Production Server Overview

What This Section Covers

Best practices and recommendations on securing a production TDS/Tomcat server:

You should know how to do a basic installation of Tomcat, Java, and the TDS; and be familiar with the Tomcat directory structure; Tomcat server configuration; and the Tomcat manager application.

Why Is Security Important?

Be afraid

Keeping Software Versions Up-To-Date



Tomcat Process User/Group and ${tomcat_home} Permissions


Background info

The JVM doesn't fork at all, nor does it support setuid() calls. The JVM, and therefore Tomcat, is one process. The JVM is a virtual machine with many threads under the same process.


Removing Unused Web Applications


Using Digested Passwords


Tomcat Realms

A realm element represents a "database" of usernames, passwords, and roles (similar to Unix groups) assigned to those users.

Configure Tomcat to use digested passwords

Enabling SSL Encryption

How SSL works

For more information on how SSL works, Wikipedia details the steps involved during an SSL transaction.


CA-signed Certificates

A self-signed certificate says to your users "Trust me - I am who I say I am."

A certificate signed by a CA says, "Trust me - the CA agrees I am who I say I am."

SSL certificates

Certificate keystore file

 <Connector protocol="HTTP/1.1" port="8443" maxThreads="200" 
    scheme="https" secure="true" SSLEnabled="true"
    clientAuth="false" sslProtocol="TLS"/>
Enabling SSL in Tomcat

Configuring web applications for SSL

Looking Ahead

Other than the compelling security reasons, you will want to enable SSL to take advantage of a couple of monitoring and debugging tools: the TDS Remote Management Tool, and the TdsMonitor Tool -- both of which (out-of-the-box) require SSL to access.


Securing the Tomcat manager Application

Changes to the manager application

The manager application URLs and roles has been re-structured. See the Tomcat Migration guide for more information.


Enabling SSL for the Tomcat manager application


Blocking Non-Essential Port Access At The Firewall


For running the TDS, keep in mind the following:


Restricting Access To The TDS By Remote IP Address Or Host


Tomcat Valves

A valve element represents a component that will be inserted into the request processing pipeline for the associated Catalina container.


  1. Using the RemoteAddrValve to restrict access based on IP addresses.
  2. <!-- This example denies access based on IP addresses -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           deny="128\.117\.47\.201,128\.107\.157\.210,96\.33\.56\.215" />
  3. Using the RemoteHostValve to restrict access based on resolved host names.
  4. <!-- This example denies access based on host names -->
    <Valve className="org.apache.catalina.valves.RemoteHostValve"
               deny="www\.badguys\.com,www\.bandwidthhog\.net" />
  5. Using wildcard characters.
  6. <!-- Wildcard characters can with the both valves -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
           deny="128\.117\.47\..*" />
  7. Using the RemoteAddrValve to limit access to a specific range of IP addresses.
  8. <!-- This example only allows the specified IPs to access  -->
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
              allow="128\.117\.140\..*" />


Reverse Proxy



Running Tomcat with a Security Manager



Protecting the Tomcat SHUTDOWN Port

SHUTDOWN on port 8005