Can't access Tomcat 8 Manager App

AFAIK Tomcat blocks access to the Manager App (manager/html) for all hosts but localhost in its default configuration.

To be able to access the manager GUI with http://[hostname]:8080/manager/html, configure this in the configuration files server.xml and the context.xml of the manager application:

Step 1: In [tomcat-install-dir]/conf/server.xml edit the Connector element and add your IP as well as useIPVHosts="true", i.e.:

<Connector port="9009" protocol="AJP/1.3" redirectPort="9443" 
           address="192.168.0.9" useIPVHosts="true" />

address="0.0.0.0" is probably not what you want to insert here, as it exposes the manager GUI to all machines on the network.

Step 2: In [tomcat-install-dir]/webapps/manager/META-INF/context.xml, edit the Valve element and add your IP:

<Context antiResourceLocking="false" privileged="true">

    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           allow="192\.168\.0\.9|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

From Tomcat 8 context documentation

privileged : Set to true to allow this context to use container servlets, like the manager servlet.

antiResourceLocking : If true, Tomcat will prevent any file locking. This will significantly impact startup time of applications, but allows full webapp hot deploy and undeploy on platforms or configurations where file locking can occur

Note, that I don't add another Valve element as you mentioned in the list of things you tried but instead I edit the existing one and just add my IP (192.168.0.9).

Step 3: Restart Tomcat and you should be able to access the manager GUI with localhost / 127.0.0.1 as well as with your hostname / IP.

NOTE

Regarding your tomcat-users.xml, the Tomcat Manager HOW-TO states:

It is recommended to never grant the manager-script or manager-jmx roles to users that have the manager-gui role.

So you might want to introduce two users in your tomcat-users.xml, i.e.:

  <role rolename="manager-script"/>
  <role rolename="manager-jmx"/>
  <role rolename="manager-gui"/>
  <role rolename="manager-status"/>
  <user username="alice" password="whatever" roles="manager-script,manager-jmx"/>
  <user username="bob" password="whatever" roles="manager-gui,manager-status"/>

You can simply do like if you want to access manager app on all machines. Go to {Tomcat_install_DIR}/webapps/manager/META-INF/ and edit context.xml put 

<Context antiResourceLocking="false" privileged="true" >
 <!--
 <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
  allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
</Context>

Tags:

Tomcat

Tomcat8

Recent Posts