Skip to first unread message
Ivan
Aug 22, 2016, 3:56:45 PM8/22/16
to Lucee
Hello,
I wanted to enable the tomcat manager.
I configured the user configuration files: /opt/lucee/tomcat/conf/tomcat-users.xml
as explained in this guide: http://docs.lucee.org/guides/running-lucee/windows/installing-apache-tomcat-on-windows.html#tomcat-usersxml
I restart tomcat, but the 8080 port is not active.
netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2123/nginx
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2028/sshd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 2123/nginx
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1863/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 2595/memcached
tcp6 0 0 127.0.0.1:9200 :::* LISTEN 2232/java
tcp6 0 0 ::1:9200 :::* LISTEN 2232/java
tcp6 0 0 127.0.0.1:9300 :::* LISTEN 2232/java
tcp6 0 0 ::1:9300 :::* LISTEN 2232/java
tcp6 0 0 :::22 :::* LISTEN 2028/sshd
tcp6 0 0 :::8888 :::* LISTEN 1103/java
tcp6 0 0 127.0.0.1:8005 :::* LISTEN 1103/java
tcp6 0 0 :::8009 :::* LISTEN 1103/java
What I forgot to configure?
Mark Drew
Aug 22, 2016, 4:20:58 PM8/22/16
to lu...@googlegroups.com
Is it on port 8888?
Also did you look at the catalina.out log?
MD
MD
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/486313ad-221d-4afa-ad76-4bbb27339c01%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Ivan
Aug 22, 2016, 4:36:31 PM8/22/16
to Lucee
Port 8888 work (lucee server/web admin).
what is the full url of tomcat manager?
Mark Drew
Aug 22, 2016, 4:49:56 PM8/22/16
to lu...@googlegroups.com
MD
On 22 August 2016 at 21:36, Ivan <ivan....@gmail.com> wrote:
Port 8888 work (lucee server/web admin).
what is the full url of tomcat manager?
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/31414f2f-6d82-4945-8dd1-9f271e571e53%40googlegroups.com.
Joseph Gooch
Aug 22, 2016, 5:04:17 PM8/22/16
to lu...@googlegroups.com
Try http://127.0.0.1:8888/manager/html
Ultimately, it depends where you put it. If it's in webapps/manager, the above is correct, and you should get a basic auth dialog asking for a username and password matching tomcat-users.xml.
If you put it in webapps/something-else, it'll be whatever that context location is.
-G
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1%3DhpXXvcimg%40mail.gmail.com.
Jordan Michaels
Aug 22, 2016, 5:19:31 PM8/22/16
to lu...@googlegroups.com
If you installed with the Installer none of the vanilla Tomcat webapps (including the Tomcat manager) are there for security reasons. You'll need to download a vanilla copy of Tomcat from the Tomcat site and copy the Tomcat manager into the /opt/lucee/tomcat/webapps/ROOT directory (which is also where you'll find it in the vanilla Tomcat download). The vanilla tomcat apps were removed from the default install of the Installer because 1) while it's rare, security vulnerabilities are occasionally found with them and they were one more thing a sysadmin has to keep up to date, and 2) Lucee sysadmins rarely use them.
Hope this helps.
--
Kind regards,
Jordan Michaels
Vivio Technologies
>> email to lucee+un...@googlegroups.com.
> %3DhpXXvcimg%40mail.gmail.com
> <https://groups.google.com/d/msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1%3DhpXXvcimg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
Hope this helps.
--
Kind regards,
Jordan Michaels
Vivio Technologies
>> To post to this group, send email to lu...@googlegroups.com.
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/lucee/31414f2f-6d82-4945-8dd1-9f271e571e53%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> Get 10% off of the regular price for this years CFCamp in Munich, Germany
> (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
> instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
> 2016/discount/Lucee@cfcamp
>> To view this discussion on the web visit https://groups.google.com/d/ms
>> gid/lucee/31414f2f-6d82-4945-8dd1-9f271e571e53%40googlegroups.com.
>> For more options, visit https://groups.google.com/d/optout.
>>
>
> --
> Get 10% off of the regular price for this years CFCamp in Munich, Germany
> (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€
> instead of 210€. Visit https://ti.to/cfcamp/cfcamp-
> 2016/discount/Lucee@cfcamp
> ---
> You received this message because you are subscribed to the Google Groups
> "Lucee" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to lucee+un...@googlegroups.com.
> You received this message because you are subscribed to the Google Groups
> "Lucee" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> To post to this group, send email to lu...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
> msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1
> To view this discussion on the web visit https://groups.google.com/d/
> %3DhpXXvcimg%40mail.gmail.com
> <https://groups.google.com/d/msgid/lucee/CABCX3a6fevQ%2BB7S3PEamLT9LV5NmAgqyHHs8jRS1%3DhpXXvcimg%40mail.gmail.com?utm_medium=email&utm_source=footer>
> .
