14

Update: cleanup and directly indicate the problem and the solution.

PROBLEM:

Docker-tomcat was properly installed and running, except for the 403 Access error in the Manager App. It also seems that my docker tomcat cannot find my tomcat-users.xml configuration.

SOLUTION

Thanks to Farhad and Sanket for the answers.

[Files]:

Dockerfile

FROM tomcat:8.5.11
MAINTAINER Borgy Manotoy <borgymanotoy@ujeaze.com>

# Update Apt and then install Nano editor (RUN can be removed)
RUN apt-get update && apt-get install -y \
    nano \
&& mkdir -p /usr/local/tomcat/conf

# Copy configurations (Tomcat users, Manager app)
COPY tomcat-users.xml /usr/local/tomcat/conf/
COPY context.xml /usr/local/tomcat/webapps/manager/META-INF/

Tomcat Users Configuration (conf/tomcat-users.xml)

<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
    <role rolename="manager-gui"/>
    <role rolename="manager-script"/>
    <user username="admin" password="password" roles="manager-gui,manager-script" />
</tomcat-users>

Application Context (webapps/manager/META-INF/context.xml)

<?xml version="1.0" encoding="UTF-8"?>
<Context antiResourceLocking="false" privileged="true" >
  <!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  -->
</Context>

[STEPS & COMMANDS]:

  1. Build Docker Image

    docker build -t borgymanotoy/my-tomcat-docker .

  2. Run Image (my-tomcat-docker and set port to 8088)

    docker run --name my-tomcat-docker-container -p 8088:8080 -it -d borgymanotoy/my-tomcat-docker

  3. Go to the container's bash (to check files inside the container thru bash)

    docker exec -it biyahe-tomcat-docker-container bash

Community
  • 1
  • 1
Borgy Manotoy
  • 1,960
  • 5
  • 27
  • 42

3 Answers3

17

First you need to expose your application in the container, so you can connect to it from dockerhost/network.

docker run -d -p 8000:8080 tomcat:8.5.11-jre8

You need to change 2 files in order to access the mangaer app from remote host. (Browser on Docker host is considered remote, only packets received on containers loopback are considered local for tomcat)

  1. /usr/local/tomcat/webapps/manager/META-INF/context.xml Note the commented section.

    <Context antiResourceLocking="false" privileged="true" >
<!--
     <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->

Please note the commented section.

  1. /usr/local/tomcat/conf/tomcat-users.xml as you stated in the question.

    <tomcat-users xmlns="http://tomcat.apache.org/xml"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
          version="1.0">
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="admin" password="password" roles="manager-gui,manager-script" />

In order to make changes to files in the container, You can try building your own image, but I suggest using docker volumes or bind mounts.

Also make sure you restart the container so the changes take effect.

Farhad Farahi
  • 35,528
  • 7
  • 73
  • 70
2

Please specify the port when you do a docker run like (i believe mine/tomcat-version is your image name),

docker run -p 8000:8080 -it -d --name MyContainerName mine/tomcat-version

then access the manager page using,

http://<ipaddress>:8000/manager/html

To get the host ip address in docker to need to execute docker-machine ip

Addition info: You can also get into the container using below command,

docker exec -it MyContainerName bash if you want to check different things like tomcat logs, conf files, etc.

ProgrammerBoy
  • 876
  • 6
  • 19
  • I forgot to indicate that I already set the port to 8088 and assigned a name for the container. Thanks for the 'docker exec...' I needed this to work inside the container. – Borgy Manotoy Mar 10 '17 at 07:11
  • 403 error it seems it did not see the changes in my tomcat-users.xml, although it is already applied. I need to alter context.xml as indicated in farhad's answer in #1 and it works now :) Thanks guys! – Borgy Manotoy Mar 10 '17 at 08:44
0

Although this is quite late, I wanted to leave my 2 cents.

I took this solution to the next level by building a sample continuous integration system that deploys wars to the docker tomcat just by running mvn clean install via project IDE whilst having the docker tomcat container running.

  • This solves the problem of having to restart tomcat-container every time a new build is available. Takes advantage of tomcat's auto-deploy
  • Uses shared volume so that you can deploy multiple wars into the shared volume and a script picks up your wars and deploys to tomcat webapps
  • Comes with a standard user 'admin' so as to access manager GUI.
  • Available on public docker repo: docker run -p 8080:8080 -d --name tom -v <YOUR_VOLUME>:/usr/local/stagingwebapps wintersoldier/tomcat_ci:1.0
  • Picks up any war files dropped to the shared volume and instantly deploys them to tomcat server with an option to deploy it via GUI as well
  • Here is a sample application with required maven changes & docker file to explore
Winter Soldier
  • 2,607
  • 3
  • 14
  • 18