Tomcat manager

Hello,
I wanted to enable the tomcat manager.

I configured the user configuration files:
/opt/lucee/tomcat/conf/tomcat-users.xml
as explained in this guide:
http://docs.lucee.org/guides/running-lucee/windows/installing-apache-tomcat-on-windows.html#tomcat-usersxml

I restart tomcat, but the 8080 port is not active.

netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
2123/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
2028/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
2123/nginx
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
1863/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN
2595/memcached
tcp6 0 0 127.0.0.1:9200 :::* LISTEN
2232/java
tcp6 0 0 ::1:9200 :::* LISTEN
2232/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN
2232/java
tcp6 0 0 ::1:9300 :::* LISTEN
2232/java
tcp6 0 0 :::22 :::* LISTEN
2028/sshd
tcp6 0 0 :::8888 :::* LISTEN
1103/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN
1103/java
tcp6 0 0 :::8009 :::* LISTEN
1103/java

What I forgot to configure?

Is it on port 8888?

Also did you look at the catalina.out log?

MD

MDOn 22 August 2016 at 20:56, Ivan <@Ivan> wrote:

Hello,
I wanted to enable the tomcat manager.

I configured the user configuration files: /opt/lucee/tomcat/conf/tomcat-
users.xml
as explained in this guide: http://docs.lucee.org/guides/
running-lucee/windows/installing-apache-tomcat-on-
windows.html#tomcat-usersxml

I restart tomcat, but the 8080 port is not active.

netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 2123/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:*
LISTEN 2028/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:*
LISTEN 2123/nginx
tcp 0 0 0.0.0.0:3306 0.0.0.0:*
LISTEN 1863/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:*
LISTEN 2595/memcached
tcp6 0 0 127.0.0.1:9200 :::*
LISTEN 2232/java
tcp6 0 0 ::1:9200 :::*
LISTEN 2232/java
tcp6 0 0 127.0.0.1:9300 :::*
LISTEN 2232/java
tcp6 0 0 ::1:9300 :::*
LISTEN 2232/java
tcp6 0 0 :::22 :::*
LISTEN 2028/sshd
tcp6 0 0 :::8888 :::*
LISTEN 1103/java
tcp6 0 0 127.0.0.1:8005 :::*
LISTEN 1103/java
tcp6 0 0 :::8009 :::*
LISTEN 1103/java

What I forgot to configure?

–
Get 10% off of the regular price for this years CFCamp in Munich, Germany
(Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/486313ad-221d-4afa-ad76-4bbb27339c01%40googlegroups.com
https://groups.google.com/d/msgid/lucee/486313ad-221d-4afa-ad76-4bbb27339c01%40googlegroups.com?utm_medium=email&utm_source=footer
.
For more options, visit https://groups.google.com/d/optout.

Try http://127.0.0.1:8888/manager/html

Ultimately, it depends where you put it. If it’s in webapps/manager, the
above is correct, and you should get a basic auth dialog asking for a
username and password matching tomcat-users.xml.

If you put it in webapps/something-else, it’ll be whatever that context
location is.

-GOn Mon, Aug 22, 2016 at 4:49 PM, Mark Drew <@Mark_Drew> wrote:

Not sure. it would be another context I thought? something like
http://localhost:8080/manager ?

MD

MD

On 22 August 2016 at 21:36, Ivan <@Ivan> wrote:

Port 8888 work (lucee server/web admin).

what is the full url of tomcat manager?

–
Get 10% off of the regular price for this years CFCamp in Munich, Germany
(Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
instead of 210€. Visit https://ti.to/cfcamp/cfcamp-20
16/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/ms
gid/lucee/31414f2f-6d82-4945-8dd1-9f271e571e53%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

–
Get 10% off of the regular price for this years CFCamp in Munich, Germany
(Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1
%3DhpXXvcimg%40mail.gmail.com
https://groups.google.com/d/msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1%3DhpXXvcimg%40mail.gmail.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

Hi Jordan,
yes, I have used your installer.
I added the “manager” directory (from the tomcat package) into the
/opt/lucee/tomcat/webapps/ROOT

Now I should make a few changes to the tomcat server file (
/opt/lucee/tomcat/conf/server.xml) ?
Because if I call http://ip:8888/manager/index.jsp I view the source of the
index.jsp file.

