This has been driving me crazy for a few days now. Either I'm doing something completely wrong, really silly, or a combination thereof.
I am on Ubuntu 11.10. I ran the following commands:
sudo apt-get install nginx
sudo apt-get install tomcat7 tomcat7-admin
The following is my tomcat-users.xml file:
<?xml version='1.0' encoding='utf-8'?>
<tomcat-users>
<role rolename="admin" />
<role rolename="manager" />
<user username="admin" password="secret" roles="admin,manager" />
</tomcat-users>
I set up the following nginx configuration:
server {
listen 80;
server_name tomcat.example.com;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Authorization "Basic YWRtaW46c2VjcmV0";
}
}
Where YWRtaW46c2VjcmV0 is admin:secret encoded in Base64.
Accessing http://tomcat.example.com works fine; however, whenever I try to access http://tomcat.example.com/manager/html I get a 403 page from Tomcat. I have tried restarting both nginx and tomcat to no avail.
The following appears in my Nginx access log whenever I try to get into the Tomcat manager:
xxx.xxx.xxx.xxx - admin [29/Dec/2011:06:20:22 -0500] "GET /manager/html HTTP/1.1" 403 431 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.63 Safari/535.7"
The following appears in my Tomcat access log whenever I try to get into the Tomcat manager:
127.0.0.1 - admin [29/Dec/2011:06:20:22 -0500] "GET /manager/html HTTP/1.0" 403 1108
I plan to further secure this by setting up SSL on Nginx along with HTTP basic authentication, but I need to get the basics working first. Does anybody know what is going on here?
Best Answer
Completely contradictory to this screenshot from the very same installation of Tomcat, a role of simply
managerwill not suffice. I needed a role ofmanager-gui. I'm going to submit the faulty "It works!" page as a bug as this was an extremely frustrating process.There are also other manager roles that this default "It works!" page should elaborate about, like
manager-script.