Manager setup in Tomcat 8

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Manager setup in Tomcat 8

James H. H. Lampert
A few months back, as I recall, I ran into some "gotchas" in connection
with the manager context, while setting up Tomcat 8.5 on one of our AWS
EC2 instances. As I recall, I had to do something special, somthing I
don't have to do with Tomcat 7, in order to make the manager context
reachable from the outside.

Very shortly, I'll be setting up Tomcat 8.5 for the first time on an
AS/400, and like the EC2, it can't exactly browse itself, so it, too,
will need to have the manager context reachable from the outside world.

Can somebody remind me of what it is I had to do, that I don't have to
do for Tomcat 7?

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Manager setup in Tomcat 8

Christopher Schultz-2
James,

On 12/22/20 13:39, James H. H. Lampert wrote:

> A few months back, as I recall, I ran into some "gotchas" in connection
> with the manager context, while setting up Tomcat 8.5 on one of our AWS
> EC2 instances. As I recall, I had to do something special, somthing I
> don't have to do with Tomcat 7, in order to make the manager context
> reachable from the outside.
>
> Very shortly, I'll be setting up Tomcat 8.5 for the first time on an
> AS/400, and like the EC2, it can't exactly browse itself, so it, too,
> will need to have the manager context reachable from the outside world.
>
> Can somebody remind me of what it is I had to do, that I don't have to
> do for Tomcat 7?

It was probably changing the default RemoteAddrValve to allow non-local
IP addreses. You can find that in the manager's META-INF/context.xml file.

I would try to lock-down that IP range as much as you can, rather than
either removing the Valve (which would allow connections from anywhere)
or specifying something like ".*" in the "allow" attribute (which is a
regular expression which will be applied to the remote-user's IP
address, either IPv4 or IPv6 as the case may be).

-chris

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Manager setup in Tomcat 8

James H. H. Lampert
On 12/22/20 10:51 AM, Christopher Schultz wrote:

> I would try to lock-down that IP range as much as you can, rather than
> either removing the Valve (which would allow connections from anywhere)
> or specifying something like ".*" in the "allow" attribute (which is a
> regular expression which will be applied to the remote-user's IP
> address, either IPv4 or IPv6 as the case may be).

Dear Mr. Schultz:

Thanks. Very much applicable to the EC2 instance (and I recall doing
just that, although I'd have to look at what I did to recall exactly
how), and to most customer boxes, but not necessarily so much for this
particular customer: they've got everything locked down in the tightest
VPN I've ever seen.

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]