Security

• Tomcat Security - Realm (opens in a new tab)

Manager Application

• Access

  • Authentication

    • By default (UserDatabaseRealm), users are defined in $CATALINA_HOME/conf/tomcat-users.xml

  • Roles

    • manager-gui — Access to the HTML interface.
    • manager-status — Access to the Server Status page only.
    • manager-script — Access to the tools-friendly plain text interface that is described in this document, and to the Server Status page.
    • manager-jmx — Access to JMX proxy interface and to the Server Status page.

• Interface

  • HTTP GUI (opens in a new tab)

    http://<HOST>:<PORT>/manager/html

    Requires manager-gui role

    • Server Status

      http://<HOST>:<PORT>/manager/status[?XML=true] http://<HOST>:<PORT>/manager/status/all[?XML=true]

  • HTTP Text (opens in a new tab)

    http://<HOST>:<PORT>/manager/text/<COMMAND>

    Requires manager-script role

    • Deploy A New Application Archive (WAR) Remotely

      http://<HOST>:<PORT>/manager/text/deploy?path=<CONTEXT>&war=file:<WAR_FILE_PATH>

      curl -u manager:manager \
          -x PUT
          http://localhost:8080/manager/text/deploy\?path\=/test\&war\=file:/mnt/c/Users/takechiyo/workspace/github/sleepy-mouse.spring-microservice-rest/target/spring-microservice-rest-0.0.1-SNAPSHOT.war

    • List Currently Deployed Applications

      http://<HOST>:<PORT>/manager/text/list

    • Reload An Existing Application

      http://<HOST>:<PORT>/manager/text/reload?path=<CONTEXT>

    • List OS and JVM Properties

      http://<HOST>:<PORT>/manager/text/serverinfo

    • Stop an Existing Application

      http://<HOST>:<PORT>/manager/text/stop?path=<CONTEXT>

    • Start an Existing Application

      http://<HOST>:<PORT>/manager/text/start?path=<CONTEXT>

    • Undeploy an Existing Application

      http://<HOST>:<PORT>/manager/text/undeploy?path=<CONTEXT>

    • Connector SSL/TLS certificate chain information

      http://<HOST>:<PORT>/manager/text/sslConnectorCerts

    • Connector SSL/TLS trusted certificate information

      http://<HOST>:<PORT>/manager/text/sslConnectorTrustedCerts

    • Reload TLS configuration

      http://<HOST>:<PORT>/manager/text/sslReload?tlsHostName=name

    • VM Info

      http://<HOST>:<PORT>/manager/text/vminfo

  • JMX Proxy Servlet (opens in a new tab)

    http://<HOST>:<PORT>/manager/jmxproxy

    Requires manager-jmx role

Configuration

System Properties

System Properties can be added to $CATALINA_BASE/conf/catalina.properties, eg: spring.profiles.active=dev

Environment Variables

Use $CATALINA_BASE/bin/setenv.sh, absent by default, to specify environment variables.

Context

• Context Path

  • Rename WAR file to be deployed

• Resources

  • Apache Tomcat 9 Configuration Reference - The Context Container - Introduction - Defining a context (opens in a new tab)
  • Octopus Deploy - Defining Tomcat context paths (opens in a new tab)

Performance

• Resources

  • Tomcat Performance Best Practices (opens in a new tab)
  • MuleSoft - Tuning Tomcat performance for optimum speed (opens in a new tab)
  • 5 Apache Tomcat Performance Best Practices (opens in a new tab)
  • Tips for Tuning Apache Tomcat for High Performance (opens in a new tab)
  • Key metrics for monitoring Tomcat (opens in a new tab)
  • O'Reilly - Tomcat: The Definitive Guide, 2nd Edition - Chapter 4. Tomcat Performance Tuning (opens in a new tab)

Resources

• MuleSoft - Apache Tomcat resources (opens in a new tab)
• Apache Tomcat - Running The Apache Tomcat 9.0 Servlet/JSP Container (opens in a new tab)