问题描述
限时送ChatGPT账号..我刚刚在 Ubuntu 14.04 VM 上设置了 Tomcat 8,但无法从我的 http://[hostname]:8080/manager/html 访问 Manager App浏览器.我一点击它就会收到403 Access Denied"错误.我正在将 Tomcat 作为在 /etc/init.d/tomcat8-dev 中的配置文件中定义的服务运行.该错误消息表明 Tomcat 最初设置为只能从本地主机访问,但由于它是托管 VM,我无法在其上运行浏览器.
I've just set up Tomcat 8 on an Ubuntu 14.04 VM and I'm not able to access the Manager App at http://[hostname]:8080/manager/html from my browser. I get a "403 Access Denied" error as soon as I click on it. I am running Tomcat as a service defined in a config file in /etc/init.d/tomcat8-dev. The error message indicates that Tomcat is set up to be accessible only from localhost initially, but as it is a hosted VM I'm not able to run a browser on it.
我已经按照一些人的建议在 tomcat-users.xml 文件中设置了一个用户.但是,系统不会提示我提供该用户的凭据,并且在默认页面上找不到任何类型的登录按钮.该文件目前看起来像这样:
I have set up a user in the tomcat-users.xml file as several people have recommended. However, I am not prompted to provide the credentials for that user, and I can't find any kind of login button on the default page. That file currently looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users xmlns="http://tomcat.apache/xml"
xmlns:xsi="http://www.w3/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache/xml tomcat-users.xsd"
version="1.0">
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="(redacted)" password="(redacted)"
roles="manager-gui,manager-jmx,manager-status,manager-script"/>
</tomcat-users>
阅读 Tomcat 文档页面here后,我还尝试将 <Valve/> 标记添加到 context.xml 中,如下所示:
After reading the Tomcat documentation page here, I have also tried adding <Valve /> tags into context.xml that look something like this:
<Context privileged="true" antiResourceLocking="false"
docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1" />
<!--Another valve for my local machine's IP-->
</Context>
但是,一旦我设置了 privileged="true",当我使用浏览器连接到服务器时,无论我之后提供什么阀,我都会得到一个空白页面.
However, as soon as I set privileged="true", I get a blank white page when I connect to the server with my browser regardless of the valves I provide afterwards.
每当我进行更改时,我都会使用 sudo service tomcat8-dev restart 重新启动我的服务.
I restart my service with sudo service tomcat8-dev restart whenever I make changes.
根据我在这里和其他网站上阅读的帖子,我尝试过的其他事情:
Other things I have tried based on posts I read here and on other sites:
我的 tomcat 用户的各种角色配置将address="0.0.0.0" 添加到 server.xml使用 initctl 而不是根据说明设置服务 此处,出于某种原因,它不会在我的服务器上加载默认页面尝试不同的浏览器,并禁用我的弹出窗口拦截器
Various configurations of roles for my tomcat user
Adding address="0.0.0.0" to server.xml inside the <Connector /> tag
Using initctl instead of setting up a service based on the instructions here, which doesn't load the default page on my server for some reason
Trying different browsers, and disabling my popup blocker
我尝试过的任何方法都不起作用.如果您想了解有关我的情况的更多详细信息,请告诉我.有什么建议吗?
Nothing I've tried works. Please let me know if you would like more details about my situation. Any suggestions?
问题是我编辑了错误的 context.xml 文件.正确的文件在 tomcat/webapps/manager/META-INF 中.我错误地对 tomcat/conf/context.xml 进行了更改.
The problem was that I was editing the wrong context.xml file. The correct file is in tomcat/webapps/manager/META-INF. I had incorrectly been making changes to tomcat/conf/context.xml.
推荐答案
AFAIK Tomcat 阻止所有主机访问 Manager App (manager/html),但默认配置中的 localhost 除外.
AFAIK Tomcat blocks access to the Manager App (manager/html) for all hosts but localhost in its default configuration.
为了能够使用 http://[hostname]:8080/manager/html 访问管理器 GUI,在管理器应用程序的配置文件server.xml和context.xml中配置:
To be able to access the manager GUI with http://[hostname]:8080/manager/html, configure this in the configuration files server.xml and the context.xml of the manager application:
步骤 1: 在 [tomcat-install-dir]/conf/server.xml 中编辑 Connector 元素并添加您的 IP 以及 useIPVHosts="true",即:
Step 1: In [tomcat-install-dir]/conf/server.xml edit the Connector element and add your IP as well as useIPVHosts="true", i.e.:
<Connector port="9009" protocol="AJP/1.3" redirectPort="9443"
address="192.168.0.9" useIPVHosts="true" />
address="0.0.0.0" 可能不是您想要在此处插入的内容,因为它将管理器 GUI 暴露给网络上的所有机器.
address="0.0.0.0" is probably not what you want to insert here, as it exposes the manager GUI to all machines on the network.
步骤 2: 在 [tomcat-install-dir]/webapps/manager/META-INF/context.xml 中,编辑 Valve 元素并添加您的 IP:
Step 2: In [tomcat-install-dir]/webapps/manager/META-INF/context.xml, edit the Valve element and add your IP:
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="192\.168\.0\.9|127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>
来自 Tomcat 8 上下文文档
privileged :设置为 true 以允许此上下文使用容器servlet,如管理器 servlet.
privileged : Set to true to allow this context to use container servlets, like the manager servlet.
antiResourceLocking :如果为 true,Tomcat 将阻止任何文件锁定.这将显着影响应用程序的启动时间,但允许在平台上进行完整的 webapp 热部署和取消部署,或者可能发生文件锁定的配置
antiResourceLocking : If true, Tomcat will prevent any file locking. This will significantly impact startup time of applications, but allows full webapp hot deploy and undeploy on platforms or configurations where file locking can occur
请注意,我没有添加您在尝试的列表中提到的另一个 Valve 元素,而是编辑现有元素并添加我的 IP (192.168.0.9).
Note, that I don't add another Valve element as you mentioned in the list of things you tried but instead I edit the existing one and just add my IP (192.168.0.9).
步骤 3: 重新启动 Tomcat,您应该能够使用 localhost/127.0.0.1 以及您的主机名/IP 访问管理器 GUI.
Step 3: Restart Tomcat and you should be able to access the manager GUI with localhost / 127.0.0.1 as well as with your hostname / IP.
关于您的 tomcat-users.xml,Tomcat Manager HOW-TO 指出:
建议永远不要授予 manager-script 或 manager-jmx角色分配给具有 manager-gui 角色的用户.
It is recommended to never grant the manager-script or manager-jmx roles to users that have the manager-gui role.
所以你可能想在你的 tomcat-users.xml 中引入两个用户,即:
So you might want to introduce two users in your tomcat-users.xml, i.e.:
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-gui"/>
<role rolename="manager-status"/>
<user username="alice" password="whatever" roles="manager-script,manager-jmx"/>
<user username="bob" password="whatever" roles="manager-gui,manager-status"/>
这篇关于无法访问 Tomcat 8 Manager App的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
更多推荐
[db:关键词]
发布评论