>
> For more options, visit https://groups.google.com/d/optout.
>
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+un...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/CAKY58c4MHfRRy%3DDo4teVjCVoOU_0NMu%2BWy5bEEmu-jTk4bQ9pQ%40mail.gmail.com.
Ivan
Aug 23, 2016, 2:38:03 AM8/23/16
to Lucee
Hi Jordan,
yes, I have used your installer. :)
I added the "manager" directory (from the tomcat package) into the /opt/lucee/tomcat/webapps/ROOT
Now I should make a few changes to the tomcat server file (/opt/lucee/tomcat/conf/server.xml) ?
Because if I call http://ip:8888/manager/index.jsp I view the source of the index.jsp file.
Joseph Gooch
Aug 23, 2016, 7:07:28 AM8/23/16
to lu...@googlegroups.com
It goes in webapps/ not webapps/ROOT.
-G
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/0121fd9a-b434-461c-b4ef-936bbac003ee%40googlegroups.com.
Ivan
Aug 23, 2016, 8:46:15 AM8/23/16
to Lucee
Great Joseph!
Now the page (http://ip:8888/manager/html/) asks me the login access data.
I have configured the configuration file /opt/lucee/tomcat/conf/tomcat-users.xml so (and restarted tomcat):
<?xml version='1.0' encoding='utf-8'?>
<!--
Licensed to the Apache Software Foundation (ASF) under one or more
contributor license agreements. See the NOTICE file distributed with
this work for additional information regarding copyright ownership.
The ASF licenses this file to You under the Apache License, Version 2.0
(the "License"); you may not use this file except in compliance with
the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
<!--
NOTE: By default, no user is included in the "manager-gui" role required
to operate the "/manager/html" web application. If you wish to use this app,
you must define such a user - the username and password are arbitrary.
-->
<!--
NOTE: The sample user and role entries below are wrapped in a comment
and thus are ignored when reading this file. Do not forget to remove
<!.. ..> that surrounds them.
-->
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-jmx"/>
<role rolename="manager-script"/>
<user username="IvanLucee" password="MyPassword1234etc" roles="manager-gui,manager-status,manager-jmx,manager-script"/>
</tomcat-users>
But strangely not accept me my login data ...
You have an idea for this problem?
Joseph Gooch
Aug 23, 2016, 8:59:47 AM8/23/16
to lu...@googlegroups.com
Your roles are contradictory. Status forbids access to the gui, jmx and script are for non-browser access. Try only giving manager-gui.
Review roles and information about the manager app here.
I suggest you read the entire document... And be careful that you are not exposing the manager interface to the world at large. (See the section on IP restrictions)
See also the WEB-INF/web.xml in the manager app, there are NOTEs throughout the file.
"Use the manager-script role to take advantage of the new
CSRF protection. Using the manager role or assigning both
the manager-script and manager-gui roles to the same user
will bypass the CSRF protection."
"Use just the manager-gui role to take advantage of the new
CSRF protection. Assigning the manager role or manager-gui
role along with either the manager-script or manager-jmx
roles to the same user will bypass the CSRF protection."
In practice, I use separate credentials:
1) for management via the GUI
2) to access to the status page for monitoring via Nagios and Cacti
3) to access the other interfaces to affect changes
All interfaces are unmapped through the front-end web server and only available via local networks.
-G
--
Get 10% off of the regular price for this years CFCamp in Munich, Germany (Oct. 20th & 21st) with the Lucee discount code Lucee@cfcamp. 189€ instead of 210€. Visit https://ti.to/cfcamp/cfcamp-2016/discount/Lucee@cfcamp
---
You received this message because you are subscribed to the Google Groups "Lucee" group.
To unsubscribe from this group and stop receiving emails from it, send an email to lucee+unsubscribe@googlegroups.com.
To post to this group, send email to lu...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/lucee/6b3d8c5c-ffce-4d5b-9745-ff0fde8b0a68%40googlegroups.com.
Ivan
Aug 23, 2016, 9:24:14 AM8/23/16
to Lucee
I am not able to do this .. -_-
I changed the tomcat-users.xml so:
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<role rolename="manager-jmx"/>
<role rolename="manager-script"/>
<user username="IvanLucee" password=“MyPassword1234etc” roles="manager-status"/>I need to access the statistics:
I also tried to do on ssh (remote server) curl http://IvanLucee:MyPassword1234etc@localhost:8888/manager/status?XML=true
It always returns authentication error...
Ivan
Aug 24, 2016, 3:58:25 AM8/24/16
to Lucee
ok, I did it! :D
into the /opt/lucee/tomcat/conf/server.xml you must add this:
<Realm className="org.apache.catalina.realm.MemoryRealm" />under "Engine" context
thanks anyway to all for the tips that without them I would not have arrived.
Bilal
Aug 24, 2016, 2:14:20 PM8/24/16
to Lucee
Cool.
Reply all
Reply to author
Forward
0 new messages