Your roles are contradictory. Status forbids access to the gui, jmx and
script are for non-browser access. Try only giving manager-gui.

Review roles and information about the manager app here.
https://tomcat.apache.org/tomcat-7.0-doc/manager-howto.html

I suggest you read the entire document… And be careful that you are not
exposing the manager interface to the world at large. (See the section on
IP restrictions)

See also the WEB-INF/web.xml in the manager app, there are NOTEs throughout
the file.

“Use the manager-script role to take advantage of the new
CSRF protection. Using the manager role or assigning
both
the manager-script and manager-gui roles to the same
user
will bypass the CSRF protection.”

“Use just the manager-gui role to take advantage of the new
CSRF protection. Assigning the manager role or
manager-gui
role along with either the manager-script or
manager-jmx
roles to the same user will bypass the CSRF
protection.”

In practice, I use separate credentials:

1. for management via the GUI
2. to access to the status page for monitoring via Nagios and Cacti
3. to access the other interfaces to affect changes

All interfaces are unmapped through the front-end web server and only
available via local networks.

-GOn Tue, Aug 23, 2016 at 8:46 AM, Ivan <@Ivan> wrote:

Great Joseph!

Now the page* (http://ip:8888/manager/html/
http://ip:8888/manager/html/)* asks me the login access data.

I have configured the configuration file /opt/lucee/tomcat/conf/tomcat-
users.xml so (and restarted tomcat):

<?xml version='1.0' encoding='utf-8'?>

But strangely not accept me my login data …

You have an idea for this problem?

–
Get 10% off of the regular price for this years CFCamp in Munich, Germany
(Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/6b3d8c5c-ffce-4d5b-9745-ff0fde8b0a68%40googlegroups.com
https://groups.google.com/d/msgid/lucee/6b3d8c5c-ffce-4d5b-9745-ff0fde8b0a68%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

Great Joseph!

Now the page* (http://ip:8888/manager/html/)* asks me the login access data.

I have configured the configuration file
/opt/lucee/tomcat/conf/tomcat-users.xml so (and restarted tomcat):

But strangely not accept me my login data …

You have an idea for this problem?

It goes in webapps/ not webapps/ROOT.

-GOn Tue, Aug 23, 2016 at 2:38 AM, Ivan <@Ivan> wrote:

Hi Jordan,
yes, I have used your installer.
I added the “manager” directory (from the tomcat package) into the
/opt/lucee/tomcat/webapps/ROOT

Now I should make a few changes to the tomcat server file (
/opt/lucee/tomcat/conf/server.xml) ?
Because if I call http://ip:8888/manager/index.jsp I view the source of
the index.jsp file.

–
Get 10% off of the regular price for this years CFCamp in Munich, Germany
(Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
2016/discount/Lucee@cfcamp

You received this message because you are subscribed to the Google Groups
“Lucee” group.
To unsubscribe from this group and stop receiving emails from it, send an
email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lucee@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/lucee/0121fd9a-b434-461c-b4ef-936bbac003ee%40googlegroups.com
https://groups.google.com/d/msgid/lucee/0121fd9a-b434-461c-b4ef-936bbac003ee%40googlegroups.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

I am not able to do this … -_-
I changed the tomcat-users.xml so:

I need to access the statistics:
http://ip:8888/manager/status?XML=true

I also tried to do on ssh (remote server) curl
http://IvanLucee:MyPassword1234etc@localhost:8888/manager/status?XML=true

It always returns authentication error…

Cool.

I found this to be easier to start with plain vanilla Tomcat and add Lucee
as the default context (replacing ROOT).

ok, I did it!
into the /opt/lucee/tomcat/conf/server.xml you must add this:

under “Engine” context

thanks anyway to all for the tips that without them I would not have
arrived.