How to access Tomcat 8 admin gui from different host?

I followed this excellent article about putting Apache in front of Tomcat, acting as a reverse proxy:

How can you access the admin gui from a remote machine, though? Since we closed port 8080 as part of the setup, I can’t get to tomcat anymore. For example, going to:


gives me a 403 page:

“By default the Host Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you’ll need to edit the Host Manager’s context.xml file.”

I do have a user set up in there as directed (from the setting up tomcat 8 tutorial), but this doesn’t change anything. Restarted tomcat, still nothing.

How do you access the gui? Or is there a different way to deploy my web app war files?


Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

As covered in How To Install Apache Tomcat 8 on Ubuntu 16.04

By default, newer versions of Tomcat restrict access to the Manager and Host Manager apps to connections coming from the server itself. Since we are installing on a remote machine, you will probably want to remove or alter this restriction. To change the IP address restrictions on these, open the appropriate context.xml files.

If you followed that installation tutorial, those file can be found at:

  • /opt/tomcat/webapps/manager/META-INF/context.xml

  • sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

To allow remote access, edit the files and comment out the part of the configuration file specifying the IP address restriction or replace them with a list of IP addresses that you would like to whitelist.

context.xml files for Tomcat webapps
<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->

Restart Tomcat for the changes to take effect:

sudo systemctl restart tomcat

Remember, since Apache mod_jk makes a local connection to Tomcat on port 8080 and proxies it to port 443 over HTTPS (or port 80 if you are not setting up SSL), you will access it at https://your_ip_address/manager/html