import{_ as l,a as c,b as d}from"./tunnel-server-agents.03d5eafa.js";import{_ as p,o as h,c as u,a as e,b as a,w as r,e as n,d as t,r as i}from"./app.977e81c1.js";const m={},v=e("h1",{id:"arthas-tunnel",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#arthas-tunnel","aria-hidden":"true"},"#"),n(" Arthas Tunnel")],-1),b=e("p",null,"Manage/connect multiple Agents remotely via Arthas Tunnel Server/Client.",-1),g=e("p",null,"For example, in streaming computing, Java processes can be started on different machines, and it can be difficult to use Arthas to diagnose them, because the user usually does not have access to the machine.",-1),_=e("p",null,"In this case, Arthas Tunnel Server/Client can be used.",-1),f=e("p",null,"Reference:",-1),k=n("1: "),w=n("Web Console"),y=n("2: "),x=n("Arthas Spring Boot Starter"),I=e("h2",{id:"download-and-deploy-arthas-tunnel-server",tabindex:"-1"},[e("a",{class:"header-anchor",href:"#download-and-deploy-arthas-tunnel-server","aria-hidden":"true"},"#"),n(" Download and deploy arthas tunnel server")],-1),A={href:"https://github.com/alibaba/arthas/releases",target:"_blank",rel:"noopener noreferrer"},N=n("https://github.com/alibaba/arthas/releases"),T=t(`

Arthas tunnel server is a spring boot fat jar application, start with the java -jar command:

java -jar  arthas-tunnel-server.jar

By default, the web port of the arthas tunnel server is 8080, and the port connected by the arthas agent is 7777.

`,3),R=n("Once started, you can go to "),E={href:"http://127.0.0.1:8080/",target:"_blank",rel:"noopener noreferrer"},S=n("http://127.0.0.1:8080/"),L=n(" and connect to the registered arthas agent via "),B=e("code",null,"agentId",-1),P=n("."),C=n("Through Spring Boot's Endpoint, you can view the specific connection information: "),V={href:"http://127.0.0.1:8080/actuator/arthas",target:"_blank",rel:"noopener noreferrer"},j=n("http://127.0.0.1:8080/actuator/arthas"),D=n(", the login user name is "),O=e("code",null,"arthas",-1),M=n(", and the password can be found in the log of arthas tunnel server, for example:"),U=t(`
32851 [main] INFO o.s.b.a.s.s.UserDetailsServiceAutoConfiguration

Using generated security password: f1dca050-3777-48f4-a577-6367e55a78a2

Connecting to the tunnel server when starting arthas

When starting arthas, you can use the --tunnel-server parameter, for example:

as.sh --tunnel-server 'ws://127.0.0.1:7777/ws'

You can also use the following test address (not guaranteed to be available all the time):

as.sh --tunnel-server 'ws://47.75.156.201:80/ws'

After Arthas attach succeeds, the agentId will be printed, such as:

  ,---.  ,------. ,--------.,--.  ,--.  ,---.   ,---.
 /  O  \\ |  .--. ''--.  .--'|  '--'  | /  O  \\ '   .-'
|  .-.  ||  '--'.'   |  |   |  .--.  ||  .-.  |\`.  \`-.
|  | |  ||  |\\  \\    |  |   |  |  |  ||  | |  |.-'    |
\`--' \`--'\`--' '--'   \`--'   \`--'  \`--'\`--' \`--'\`-----'


wiki      https://arthas.aliyun.com/doc
tutorials https://arthas.aliyun.com/doc/arthas-tutorials.html
version   3.1.2
pid       86183
time      2019-08-30 15:40:53
id        URJZ5L48RPBR2ALI5K4V

If the connection is not connected to the tunnel server at startup, you can also obtain the agentId through the session command after reconnection succeeds:

[arthas@86183]$ session
 Name           Value
-----------------------------------------------------
 JAVA_PID       86183
 SESSION_ID     f7273eb5-e7b0-4a00-bc5b-3fe55d741882
 AGENT_ID       URJZ5L48RPBR2ALI5K4V
 TUNNEL_SERVER  ws://47.75.156.201:80/ws
`,11),J=n("For the above example, go to "),F={href:"http://47.75.156.201/arthas/?port=80",target:"_blank",rel:"noopener noreferrer"},G=n("http://47.75.156.201/arthas/?port=80"),Y=n(" in the browser and input the "),Z=e("code",null,"agentId",-1),K=n(" to connect to arthas on remote machine."),W=t('

Best practices

WARNING

Note that the agentId must be unique, otherwise it will conflict on the tunnel server and not work properly.

If the arthas agent is configured with appName, the generated agentId will be prefixed with appName.

