Hide Tomcat Version on Error Response

jominga · December 15, 2021, 12:16pm

Hello,

I am using the camunda-bpm-platform:tomcat-7.16.0 docker image to run camunda in a docker container.

Everytime I get an error response from engine-rest I can see the version of tomcat being used (see image below).

This has been pointed out as a security risk. I found this post and followed it. Basically it says to:

Go to <Tomcat_INSTAL_DIR>/bin/tomcat/lib.
Create subfolders/directory structure as follows org\apache\catalina\util\
Create a text file as ServerInfo.properties
Add the following lines, to ServerInfo.properties file and Save.
server.info=Something
Stop and start tomcat service.

However I can’t find the directory <Tomcat_INSTAL_DIR>/bin/tomcat/lib inside of my docker container and it is unclear to me where I should put the ServerInfo.properties file.

Is this the correct approach, or is there a better way to achieve this?

Ingo_Richtsmeier · December 15, 2021, 7:22pm

Hi @jominga,

if you run Docker Desktop on your computer, you can easily attach a command line interface to your running container and inspect the filesystem.

Tomcat is installed in the camunda directory, and the folder for the ServerInfo.properties would be /camunda/lib/org/apache/catalina/util.

Hope this helps, Ingo

jominga · December 16, 2021, 8:38am

Thanks! It worked!