Help Center/ Application Performance Management/ Best Practices(2.0)/ Connecting to APM/ Connecting to APM Through a Public Network
Updated on 2025-03-27 GMT+08:00
View PDF
Share

Connecting to APM Through a Public Network

Prerequisites

  1. You have purchased an ECS as the jump server.
  2. You have bound an EIP to the ECS.

  3. You are advised to use CentOS 6.5 64bit or later images. The minimum specifications are 1 vCPU | 1 GB and the recommended ones are 2 vCPUs | 4 GB.

  4. You are advised to use iptables for the jump server to forward data.

Procedure

Purchase an ECS as the jump server and perform the following operations:

  1. Log in to the ECS and modify its security group rules.

    1. On the ECS details page, click the Security Groups tab.
    2. Click a security group name and click Modify Security Group Rule.
    3. On the security group details page, click the Inbound Rules tab and then click Add Rule. On the page displayed, add a security group rule by referring to Table 1.
      Table 1 Security group rule

      Direction

      Protocol

      Port

      Description

      Inbound

      TCP

      41333,41335

      JavaAgent will send data to the jump server through the listed ports.

  2. Obtain the APM report address. For details, see Access Address (master.address).
  3. Log in to the jump server as the root user and run the iptables forwarding command.

    If the iptables service does not exist, run the following commands to install it:

    yum install iptables-services
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl mask firewalld.service
    1. Enable data forwarding. 
      # Edit the file.
vim /etc/sysctl.conf
# Add the following content:
net.ipv4.ip_forward=1
# Enable data forwarding.
sysctl -p
    2. Forward the data from the port of the local host (jump server) to the port for reporting data to APM. 
      # Edit the file.
vim /etc/sysconfig/iptables
# *Add filters.
-A INPUT -p tcp -m state --state NEW -m tcp --dport 41333 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 41335 -j ACCEPT
# *Add NAT rules.
-A OUTPUT -p tcp --dport 41333 -j DNAT --to-destination {IP address of the host that reports data to APM}:41333
-A PREROUTING -p tcp --dport 41333 -j DNAT --to-destination {IP address of the host that reports data to APM}:41333
-A POSTROUTING -d {IP address of the host that reports data to APM}/32 -p tcp --dport 41333 -j SNAT --to-source {IP address of the jump server}

-A OUTPUT -p tcp --dport 41335 -j DNAT --to-destination {IP address of the host that reports data to APM}:41335
-A PREROUTING -p tcp --dport 41335 -j DNAT --to-destination {IP address of the host that reports data to APM}:41335
-A POSTROUTING -d {IP address of the host that reports data to APM}/32 -p tcp --dport 41335 -j SNAT --to-source {IP address of the jump server}

# If the following rule exists, delete it:
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
    3. Restart iptables. 
      systemctl restart iptables
    4. Check whether port forwarding is successful. 
      curl -kv https://{IP address of the jump server}:41333
curl -kv https://{IP address of the jump server}:41335

  4. Modify the apm.config file in the JavaAgent package. 

    master.address=https://{Public IP address of the jump server}:41333
access.address={Public IP address of the jump server}:41335

  5. Restart the application.
Parent topic: Connecting to APM