Search code examples
tomcat

Access Tomcat Manager App from different host

I have installed tomcat 9 on a remote sever and after starting it, it was brought up fine, I can access http://host_name:port_num and see tomcat hello page. But when I try to open manager app to see my deployed apps, I get 403 access denied, I already add roles in tomcat user xml as following:

<role rolename="manager"/>
<role rolename="manager-gui"/>
<role rolename="admin"/>
<user username="user" password="password" roles="admin,manager,manager-gui"/>

The error messages I saw is:

By default the Host Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Host Manager's context.xml file.

How should I change context.xml file and get access to manager app?

Solution

  • Each deployed webapp has a context.xml file that lives in

    $CATALINA_BASE/conf/[enginename]/[hostname]

(conf/Catalina/localhost by default)

    and has the same name as the webapp (manager.xml in this case). If no file is present, default values are used.

    So, you need to create a file conf/Catalina/localhost/manager.xml and specify the rule you want to allow remote access. For example, the following content of manager.xml will allow access from all machines:

    <Context privileged="true" antiResourceLocking="false" 
         docBase="${catalina.home}/webapps/manager">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^YOUR.IP.ADDRESS.HERE$" />
</Context>

    Note that the allow attribute of the Valve element is a regular expression that matches the IP address of the connecting host. So substitute your IP address for YOUR.IP.ADDRESS.HERE (or some other useful expression).

    Other Valve classes cater for other rules (e.g. RemoteHostValve for matching host names). Earlier versions of Tomcat use a valve class org.apache.catalina.valves.RemoteIpValve for IP address matching.

    Once the changes above have been made, you should be presented with an authentication dialog when accessing the manager URL. If you enter the details you have supplied in tomcat-users.xml you should have access to the Manager.