For example, if you add the startup parameter as.sh --tunnel-server 'ws://127.0.0.1:7777/ws' --app-name demoapp, the generated agentId might be demoapp_URJZ5L48RPBR2ALI5K4V.

Tunnel server will use _ as a delimiter to extract appName, which is convenient to manage by application.

TIP

Alternatively, you can configure appName in arthas.properties in the unzipped arthas directory, or in application.properties of the spring boot application.

Tunnel Server Management Page

',8),$={class:"custom-container tip"},q=e("p",{class:"custom-container-title"},"TIP",-1),z=e("p",null,[n("You need to configure "),e("code",null,"arthas.enable-detail-pages=true"),n(" in "),e("code",null,"application.properties"),n(" of tunnel-server, or you can specify it with command line parameters: "),e("code",null,"java -Darthas.enable-detail-pages=true -jar arthas-tunnel-server.jar")],-1),H=n("Supported configuration: "),Q={href:"https://github.com/alibaba/arthas/blob/master/tunnel-server/src/main/resources/application.properties",target:"_blank",rel:"noopener noreferrer"},X=n("tunnel-server application.properties"),ee=e("p",null,"**Attention, opening the management page is risky! The management page is not authenticated, so you must add security measures yourself, and do not open it to the public network. **",-1),ne=t(`

Start the tunnel-server locally, then use as.sh attach, and specify the application name --app-name test:

$ as.sh --tunnel-server 'ws://127.0.0.1:7777/ws' --app-name test
telnet connecting to arthas server... current timestamp is 1627539688
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
  ,---.  ,------. ,--------.,--.  ,--.  ,---.   ,---.
 /  O  \\ |  .--. ''--.  .--'|  '--'  | /  O  \\ '   .-'
|  .-.  ||  '--'.'   |  |   |  .--.  ||  .-.  |\`.  \`-.
|  | |  ||  |\\  \\    |  |   |  |  |  ||  | |  |.-'    |
\`--' \`--'\`--' '--'   \`--'   \`--'  \`--'\`--' \`--'\`-----'


wiki       https://arthas.aliyun.com/doc
tutorials  https://arthas.aliyun.com/doc/arthas-tutorials.html
version    3.5.3
main_class demo.MathGame
pid        65825
time       2021-07-29 14:21:29
id         test_PE3LZO9NA9ENJYTPGL9L

Then visit tunnel-server, you can see a list of all connected applications:

`,3),ae={href:"http://localhost:8080/apps.html",target:"_blank",rel:"noopener noreferrer"},se=n("http://localhost:8080/apps.html"),te=e("p",null,[e("img",{src:l,alt:""})],-1),oe=e("p",null,"Then open the details, you can see a list of all connected agents:",-1),re={href:"http://localhost:8080/agents.html?app=test",target:"_blank",rel:"noopener noreferrer"},ie=n("http://localhost:8080/agents.html?app=test"),le=t('

Security and Privilege Management

TIP

It is strongly recommended not to expose the tunnel server directly to the public network.

Currently tunnel server does not have special permission management

  1. Users need to develop by themselves and authenticate the app name.
  2. If the management page is opened, security measures need to be added.

Cluster Management

If you want to deploy multiple tunnel servers, you can use nginx for forwarding and redis to store agent information.

Nginx needs to configure sticky session to ensure that the user's web socket is connected to the same back-end tunnel server. The simple configuration method is to use ip_hash.

How arthas tunnel server works

browser <-> arthas tunnel server <-> arthas tunnel client <-> arthas agent
`,10),ce={href:"https://github.com/alibaba/arthas/blob/master/tunnel-server/README.md#",target:"_blank",rel:"noopener noreferrer"},de=n("tunnel-server/README.md");function pe(he,ue){const o=i("RouterLink"),s=i("ExternalLinkIcon");return h(),u("div",null,[v,b,g,_,f,e("ul",null,[e("li",null,[k,a(o,{to:"/en/doc/web-console.html"},{default:r(()=>[w]),_:1})]),e("li",null,[y,a(o,{to:"/en/doc/spring-boot-starter.html"},{default:r(()=>[x]),_:1})])]),I,e("p",null,[e("a",A,[N,a(s)])]),T,e("p",null,[R,e("a",E,[S,a(s)]),L,B,P]),e("p",null,[C,e("a",V,[j,a(s)]),D,O,M]),U,e("p",null,[J,e("a",F,[G,a(s)]),Y,Z,K]),W,e("div",$,[q,z,e("p",null,[H,e("a",Q,[X,a(s)])]),ee]),ne,e("p",null,[e("a",ae,[se,a(s)])]),te,oe,e("p",null,[e("a",re,[ie,a(s)])]),le,e("p",null,[e("a",ce,[de,a(s)])])])}const be=p(m,[["render",pe],["__file","tunnel.html.vue"]]);export{be as default};