redirected this fails.
So let’s try to add 2 more parameters that will fix interface for RMI to 127.0.0.1:9872. So only one port will be used:
-Djava.rmi.server.hostname=127.0.0.1 -Dcom.sun.management.jmxremote.rmi.port=9872 -Dcom.sun.management.jmxremote.port=9872 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false
I use 127.0.0.1 because that should work on all computers and therefore this setting is suitable for installation package. If you can use fixed IP address you can avoid nesting of SSH tunnel below. But usage of loopback interface is more secure because should not be visible from outside of machine.
So now lets try to do nested port forwarding, please check that port 9872 is available on both mediator and your computer. If not, choose different one. On my computer launch:
ssh -L 9872:localhost:9872 firstname.lastname@example.org
That will open tunnel between my computer and mediator. Then on mediator (you can use opened console from command above) execute:
ssh -L 9872:127.0.0.1:9872 email@example.com
And that will open tunnel between mediator and server. Add JMX connection to localhost:9872: