tomcat配置访问Host manage

1.tomcat 页面访问Host  manage打开报错

403 Access Denied

You are not authorized to view this page.

By default the Host Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Host Manager's context.xml file.

If you have already configured the Host Manager application to allow access and you have used your browsers back button, used a saved book-mark or similar then you may have triggered the cross-site request forgery (CSRF) protection that has been enabled for the HTML interface of the Host Manager application. You will need to reset this protection by returning to the main Host Manager page. Once you return to this page, you will be able to continue using the Host Manager application's HTML interface normally. If you continue to see this access denied message, check that you have the necessary permissions to access this application.

If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file must contain the credentials to let you use this webapp.

For example, to add the admin-gui role to a user named tomcat with a password of s3cret, add the following to the config file listed above. 

 

 2.配置第一个地方

[root@k8s-master ~]# cd apache-tomcat-8.5.77/conf/
[root@k8s-master conf]# ls
Catalina         catalina.properties  jaspic-providers.xml  logging.properties  tomcat-users.xml  web.xml
catalina.policy  context.xml          jaspic-providers.xsd  server.xml          tomcat-users.xsd
[root@k8s-master conf]# vi tomcat-users.xml

<role rolename="admin-gui"/>
<role rolename="admin-script"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="tomcat" password="tomcat" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-script,admin-gui"/>

 

3.配置第二个地方

[root@k8s-master ~]# cd apache-tomcat-8.5.77/conf/Catalina/localhost/
[root@k8s-master localhost]# ls
[root@k8s-master localhost]# vi manager.xml

<Context privileged="true" antiResourceLocking="false"
         docBase="${catalina.home}/webapps/manager">
     <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^.*$" />
 </Context>

  4.配置第三个地方，注释之前的配置

[root@k8s-master ~]# cd apache-tomcat-8.5.77/webapps/host-manager/META-INF/
[root@k8s-master META-INF]# ls
context.xml
[root@k8s-master META-INF]# vi context.xml 

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"  allow="\d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> 
</Context>

5.重启tomcat

[root@k8s-master bin]# ./shutdown.sh 
Using CATALINA_BASE:   /root/apache-tomcat-8.5.77
Using CATALINA_HOME:   /root/apache-tomcat-8.5.77
Using CATALINA_TMPDIR: /root/apache-tomcat-8.5.77/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /root/apache-tomcat-8.5.77/bin/bootstrap.jar:/root/apache-tomcat-8.5.77/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
[root@k8s-master bin]# ./startup.sh 
Using CATALINA_BASE:   /root/apache-tomcat-8.5.77
Using CATALINA_HOME:   /root/apache-tomcat-8.5.77
Using CATALINA_TMPDIR: /root/apache-tomcat-8.5.77/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /root/apache-tomcat-8.5.77/bin/bootstrap.jar:/root/apache-tomcat-8.5.77/bin/tomcat-juli.jar
Using CATALINA_OPTS:   
Tomcat started.

6.点击进入Host manage