Configuring the Apache Tomcat server

In this section, we will enable access to the Tomcat Manager app and Host Manager:

1. Open the  tomcat-users.xml file for editing, which is present inside the /opt/tomcat/conf directory:

        sudo nano /opt/tomcat/conf/tomcat-users.xml 

1. The file will look something like the following, for simplicity, I have ignored the comments inside the file:

        <?xml version="1.0" encoding="UTF-8"?> 
. . . 
<tomcat-users xmlns="http://tomcat.apache.org/xml" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" 
version="1.0"> 
. . . 
<!-- 
<role rolename="tomcat"/> 
<role rolename="role1"/> 
<user username="tomcat" password="<must-be-changed>"
             roles="tomcat"/> 
<user username="both" password="<must-be-changed>"
             roles="tomcat,role1"/> 
<user username="role1" password="<must-be-changed>"
             roles="role1"/> 
--> 
</tomcat-users> 

1. From the previous file, you can see the role and user fields are commented. We need to enable a role and a user to allow access to the Tomcat Manager app page:

        <role rolename="manager-gui"/> 
<role rolename="admin-gui"/> 
<user username="admin" password="password"
         roles="manager-gui,admin-gui"/>

1. Finally, the file should look something as shown here (comments removed):

        <?xml version="1.0" encoding="UTF-8"?>  
<tomcat-users xmlns="http://tomcat.apache.org/xml" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" 
version="1.0"> 
<role rolename="manager-gui"/> 
<role rolename="admin-gui"/> 
<user username="admin" password="password"
           roles="manager-gui,admin-gui"/> 
</tomcat-users> 

1. Type Ctrl + X and choose Y to save and close the file.
2. By default, you are allowed to access Manager and Host Manager applications only from within the Apache Tomcat server. Since, we will be managing services running on Apache from a remote machine, we would need to remove these restrictions.
3. Open the following two files, /opt/tomcat/webapps/manager/META-INF/context.xml and /opt/tomcat/webapps/host-manager/META-INF/context.xml.
4. Inside these files, comment the following section:

        <Context antiResourceLocking="false" privileged="true" > 
<!--<Valve className="org.apache.catalina.valves.RemoteAddrValve" 
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />--> 
<Manager sessionAttributeValueClassNameFilter="java\.lang\
          .(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\
          .filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\
          .(?:Linked)$ 
</Context> 

1. Type Ctrl + X and choose Y to save and close the file.

1. Restart the Tomcat server using the following command:

        sudo systemctl restart tomcat 

1. Try to access the Manager app and the Host Manager from the Apache Tomcat server home page.