Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / FirstSpirit Server (fs-server.conf) / JMX

Area: JMX

Table of contents
# Listen host and port. If port is empty, JMX is disabled${HOST}
# SSL and keystore
# User authentication and access level. If password file is empty,
# authentication is disabled

Configuration of the JMX connector for (remote) monitoring of the FirstSpirit Server JVM (see FirstSpirit JMX Console). JMX is used to query the system status and provides current FirstSpirit Server and Java system information. For example, jconsole (contained in JDK) or other system monitors that support the JMX protocol can be used as a client.

This parameter instructs the FirstSpirit Server to accept incoming requests at the specified jmx.port (see below) in accordance with the host name (or IP address) defined here. By default, it accepts all IP interface connections. has to be configured if the JMX connector is to be restricted to a specific interface for security reasons. The information is also required if no remote JMX connection can be established from jconsole, for example, as the dedicated host name of the server cannot be resolved via DNS or has only been entered in /etc/hosts using a local IP address. In this case, the dedicated IP address or dedicated host name of the server must be entered here.


A free port number for the JMX / RMI connection (JMX connector). If no port is specified, access to JMX is not possible.


Use of Secure Sockets Layer (SSL) is disabled by default (default value: false). 


Use of client SSL authentication is disabled by default (default value: false). To enable client SSL authentication for remote monitoring via JMX, this parameter must be set to true.

This parameter is used to specify the file system path to the keystore.

Password for the keystore file.


Enables user authentication for JMX access to the FirstSpirit server. This parameter is used to specify the file system path to the JMX password file. The JMX password file manages different roles/users and their passwords.
Note: Since the passwords in this file are saved as plain text, the default authentication information should not be stored here; roles and passwords defined specifically for JMX access should be stored here instead (see jmx.access.file). The JRE contains a template for a password file called jmxremote.password.template. This template can be copied to JRE_HOME/lib/ Management/jmxremote.password and can be expanded to include passwords for the roles that are defined in the JMX access file. If no value is specified (default state), JMX authentication is disabled.


This parameter is used to specify the file system path to the JMX password file (jmxremote.access). The access file manages different roles/users and their access permissions. The roles managed here must match the roles in the password file. The associated value must either be readonly or “readwrite”. Therefore, a “monitorRole” can be defined, for instance, that permits only read access to monitoring, and a “controlRole” can be defined that permits read and write access to monitoring and management.

Note on the JMX configuration of cluster nodes:Cluster nodes do not have their own configuration file, which means that all properties are loaded from the master. The JMX access to the cluster node(s) must be configured in the fs-server.conf of the master server. In addition, all JMX parameters for these nodes must have the prefix cluster.<Slave-Server-Name>. The slave server name is the name of the slave server that has been stored in the server properties in the “Clustering” area for the node (see Clustering). Example:


For the parameter cluster.<Slave-Server-Name>, the fully qualified host name of the slave server or its IP address must be entered in this case.

Important To operate the JMX console in a production environment, user authentication and, if applicable, encrypted SSL access should always be enabled. If these parameters are disabled (default setting), access to the JMX port is not protected and unauthorized users could shut down the server via the JMX port.

For more information on configuring JMX, see:          

© 2005 - 2024 Crownpeak Technology GmbH | All rights reserved. | FirstSpirit 2024.4 | Data privacy