Tomcat Manager Text Commands

11 July 2021

I recently published Tomcat Manager Application to my existing tomcats. In a nutshell, the Tomcat Manager App is a web application packaged with the Tomcat server to provide basic functionality to manage our deployed web applications. I intentionally dropped them on the first instance I installed Tomcats since I lack the time to configure them.

Tomcat Manager App is a part of the existing Tomcat package so I just have to untar it and copy the manager folder to the existing Tomcat webapps folder.

In an instance, here's how you can test if there are memory leaks

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/findleaks?statusLine=true
OK - No memory leaks found

Configuring Manager App

Edit the conf/tomcat-users.xml file then add the following making sure you change the username and password to its stronger equivalent.

<tomcat-users>
  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>
  <user username="tomcatman" password="s3cret" roles="manager-gui,manager-script"/>
</tomcat-users>

If you're planning to access the browser not from the machine where Tomcat is, you need to edit WEB-INF/context.xml file to add your IP address. Look for the line with Valve element and add your IP within the allow property. Escape full stops with backslash.

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Useful Commands

--insecure or -k is to avoid TLS validation. When issuing curl against unsecured URL, you can ommit this argument.

List all deployed applications

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/list
OK - Listed applications for virtual host [localhost]
/:running:1:ROOT
/manager:running:0:manager

Stopping an application

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/stop?path=/
OK - Stopped application at context path [/]

Starting an application

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/start?path=/
OK - Started application at context path [/]

Viewing the current user sessions

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/sessions?path=/
OK - Session information for application at context path [/]
Default maximum session inactive interval [30] minutes
[2 - <3] minutes: [1] sessions
[3 - <4] minutes: [4] sessions
[18 - <19] minutes: [1] sessions

Viewing TLS configurations

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/sslConnectorCiphers
OK - Connector / SSL Cipher information
Connector[HTTP/1.1-8443]-_default_
  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
....

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/sslConnectorCerts
OK - Connector / Certificate Chain information

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/sslConnectorTrustedCerts
OK - Connector / Trusted Certificate information

Reloading TLS Configuration

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/sslReload
OK - Reloaded TLS configuration for all TLS virtual hosts

Thread Dump

$ curl -ku tomcatman:s3cret https://yourdomain.com/manager/text/threaddump
OK - JVM thread dump
2021-07-10 16:24:10.172
Full thread dump OpenJDK 64-Bit Server VM (25.272-b10 mixed mode):

"ajp-nio-8011-exec-30" Id=177 cpu=2065390 ns usr=0 ns blocked 0 for -1 ms waited 4 for -1 ms
   java.lang.Thread.State: WAITING
        at sun.misc.Unsafe.park(Native Method)
        - waiting on (a java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject@6c422292)
        at java.util.concurrent.locks.LockSupport.park(LockSupport.java:175)
...