aspose file tools*
The moose likes Tomcat and the fly likes Tomcat 7 : change port number for manager app Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Tomcat 7 : change port number for manager app" Watch "Tomcat 7 : change port number for manager app" New topic
Author

Tomcat 7 : change port number for manager app

Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
Hello,

I want to partition tomcat apps so that manager / administration application can be accessed on different port number than custom applications. I would like to continue to use port 8080 for my applications and use a different port number for manager app. Any ideas ?

Thanks in advance !
Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
IS it possible to use https ( port 443) for admin/ manager apps and then use 8080 for all other applications ?
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15632
    
  15

It doesn't work that way.

By convention, traffic on port 443 (or in Tomcat's case 8443) is encrypted HTTP (also known as HTTPS), unlike traffic on ports 80/8080, which is plain text. In other words, a completely different protocol. In fact, a URL that simply says "http://hostname/etc" is automatically sent to the hostname port 80 (as plain text) and a URL coded as "https://hostname/etc" is automatically sent to the hostname port 443 (using the TLS security system). That's what Tomcat URLs are typically things like "http://hostname:8080/etc" - to explicitly override the default destination port number.

The ports used for HTTP and HTTPS are set as part of the Host definition in the Tomcat server.xml file. To give an application over to some other port(s), you'd need to define another Host in server.xml and deploy the app(s) in question to that Host. Effectively running 2 servers at the same time. Most people just set up an entire second copy of Tomcat.

Of course, second tomcat or second host, it doesn't matter. The Tomcat Manager app only manages the apps in the same Tomcat instance/host that the Manager itself is running in.


Customer surveys are for companies who didn't pay proper attention to begin with.
Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
Thanks Tim for your prompt response. Do you mean if I set up 2 server.xml files, the manager app on one port can not be used for administering apps on another port ?

Also if I implement HTTPS, do I also have to change all references from http to https in existing apps ? OR can I redirect all http requests to 8443 port automatically ?

Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19541
    
  16

You can't set up 2 server.xml files for one Tomcat installation. You would need two separate Tomcat installations. Alternatively, it should be possible to have two Connector elements inside your server.xml, one for port X and one for port Y.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15632
    
  15

As Rob has stated, there is one and only one server.xml per Tomcat instance. You can use an alternate CATALINA_HOME to setup a separate Tomcat instance and share the CATALINA_BASE among multiple instances, but each CATALINA_HOME contains one and only one server.xml files.

Multiple Connectors also works, but without extra plumbing, they'll simply be alternate paths to the same apps.

As far as "administering apps on a port", that's not how it works. Apps are apps. Ports are simply the pipelines into the apps. The apps care not what port a request comes in on. The admin webapp simply talks to the Host that contains the apps, and it's really not that much different from any user-written webapp.
Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
Thanks Rob and Tim. From the discussion, it seems like I won't be able to administer any user-written app if the manager/admin app is accessible from a different port than user apps located in separate catalina home. If I am correct, setting up alternate catalina_home is same as using a complete different tomcat installation. Could you provide me some more info on configuring multiple connectors in a server.xml file ? The goal I am trying to achieve is to partition manager and user app so that they reside on separate TCP/IP ports.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19541
    
  16

I was actually mistaken. You don't need to create a separate Connector element, but a complete separate (second) Service element. Basically copy your existing Service element, paste it beneath the current one, and then modify that second one:
- the Service name must be different.
- the Connector ports must be different, including redirectPorts.
- the Engine name must be different.
- the Host's appBase must be different.

The latter is not 100% necessary for a second Service element in general, but in your case it should be; the appBase of the existing Service element should not include the manager app, and the appBase of the new Service element should only include the manager app (or vice versa).
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

While you cannot do that directly in Tomcat, you CAN achieve the desired effect with a reverse-proxy server. Tomcat itself only listens to the loopback address (localhost, or 127.0.0.1). I then have an Apache Web Server, which I configure to reverse-proxy for specific web applications in Tomcat. Apache 2.2 even includes mod_proxy_ajp, which can communicate with Tomcat via AJP, thus preserving the original HTTP headers (easier to get remoteAddr() this way).

http://tomcat.apache.org/connectors-doc/generic_howto/proxy.html has a pretty good introduction to using Apache Web Server with Tomcat in this way. I HIGHLY recommend this setup, or something similar with a front-facing web server, for any production installations of Tomcat.


OCPJP
In preparing for battle I have always found that plans are useless, but planning is indispensable. -- Dwight D. Eisenhower
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19541
    
  16

Pete Nelson wrote:Tomcat itself only listens to the loopback address (localhost, or 127.0.0.1).

Not so. A Host element can have a name that is not "localhost" (the default). This should be
Usually the network name of this virtual host, as registered in your Domain Name Service server.
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15632
    
  15

Rob Spoor wrote:
Pete Nelson wrote:Tomcat itself only listens to the loopback address (localhost, or 127.0.0.1).

Not so. A Host element can have a name that is not "localhost" (the default). This should be
Usually the network name of this virtual host, as registered in your Domain Name Service server.


Actually, the name "localhost" for the default host doesn't mean that Tomcat is only listening to the localhost IP 127.0.0.1. Unless otherwise directed, Tomcat is listening on ALL ip addresses. But "localhost" is the name of the default host.
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19541
    
  16

Well, I changed it a while ago for some reason, and Tomcat stopped responding to requests except when we used that specific host name. We later changed it back because the change was just a test for something that didn't work out.
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

Yes Rob & Tim, you can have Tomcat bound to other hosts. But that is NOT the way I am setting it up in this case - I am binding it to localhost only, just like I said in my full statement.

The point was to serve apps on a different port than your manager app. If that's your goal, you want to limit access to Tomcat, regardless of what Tomcat CAN do.
Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
Pete,

I am trying to implement reverse proxy server technique as you suggested. I only have Tomcat Server 7.0 as a web server. I don't have Apache 2.2. Can I still partition manager and user written apps ?

Thanks !
Pete Nelson
Ranch Hand

Joined: Aug 30, 2010
Posts: 147

You would need to have some sort of HTTP server that is able to handle proxying. I am only really familiar with using Apache for this, although other servers such as lighttpd or nginx should work as well, I would think. Tomcat by itself cannot do reverse-proxying natively.

Would you be willing to use Apache 2.2 Web Server, or are you otherwise prevented from installing another web server? If so, I can give you some more details to help you set it up (just let me know).
Prashant aphale
Greenhorn

Joined: Dec 01, 2011
Posts: 6
Thanks for the info, Pete. Since it is a customer's server, I will need to get their approval for installing another server. I will let you know if we decide to go with it.

Thanks !
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Tomcat 7 : change port number for manager app
 
Similar Threads
Regarding Tomcat Port Numbers
Tomcat broken link
setting context in tomcat4.0.1
problem using manager application for each tomcat instance
avoid port number :8080 in URL ?