0

I try to deploy my app from Docker. In Dockerfile:

  FROM tomcat:9-jre8-alpine
  ADD config/tomcat-users.xml  /usr/local/tomcat/conf/tomcat-users.xml
  ADD config/settings.xml /usr/local/tomcat/conf/settings.xml
  ADD config/context.xml /usr/local/tomcat/webapps/manager/META-INF/context.xml
  ADD target/author.war /usr/local/tomcat/webapps/ROOT.war
  EXPOSE 8080
  CMD ["catalina.sh","run"]

so, in tomcat-users.xml:

 <tomcat-users xmlns="http://tomcat.apache.org/xml"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd
http://tomcat.apache.org/xml "
          version="1.0">

<role rolename="manager-gui"/>
<user username="tomcat" password="s3cret" roles="manager-gui"/>

in settings.xml:

    <servers>
          <server>
              <id>TomcatServer</id>
              <username>tomcat</username>
              <password>s3cret</password>
          </server>
      </servers>

and in context.xml:

<Context antiResourceLocking="false" privileged="true" >
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
     allow=".*" />
</Context>

But, trying to access Tomcat manager app remotely (domain in plesk), I have got: "You are not authorized to view this page.By default the Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Manager's context.xml file...."

Additionally: for localhost-connection its work well! The problem in remote-connection

Jelly
  • 972
  • 1
  • 17
  • 40
  • Does this answer your question? [Access Tomcat Manager App from different host](https://stackoverflow.com/questions/36703856/access-tomcat-manager-app-from-different-host) or [this (ServerFault): How to access tomcat manager gui from another machine?](https://serverfault.com/questions/796960/how-to-access-tomcat-manager-gui-from-another-machine) – Olaf Kock Jan 13 '20 at 16:01
  • yes, I tried that advises. In particular, replaced "llow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" with allow=".*" But without success – Jelly Jan 13 '20 at 16:12
  • They're asking to comment the whole `` block (effectively removing it). You may want to just be more specific in which _exact_ host you allow in addition to localhost, but in order to provide access from anywhere, the Valve-part is key. (oops, scrolled down - that was another answer that suggests removing the valve - but still: that's key) – Olaf Kock Jan 13 '20 at 16:20
  • I commented this . And with the same result... – Jelly Jan 13 '20 at 16:36
  • You'll need to find the correct file to change, there are multiple context.xml files. – Olaf Kock Jan 13 '20 at 17:01
  • I have found context.xml in 2 places: webapp/host-manager/META-INF/context.xml . and in conf/context.xml. In first case Valve className . have been found, and I and I commented It. But it does not work – Jelly Jan 14 '20 at 14:08

3 Answers3

2

this worked for me:

1-get the image:

docker pull tomcat:9.0.46-jdk8-adoptopenjdk-openj9

2-create folder d:\folder123

3-copy conf\tomcat-users.xml and \webapps\manager\META-INF\context.xml to d:\folder123

4-add below to tomcat-users.xml

<role rolename="manager-gui" />
<role rolename="manager-script"/>
<user username="admin" password="admin" roles="manager-gui,manager-script" />

5-remove below from context.xml

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

6-create Dockerfile in d:\folder123 with this content

FROM tomcat:9.0.46-jdk8-adoptopenjdk-openj9
USER root
RUN mv /usr/local/tomcat/webapps/ /usr/local/tomcat/webapps2/
RUN mv /usr/local/tomcat/webapps.dist/ /usr/local/tomcat/webapps/
COPY tomcat-users.xml /usr/local/tomcat/conf/
COPY context.xml /usr/local/tomcat/webapps/manager/META-INF/
CMD ["catalina.sh","run"]

7-create new image named amirimage1

docker build -t amirimage1:1.0.0 "D:\\folder123"

8-run image

docker run --name amirtomcatcontainer1 -p 8889:8080 amirimage1:1.0.0
Amir
  • 1,638
  • 19
  • 26
0

have you checked the valve value in manager.xml? there was another valve stanza with the IP restriction and I have disabled it. all worked then /conf/Catalina/localhost/

user1672382
  • 87
  • 1
  • 10
0

It may be a bit late but I had the same problem. I solved it by editing the password of the user "robot" which says "must-be-changed" and not only the password of the "admin" user:

all default password must be change

I'm using tomcat 10 with docker. I was using only the user "admin" and it's a little weird that you need to change the password of the other user but in the other hand they say "must-be-changed".

helvete
  • 2,455
  • 13
  • 33
  • 37
charlyk
  • 1
  • 2