Subject: Configure Tomcat's Administrative Users
Author: Linux
In response to: Configure Tomcat to survive instance reboot
Posted on: 10/22/2017 10:31:15 PM
By default, there is no users who can manage Tomcat through the administrative UI. You can add users by file tomcat-users.xml
$ sudo nano /opt/tomcat/apache-tomcat-8.5.23/conf/tomcat-users.xml
<tomcat-users . . .>
<user username="admin" password="password" roles="manager-gui,admin-gui"/>
</tomcat-users>
By default, the above defined users can only manage Tomcat through connections coming from the server itself. Since we are installing on a remote machine, you will probably want to remove or alter this restriction. To change the IP address restrictions on these, open the appropriate
context.xml files.
For
Manager App, type:
$ sudo nano /opt/tomcat/apache-tomcat-8.5.23/webapps/manager/META-INF/context.xml
For
Host Manager, type:
$ sudo nano /opt/tomcat/apache-tomcat-8.5.23/webapps/host-manager/META-INF/context.xml
Then comment out the IP address restriction:
<Context antiResourceLocking="false" privileged="true" >
<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->
</Context>
To put our changes into effect, restart the Tomcat service:
$ sudo systemctl restart tomcat
>
> On 10/22/2017 09:52:14 PM
Linux wrote:
First, create a systemd service file tomcat.service
$ sudo nano /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/local/java/jdk1.8.0_152/jre
Environment=CATALINA_PID=/opt/tomcat/apache-tomcat-8.5.23/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.23
Environment=CATALINA_BASE=/opt/tomcat/apache-tomcat-8.5.23
Environment='CATALINA_OPTS=-Xms128M -Xmx512M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/apache-tomcat-8.5.23/bin/startup.sh
ExecStop=/opt/tomcat/apache-tomcat-8.5.23/bin/shutdown.sh
User=administrator
Group=administrator
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
Then, enable the service (it will auto-start after reboot):
$ sudo systemctl daemon-reload
$ sudo systemctl enable tomcat
If you want to start the service right now (in this session), type the command
$ sudo systemctl start tomcat
OR
$ sudo systemctl restart tomcat
You can check the status of a given service by
$ sudo systemctl status tomcat
tomcat.service - Apache Tomcat Web Application Container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: e
Active: active (running) since Sun 2017-10-22 14:40:10 PDT; 13min ago
Process: 950 ExecStart=/opt/tomcat/apache-tomcat-8.5.23/bin/startup.sh (code=e
Main PID: 996 (java)
CGroup: /system.slice/tomcat.service
└─996 /usr/local/java/jdk1.8.0_152/jre/bin/java -Djava.util.logging.c
Oct 22 14:40:09 ubuntu systemd[1]: Starting Apache Tomcat Web Application Contai
Oct 22 14:40:10 ubuntu startup.sh[950]: Existing PID file found during start.
Oct 22 14:40:10 ubuntu startup.sh[950]: Removing/clearing stale PID file.
Oct 22 14:40:10 ubuntu startup.sh[950]: Tomcat started.
Oct 22 14:40:10 ubuntu systemd[1]: Started Apache Tomcat Web Application Contain
References:
