Arrismog
asked on
How do I change tha admin console port from Tomcat?
Good day experts
I currently have Apache Tomcat 5.5.27 installed on a Linux SLES10 SP2, and a configured administration console at http://xxxxx:8080 where I usually do the admin for my apps.
Is there any way to change the port for the administration console, for example http://xxxx:9999?
Thanks in advance
I currently have Apache Tomcat 5.5.27 installed on a Linux SLES10 SP2, and a configured administration console at http://xxxxx:8080 where I usually do the admin for my apps.
Is there any way to change the port for the administration console, for example http://xxxx:9999?
Thanks in advance
If you don't know where is $CATALINA_HOME, then
as "root"
find / -type f -name server.xml
as "root"
find / -type f -name server.xml
ASKER
@wesly_chen:
Doing so will force my other user apps installed under webapps to use 9999, is there any way to make only the admin console to listen to 9999 while the others keep listening under 8080? Just like in websphere, where the default port for the admin console is 9060 and the other installed apps listen at 8080 (this way I could filter port 9060 by specific ip via iptables). I would like to filter access to the tomcat console by ip address without disrupting user app access, so I was thinking of separating admin console and user apps by different ports (and then filter them with iptables)
Doing so will force my other user apps installed under webapps to use 9999, is there any way to make only the admin console to listen to 9999 while the others keep listening under 8080? Just like in websphere, where the default port for the admin console is 9060 and the other installed apps listen at 8080 (this way I could filter port 9060 by specific ip via iptables). I would like to filter access to the tomcat console by ip address without disrupting user app access, so I was thinking of separating admin console and user apps by different ports (and then filter them with iptables)
Instead of changing from 8080 to 9999, you can duplicate
<Connector port="9999"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="300"
connectionTimeout="10000"
maxKeepAliveRequests="-1"
disableUploadTimeout="true " />
in server.xml.
Then you can listen on both port.
or you can add https for port 9999
<Connector port="9999"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="300"
connectionTimeout="10000"
maxKeepAliveRequests="-1"
disableUploadTimeout="true
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="./conf/keyst ore.tomcat .pkcs12"
keystorePass="passw0rd"
keystoreType="PKCS12" />
<Connector port="9999"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="300"
connectionTimeout="10000"
maxKeepAliveRequests="-1"
disableUploadTimeout="true
in server.xml.
Then you can listen on both port.
or you can add https for port 9999
<Connector port="9999"
maxHttpHeaderSize="8192"
maxThreads="150"
minSpareThreads="25"
maxSpareThreads="75"
enableLookups="false"
acceptCount="300"
connectionTimeout="10000"
maxKeepAliveRequests="-1"
disableUploadTimeout="true
scheme="https"
secure="true"
clientAuth="false"
sslProtocol="TLS"
keystoreFile="./conf/keyst
keystorePass="passw0rd"
keystoreType="PKCS12" />
ASKER
@wesly_chen:
But the admin console would still be available through port 8080 right? What I need (if possible) is the following:
1. Admin console from tomcat be available "only" at port 9999 (http://iptest:9999/, not http://iptest:8080/)
2. Other webapps deployed be available "only" at port 8080 (default)
Or any other way to keep all user webapps that are deployed "visible" , and the admin console "ONLY visible" to ip 10.111.111.111 and ip 10.111.222.222 (which I was thinking by filtering it via iptables once they were listening at different ports):
>>iptables -A INPUT -p tcp --ddport 9999 -s 10.111.111.111 -j ACCEPT
>>iptables -A INPUT -p tcp --ddport 9999 -s 10.111.222.222 -j ACCEPT
>>iptables -A INPUT -p tcp --ddport 9999 -j DROP
But the admin console would still be available through port 8080 right? What I need (if possible) is the following:
1. Admin console from tomcat be available "only" at port 9999 (http://iptest:9999/, not http://iptest:8080/)
2. Other webapps deployed be available "only" at port 8080 (default)
Or any other way to keep all user webapps that are deployed "visible" , and the admin console "ONLY visible" to ip 10.111.111.111 and ip 10.111.222.222 (which I was thinking by filtering it via iptables once they were listening at different ports):
>>iptables -A INPUT -p tcp --ddport 9999 -s 10.111.111.111 -j ACCEPT
>>iptables -A INPUT -p tcp --ddport 9999 -s 10.111.222.222 -j ACCEPT
>>iptables -A INPUT -p tcp --ddport 9999 -j DROP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Exactly what I was looking for!! Thanks a lot!
You made my day sir
You made my day sir
change
----------
<Connector port="8080"
..
-----------
to
-----------
<Connector port="9999"
...
Then restart tomcat.