-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Turbo,
On 2/4/19 10:13, TurboChargedDad . wrote: > Java 8 Tomcat 8.5.20 Thanks. > I am trying to understand how to get the host manager / manager > access working from somewhere other than the localhost. I have > tried all the various methods out there on the web to no avail. I > keep getting the 403 access denied message. I am at a total loss > at this point.. > > Thanks in advance. > > I hope this is readable as it's hard to tell what it's going to > look like in this gmail editor. > > I have tried creating the following files. > > $CATALINA_BASE/conf/server.xml > ######################################## <Connector port="8080" > protocol="HTTP/1.1" redirectPort="8080" setIPVHosts="true" /> > ######################################## You shouldn't need any special configuration in conf/server.xml for this, but it's good to see your connector port. > $CATALINA_BASE/conf/Catalina/localhost/magager.xml > > ######################################## <?xml version='1.0' > encoding='utf-8'?> > > > <!-- <Context privileged="true" antiResourceLocking="false" > docBase="${catalina.home}/webapps/manager"> <Valve > className="org.apache.catalina.valves.RemoteAddrValve" > allow="127\.0\.0\.1" /> </Context> --> > > > <!-- <Context privileged="true" antiResourceLocking="false" > docBase="${catalina.home}/webapps/manager"> <Valve > className="org.apache.catalina.valves.RemoteAddrValve" > allow="0\.0\.0\.0" /> </Context> --> > > <Context privileged="true" antiResourceLocking="false" > docBase="${catalina.home}/webapps/manager"> <Valve > className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" > /> </Context> ######################################## That looks okay to me, except that the filename is (almost certainly) wrong. Transcribing typo? If you are going to "allow all" in the RemoveAddrValve, then you may as well just remove (or comment-out) the Valve altogether. > $CATALINA_BASE/webapps/host-manager/WEB-INF/context.xml > > ######################################## <?xml version='1.0' > encoding='utf-8'?> > > <!-- <Context antiResourceLocking="false" privileged="true" > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|156.45.121.182" /> > </Context> --> > > <Context antiResourceLocking="false" privileged="true" > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow=".*" /> </Context> > > <!-- <Manager > sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|L ong|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\ $LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> > > - --> > ######################################## Same thing, here: just remove RemoteAddrValve if you want to "allow all" . > $CATALINA_BASE/webapps/manager/WEB-INF/context.xml > > ######################################## <?xml version='1.0' > encoding='utf-8'?> > > <!-- <Context antiResourceLocking="false" privileged="true" > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|156.45.121.182" /> > </Context> --> > > <Context antiResourceLocking="false" privileged="true" > > > <Valve className="org.apache.catalina.valves.RemoteAddrValve" > allow=".*" /> </Context> > > <!-- <Manager > sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|L ong|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\ $LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> > > - --> > ######################################## Definitely undo your edits to manager/WEB-INF/context.xml if you have a conf/Catalina/localhost/manager.xml -- the latter file will override the former one. > $CATALINA_BASE/conf/ tomcat-users.xml > > <?xml version='1.0' encoding='utf-8'?> <!-- CENSORED --> <!-- > Licensed to the Apache Software Foundation (ASF) under one or more > contributor license agreements. See the NOTICE file distributed > with this work for additional information regarding copyright > ownership. The ASF licenses this file to You under the Apache > License, Version 2.0 (the "License"); you may not use this file > except in compliance with the License. You may obtain a copy of > the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, > software distributed under the License is distributed on an "AS IS" > BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express > or implied. See the License for the specific language governing > permissions and limitations under the License. <tomcat-users> --> > <tomcat-users xmlns="http://tomcat.apache.org/xml" > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" > version="1.0"> > > <user username="test1" password="password1" roles="manager-gui"/> > <user username="test2" password="password2" > roles="manager-script"/> <user username="test3" > password="password3" roles="manager-jmx"/> <user username="test4" > password="password4" roles="manager-status"/> <user > username="test5" password=" password5 " roles="admin-gui"/> <user > username="test6" password="password6" roles="admin-script"/> > > <!-- NOTE: By default, no user is included in the "manager-gui" > role required to operate the "/manager/html" web application. If > you wish to use this app, you must define such a user - the > username and password are arbitrary. --> <!-- NOTE: The sample > user and role entries below are wrapped in a comment and thus are > ignored when reading this file. Do not forget to remove <!. ..> > that surrounds them. --> <!-- <role rolename="tomcat"/> <role > rolename="role1"/> <user username="tomcat" password="tomcat" > roles="tomcat"/> <user username="both" password="tomcat" > roles="tomcat,role1"/> <user username="role1" password="tomcat" > roles="role1"/> --> </tomcat-users> > ######################################## So, are you challenged for a username/password when you try to access the manager? I don't see any <Realm> configured for your manager (etc.) applications. I think you want to add something like this to conf/Catalina/localhost/manager.xml (and friends): <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/> </Realm> - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIyBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlxYsyUACgkQHPApP6U8 pFifew/40bD3kduI6EeZaWSEAiInz/H3K14pBbSxy+dQ38FiNyJI1/DJuhNFUwlB OYKkPujVuwzcOtoXgHwAniPAFHITB+9SGfxYmif7/FpF3LbwWl4quQZtjGjqhF4f cu5JV9r44lwW4qD5HeurzDAuep2VlZEFzT+vV961noRXXGsnTmjuS726j9imqYRR p9CFDxLnVWUNxHwYC7bUc2591aO+0dCdnhEM5xWhsPJ34Wa+0uvLg/FwSscXhEP5 C3al/DAkl8GhS5b5q4aoWi2W2uBzlWwxDRlw/klN3M1Y0FvRoJex8WJlo/PeCYZR A27kxSiFu5i7G2cr0rayUt/ejJlTJ73vfGbzeH2kPFa60X7+FtLREQLRdVN9tcVQ PPP4kGvcXA4kbvaRn/a8lM3bPtbgRI/IqHkVRj3h8y0cmB/V47exfezwuWHhIdiQ ZdpdMYgM4dpSf8GC//FxCDxwiV5Q7VDUychZdYEnLOLvX4ArpsLQTUqI5hBlkKHZ wwqj9IHUrWq9d0WRDWQoMFn96o0bRIofjbeQBF2eeu7t14UUoR1CMbX/iCUiP4Gg KPjtT66Jf6D4WPOnmoVHZt6c33ipKruVrBJfaHXhlxJPuRm+tHFbopdntC7uF38t tB4AMa9QJp72DE8dqGlbQyWequcFJUK/oDhV6W+FC8u8kJzgvg== =ETQ/ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org