Server

Remote Monitoring Through a SSH Tunnel

Updated: March 18, 2024

At some time, you may need to monitor your server trough your SSH access. We assume you have a direct connection to your remote server host. If you're using a gateway, this works too, you just have to configure the right ports forwarding.

Here is how to monitor your server through a SSH tunnel:

  1. On server host, run jstatd with the privileges of the Nuxeo's user:

    jstatd -J-Djava.security.policy=jstat.permissions
    
  2. On your SSH connection, configure a local “dynamic” application-level port forwarding:

    ssh -D 6767 remote-server-host
    
  3. Run jvisualvm on your local host and in the network options, enable the manual proxy settings and configure a socks proxy:

    localhost:6767
  4. Now in jvisualvm, add a remote host for the remote-server-host. You should get the list of Java processes ran by Nuxeo's user remotely.

  5. Identify Nuxeo's Tomcat and launch a connection.

In the given jstat command line, we reference the Java security configuration file jstat.permissions. Here is its content:

grant codebase "file:${java.home}/../lib/tools.jar" {
    permission java.security.AllPermission;
};