Apache Tomcat Management
Management URLs
These URLs will ask for a username/password...
http://localhost:8080/manager/html (Tomcat Web Application Manager)
http://localhost:8080/host-manager/html (Tomcat Virtual Host Manager)
Add lines similar to the following in: /tomcat/latest/conf/tomcat-users.xml
Lines should be inside the <tomcat-users> section. Change username and password as appropriate
<role rolename="admin-gui"/>
<user username="myUser" password="myPassword" roles="manager-gui,admin-gui"/>
Restart Tomcat for your changes to take effect.
systemctl restart tomcat
A default Tomcat install will also have the following URLs available...
http://localhost:8080/docs/ (Documentation)
Remote Management
By default the management URLs are not available from a browser outside of the 127.0.0.0/8 network.
Note that the default allow list means that you can only access the Tomcat management screens from localhost. The regular expression allows access from any host with an IP address between 127.0.0.1 and 127.255.255.255, but ALL addresses on the 127.0.0.0/8 network relate to the localhost and cannot be used to identify a remote server.To change this, edit...
/tomcat/latest/webapps/manager/META-INF/context.xml...
Default...
<Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/></Context>To allow access from a web browser on 172.16.16.5, change the file as shown...
<Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|172.16.16.5" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/></Context>Note that the allow list is just a regular expression. The strings ::1 and 0:0:0:0:0:0:0:1 both identify the IPv6 loopback address.For the host-manager page you need to do the same to...
/tomcat/latest/webapps/host-manager/META-INF/context.xml
Server Status
Web Application Manager
Virtual Host Manager
