Tomcat 9 – how to allow remote management console login

  java, linux 
First make sure we added the admin user:
nano /opt/apache-tomcat-9.0.0.M18/conf/tomcat-users.xml


Add this at the bottom of the config:

  <role rolename="manager-gui"/>
  <role rolename="admin"/>
  <role rolename="admin-gui"/>
  <role rolename="manager-script"/>
  <role rolename="manager"/>
  <user username="admin" password="yoursecretpasswordhere" roles="admin,manager-gui,admin-gui,manager,manager-script,manager-status"/>
</tomcat-users>

Next, to allow remote login from different IPs...
		   
Make sure we're shut down:
/opt/apache-tomcat-9.0.0.M18/bin/shutdown.sh
 

Check processes:
ps aux | grep tomcat | grep -v grep
 

Edit the manager configuration:
nano /opt/apache-tomcat-9.0.0.M18/webapps/manager/META-INF/context.xml
 

Replace this:
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
</Context>

to allow 192.*.*.* addresses, with this:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192\.\d+.\d+.\d+" />
</Context>


 
or for 10.*.*.* addresses, with this:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|10\.\d+.\d+.\d+" />
</Context>


 
Restart:
/opt/apache-tomcat-9.0.0.M18/bin/startup.sh


Watch the log: 
tail -F /opt/apache-tomcat-9.0.0.M18/logs/*.out



Next, access the management console by ip: http://server-ip-here:8080/ and then log in using "admin" and the password you set up above.

In 2019, to build a Dockerfile and replace

allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
with
allow="\d+\.\d+\.\d+\.\d+" />





Do:





RUN sed -i 's/allow="127\\.\\d+\\.\\d+\\.\\d+|::1|0:0:0:0:0:0:0:1"/allow="\\d+\\.\\d+\\.\\d+\\.\\d+"/g' /usr/local/tomcat/webapps/manager/META-INF/context.xml





To enable Tomcat deployments, edit your Maven’s settings.xml file and add this in the <servers> section:





  <servers>
   	<server>
			<id>TomcatServer</id>
			<username>admin</username>
			<password>yoursecretpasswordhere</password>
	</server>
  </servers>





Then, in your project’s pom.xml, in the <builld> section, add something like this. Make sure that “TomcatServer” matches with the name you used in the maven settings.xml file.





<build>
    <finalName>projectabc</finalName>
    <plugins>
        <plugin>
            <artifactId>maven-compiler-plugin</artifactId>
            <version>3.6.1</version>
            <configuration>
                <source>1.8</source>
                <target>1.8</target>
            </configuration>
        </plugin>
        <plugin>
            <groupId>org.apache.tomcat.maven</groupId>
            <artifactId>tomcat7-maven-plugin</artifactId>
            <version>2.2</version>
            <configuration>
                <url>http://ip.address.of.your.tomcat.server:8080/manager/text</url>
                <server>TomcatServer</server>
                <path>/projectabc</path>
            </configuration>
        </plugin>
    </plugins>
</build>
 
</project>





Then, from IntelliJ, select tomcat7:deploy