Tomcat
1 前言
一个问题,一篇文章,一出故事。
笔者最近生产环境部署Tomcat 8,然后开发需要自行上传APP(war)文件,于是需要设置页面管理账号。
关于Tomcat 8.x的安装方法,请参阅如下文档,
2 最佳实践
2.1 配置TomCat用户
cp /usr/tomcat/apache-tomcat-8.5.81/conf/tomcat-users.xml /usr/tomcat/apache-tomcat-8.5.81/conf/tomcat-users.xml.default vim /usr/tomcat/apache-tomcat-8.5.81/conf/tomcat-users.xml
修改如下配置,
<?xml version="1.0" encoding="UTF-8"?> <tomcat-users xmlns="http://tomcat.apache.org/xml" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd" version="1.0"> <role rolename="manager-gui"/> <role rolename="admin-gui"/> <user username="tomcat" password="tomcatpwd" roles="manager-gui,admin-gui"/> </tomcat-users>
2.2 配置manager访问控制
cp /usr/tomcat/apache-tomcat-8.5.81/webapps/manager/META-INF/context.xml /usr/tomcat/apache-tomcat-8.5.81/webapps/manager/META-INF/context.xml.default vim /usr/tomcat/apache-tomcat-8.5.81/webapps/manager/META-INF/context.xml
修改如下配置,
<Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="\d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context>
2.3 配置host-manager访问控制
cp /usr/tomcat/apache-tomcat-8.5.81/webapps/host-manager/META-INF/context.xml /usr/tomcat/apache-tomcat-8.5.81/webapps/host-manager/META-INF/context.xml.default vim /usr/tomcat/apache-tomcat-8.5.81/webapps/host-manager/META-INF/context.xml
修改如下配置,
<Context antiResourceLocking="false" privileged="true" > <CookieProcessor className="org.apache.tomcat.util.http.Rfc6265CookieProcessor" sameSiteCookies="strict" /> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="\d+\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/> </Context>
2.4 重启服务使配置生效
systemctl restart tomcat.service
2.5 使用页面验证配置
http://10.168.0.157:8080/manager/html
没有评论