Hide Tomcat Version on Error Response


I am using the camunda-bpm-platform:tomcat-7.16.0 docker image to run camunda in a docker container.

Everytime I get an error response from engine-rest I can see the version of tomcat being used (see image below).

This has been pointed out as a security risk. I found this post and followed it. Basically it says to:

  1. Go to <Tomcat_INSTAL_DIR>/bin/tomcat/lib.
  2. Create subfolders/directory structure as follows org\apache\catalina\util\
  3. Create a text file as ServerInfo.properties
  4. Add the following lines, to ServerInfo.properties file and Save.
  5. Stop and start tomcat service.

However I can’t find the directory <Tomcat_INSTAL_DIR>/bin/tomcat/lib inside of my docker container and it is unclear to me where I should put the ServerInfo.properties file.

Is this the correct approach, or is there a better way to achieve this?

Hi @jominga,

if you run Docker Desktop on your computer, you can easily attach a command line interface to your running container and inspect the filesystem.

Tomcat is installed in the camunda directory, and the folder for the ServerInfo.properties would be /camunda/lib/org/apache/catalina/util.

Hope this helps, Ingo

Thanks! It worked!