Deploying my application at the root in Tomcat（转自StackOverFlow，做记录）

down vote

I know that my answer is kind of overlapping with some of the other answer, but this is a complete solution that has some advantages. This works on Tomcat 8: The main application is served from the root The deployment of war files through the web interface is maintained. The main application will run on port 80 while only the admins have access to the managment folders (I realize that *nix systems require superuser for binding to 80, but on windows this is not an issue). This means that you only have to restart the tomcat once, and after updated war files can be deployed without a problem. Step 1: In the server.xml file, find the connector entry and replace it with: <Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> Step 2: Define contexts within the <Host ...> tag: <Context path="/" docBase="CAS"> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context> <Context path="/ROOT" docBase="ROOT"> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context> <Context path="/manager" docBase="manager" privileged="true"> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context> <Context path="/host-manager" docBase="host-manager" privileged="true"> <WatchedResource>WEB-INF/web.xml</WatchedResource> </Context> Note that I addressed all apps in the webapp folder. The first effectively switch the root and the main app from position. ROOT is now on http://example.com/ROOT and the the main application is on http://example.com/. The webapps that are password protected require the privileged="true" attribute. When you deploy a CAS.war file that matches with the root (<Context path="/" docBase="CAS">you have to reload that one in the admin panel as it does not refresh with the deployment. Do not include the <Context path="/CAS" docBase="CAS"> in your contexts as it disables the manager option to deploy war files. This means that you can access the app in two ways: http://example.com/ and http://example.com/APP/ Step 3: In order to prevent unwanted access to the root and manager folder, add a valve to those context tags like this: <Context path="/manager" docBase="manager" privileged="true"> <WatchedResource>WEB-INF/web.xml</WatchedResource> <Valve className="org.apache.catalina.valves.RemoteAddrValve" addConnectorPort="true" allow="143\.21\.2\.\d+;8080|127\.0\.0\.1;8080|::1;8080|0:0:0:0:0:0:0:1;8080"/> </Context> This essentially limits access to the admin web app folder to people from my own domain (fake IP address) and localhost when they use the default port 8080 and maintains the ability to dynamically deploy the war files through the web interface. If you want to use this for multiple apps that are using different IP addresses, you can add the IP address to the connector (address="143.21.2.1"). If you want to run multiple web apps from the root, you can duplicate the Service tag (use a different name for the second) and change the docbase of the <Context path="/" docBase="CAS">to for example <Context path="/" docBase="ICR">.