Hi Howard, Sounds like you want to make your application available on http://localhost:8080/myapp, and have the usual Tomcat / TomEE administrative applications available via http://localhost:4848/[tomee|manager|etc]. Similarly, you don't want http://localhost:4848/myapp or http://localhost:8080[tomee|manager|etc] to work, with the overall goal being to restrict access to the admin apps to just your machine, or users on your LAN - is that correct?
I have a couple of suggestions: You might be able to achieve this by defining different connectors, engines and hosts in server.xml. I haven't done it myself, but I'm happy to give it a try, document it and provide a sample config if that would be helpful. I found a couple of questions on StackOverflow trying to do something similar, albeit with Tomcat 6 that might be helpful: http://stackoverflow.com/questions/8823290/how-to-run-different-apps-on-single-tomcat-instance-behind-different-ports http://stackoverflow.com/questions/4366843/how-to-deploy-mutiple-web-application-in-tomcat-which-will-run-on-different-port I have a couple of alternative suggestions as well, that might be useful. First is to try the RemoteAddressFilter valve: http://tomcat.apache.org/tomcat-7.0-doc/config/valve.html#Remote_Address_Filter- we used to use this within the TomEE .war file to restrict access from everywhere except localhost. Everything would still be available on port 8080, but would access to specific apps would be allowed or blocked based on IP address. Alternatively, if you don't need the TomEE and Tomcat webapps, you can remove them (take a backup first!). To remove the TomEE webapp, copy the jars from $CATALINA_HOME/webapps/tomee/WEB-INF/lib and $CATALINA_HOME/webapps/tomee/lib to $CATALINA_HOME/lib and then remove the webapp (more info here: http://tomee.apache.org/tomee-webapp.html). The other webapps can safely be removed unless you are using them. The downside to this is that remote EJB invocation via HTTP won't work (i.e. if you are using a RemoteInitialContextFactory with a http://localhost:8080/tomee/ejb URL). You can still use this mechanism from within your own webapp if you wish by adding this to your web.xml: <servlet> <servlet-name>ServerServlet</servlet-name> <servlet-class>org.apache.openejb.server.httpd.ServerServlet</servlet-class> </servlet> <servlet-mapping> <servlet-name>ServerServlet</servlet-name> <url-pattern>/ejb</url-pattern> </servlet-mapping> You can then use http://localhost:8080/myapp/ejb to access your EJBs remotely. One final suggestion - use Apache httpd in front of TomEE and use mod_proxy to proxy to your app running on Tomcat's AJP port. Firewall off access to TomEE completely to the outside world, and only allow httpd to serve up your app. There are loads of options in the Apache httpd server to configure access control, and you can also use httpd to load balance several Tomcat instances as well if you wish. You can also serve up static parts of your webapp directly from httpd rather than forwarding from Tomcat, which can be quicker. I could knock an example configuration of this as well if that would be helpful - if you're currently allowing users straight on to port 8080, this option might be worth a look. I'd be interested if others also put Apache httpd in front of Tomcat as well or not. Hope that helps! Jon On Sun, Dec 9, 2012 at 8:35 PM, Howard W. Smith, Jr. <smithh032...@gmail.com > wrote: > Sorry, i don't understand. The following is in my server.xml, I added the > port 4848, but if I go to localhost:4848 and localhost:8080 in my browser, > then I'm seeing the same 'tomcat' page that has a way for hackers to click > on TomEE Gui, Server Status, Manager App, and Host manager. I only want to > see that page when access localhost:4848, I do not want to see that page > when accessing localhost:8080. > > > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > <!-- A "Connector" using the shared thread pool--> > <Connector executor="tomcatThreadPool" > port="4848" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > > > On Sun, Dec 9, 2012 at 11:30 AM, Romain Manni-Bucau > <rmannibu...@gmail.com>wrote: > > > Just look tomcat site. Basically connector(s) ports and shutdown port > > (<Server> and < Connector>) > > Le 9 déc. 2012 17:26, "Howard W. Smith, Jr." <smithh032...@gmail.com> a > > écrit : > > > > > Can you reply with a URL or two that advises how to configure > server.xml? > > > thanks. > > > > > > > > > On Sun, Dec 9, 2012 at 11:23 AM, Romain Manni-Bucau > > > <rmannibu...@gmail.com>wrote: > > > > > > > That's right, tomee webapp only serve for default ejbd (remote ejb > > > > transport). > > > > > > > > For port just update server.xml > > > > Le 9 déc. 2012 17:20, "Howard W. Smith, Jr." <smithh032...@gmail.com > > > > a > > > > écrit : > > > > > > > > > Romain, > > > > > > > > > > I have TomEE 1.5.1 running on production server, and I am getting > > > > > hack-attempts late at night (midnight) by someone, trying to login > to > > > > > 'admin' acct of TomEE (tomcat7). I have a strong password and a > > > > different > > > > > admin-user-name in place. > > > > > > > > > > I really would like to change configuration to put the tomee app on > > > > > localhost:4848 (port 4848) instead of port 80 or 8080. > > > > > > > > > > I have not been successful at this yet. I think I read in tomee or > > > > tomcat7 > > > > > user guide, that I can delete the tomee app? I can also delete > > > > manager/etc > > > > > apps as well, so they won't even be served. Right? > > > > > > > > > > Howard > > > > > > > > > > > > > > > On Tue, Nov 27, 2012 at 6:06 AM, Romain Manni-Bucau > > > > > <rmannibu...@gmail.com>wrote: > > > > > > > > > > > By default in dev more you should get tomee user (but only to > > access > > > > > tomee > > > > > > webapp, not tomcat one) > > > > > > > > > > > > if you set openejb.profile to something else (system property) > > you'll > > > > > need > > > > > > to define it explicitely > > > > > > > > > > > > *Romain Manni-Bucau* > > > > > > *Twitter: @rmannibucau <https://twitter.com/rmannibucau>* > > > > > > *Blog: **http://rmannibucau.wordpress.com/*< > > > > > > http://rmannibucau.wordpress.com/> > > > > > > *LinkedIn: **http://fr.linkedin.com/in/rmannibucau* > > > > > > *Github: https://github.com/rmannibucau* > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > 2012/11/27 Howard W. Smith, Jr. <smithh032...@gmail.com> > > > > > > > > > > > > > Wow, check this out. I'm so glad that you all ship tomee.xml > with > > > all > > > > > > > users/passwords 'commented out'! :) > > > > > > > > > > > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > > "manager" > > > > > > > Nov 27, 2012 5:48:05 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > > "manager" > > > > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > "role1" > > > > > > > Nov 27, 2012 5:48:06 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > "role1" > > > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "root" > > > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "root" > > > > > > > Nov 27, 2012 5:48:07 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "root" > > > > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > "tomcat" > > > > > > > Nov 27, 2012 5:48:08 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > > "tomcat" > > > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "both" > > > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "both" > > > > > > > Nov 27, 2012 5:48:09 AM org.apache.catalina.realm.LockOutRealm > > > > > > authenticate > > > > > > > WARNING: An attempt was made to authenticate the locked user > > "both" > > > > > > > > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:58 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:47:59 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:00 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:01 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:02 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:03 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:04 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:05 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:05 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:05 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:05 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:05 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:06 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:06 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:06 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:06 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:06 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:07 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:07 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:07 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:07 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:07 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:08 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:08 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:08 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:08 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:08 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:09 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:09 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > 88.191.100.2 - - [27/Nov/2012:05:48:09 -0500] "HEAD > /manager/html > > > > > > HTTP/1.0" > > > > > > > 401 - > > > > > > > > > > > > > > > > > > > > > > > > > > > >
