# Post Installation Tasks {% hint style="info" %} #### **Post‑installation Hardening & Tuning** Optional settings you can apply after installation to harden Tomcat/Pentaho and tune behaviour: {% endhint %}

Hide Tomcat Server header

By default, Tomcat sends a `Server` header exposing version information. You can override it to reduce information leakage. 1. Edit the Tomcat connector in `server.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml ``` 2. Add or update the `server` attribute on the HTTP connector and (if used) AJP connector, then save. ```xml ``` 3. Restart Pentaho Server. ```bash sudo systemctl restart pentaho-server ```

Java Security Manager (deprecated/removed)

The legacy Java Security Manager is deprecated and not available on modern Java LTS versions (including Java 21). Do not use `-security` with Tomcat on Java 21. Prefer OS‑level hardening, least‑privilege users, network scoping, and container/AppArmor/SELinux policies as appropriate.

Change the web application context path

Change the context path if you do not want the application accessible at `/pentaho`. 1. Stop the Pentaho Server. ```bash cd /opt/pentaho/server/pentaho-server sudo ./stop-pentaho.sh ``` 2. Edit `context.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/META-INF/context.xml ``` 3. Update the context path. ```xml ``` 4. Rename the webapp folder to match the new context name. ```bash sudo mv /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho \ /opt/pentaho/server/pentaho-server/tomcat/webapps/company ``` 5. Update the redirect in `ROOT/index.jsp`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/ROOT/index.jsp ``` Change the meta refresh to: ```html ``` 6. Update the server URL. ```bash sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties ``` ``` fully-qualified-server-url=http://localhost:8080/company/ ``` 7. Start the server and test. ```bash sudo ./start-pentaho.sh ``` {% hint style="warning" %} Upgrades may overwrite deployed webapps. Reapply customizations after upgrades, or use reverse proxy path mapping instead. {% endhint %}

Change to HTTPs

Default port is 8080. 1. Stop the Pentaho Server. ```bash cd /opt/pentaho/server/pentaho-server sudo ./stop-pentaho.sh ``` 2. Change the connector port. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml ``` ```xml ``` 3. Update the server URL. ```bash sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties ``` ``` fully-qualified-server-url=http://localhost:8090/pentaho/ ``` 4. Start the server and verify. ```bash sudo ./start-pentaho.sh curl -I http://localhost:8090/pentaho/ | head -n 1 ```

Change default HTTP port

Harden or disable the Tomcat shutdown port

By default Tomcat listens on a local shutdown port (8005) for the `SHUTDOWN` command. * Disable the port by setting `port="-1"`, or * Change both the port and the shutdown command to unpredictable values. 1. Edit the `` element in `server.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml ``` Examples: ```xml ``` or ```xml ``` 2. Restart Pentaho Server. ```bash sudo systemctl restart pentaho-server ```

Custom error pages (404, 403, 500)

Define application‑level error pages to avoid exposing defaults. 1. Create an error page in your webapp. ```bash sudo tee /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/error.jsp >/dev/null <<'EOF' Error

Something went wrong

Please contact your administrator.

EOF ``` 2. Add error mappings in the webapp `web.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/WEB-INF/web.xml ``` ```xml

404

/error.jsp

403

/error.jsp

500

/error.jsp ``` 3. Restart the server and test.

Session timeout

Set a global session timeout for the application. 1. Edit the webapp `web.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/WEB-INF/web.xml ``` ```xml

```

Increase Karaf startup wait time

If server startup times out while Karaf installs features, increase the wait time. 1. Stop the server. ```bash sudo systemctl stop pentaho-server ``` 2. Edit `server.properties`. ```bash sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties ``` Uncomment or add: ``` # Time (ms) to wait for Karaf to install features before timing out karafWaitForBoot=180000 ``` 3. Start the server. ```bash sudo systemctl start pentaho-server ```

Remove sample data from the server

Remove evaluation samples before moving to production. 1. Stop the server. ```bash sudo systemctl stop pentaho-server ``` 2. Delete the `samples.zip` from default content (path may vary by version). ```bash sudo rm -f /opt/pentaho/server/pentaho-server/pentaho-solutions/system/default-content/samples.zip || true ``` 3. Edit the webapp `web.xml` and remove the HSQLDB sample definitions and the SystemStatusFilter (dev‑only). ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/WEB-INF/web.xml ``` Remove blocks similar to: ```xml

hsqldb-databases

sampledata@../../data/hsqldb/sampledata

org.pentaho.platform.web.http.context.HsqldbStartupListener

SystemStatusFilter

com.pentaho.ui.servlet.SystemStatusFilter

``` 4. Optionally remove the server `data/` directory if only sample content was used (verify your environment before deleting). ```bash sudo rm -rf /opt/pentaho/server/pentaho-server/data || true ``` 5. Start the server and remove sample folders via PUC (Browse Files → Public → Move to Trash). ```bash sudo systemctl start pentaho-server ```

Hide Home perspective widgets

Hide Getting Started and other widgets from the PUC Home page. 1. Stop the server. ```bash sudo systemctl stop pentaho-server ``` 2. Edit the Home perspective configuration. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/mantle/home/properties/config.properties ``` Add or update: ``` disabled-widgets=getting-started,recents,favorites ``` 3. Start the server and log in to verify. ```bash sudo systemctl start pentaho-server ```

Turn off autocomplete on the login page (advanced)

Changing vendor JSPs may be overwritten on upgrade. Prefer SSO or reverse proxy controls. If you must, edit the login JSP. 1. Stop the server. ```bash sudo systemctl stop pentaho-server ``` 2. Edit `PUCLogin.jsp`. ```bash sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/jsp/PUCLogin.jsp ``` 3. Set autocomplete to off for user/password inputs. ```html ``` 4. Start the server. ```bash sudo systemctl start pentaho-server ```

Increase CSV upload limits

Adjust upload limits and (optionally) staging database. 1. Edit `pentaho.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/pentaho.xml ``` ```xml

/system/metadata/csvfiles/

10000000

500000000

``` 2. Change the staging database for CSV files (optional) in `data-access/settings.xml`. ```bash sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/data-access/settings.xml ``` ```xml hibernate ``` 3. In PUC, go to Tools → Refresh System Settings, then restart PUC (or the server) to apply.

*** --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://academy.pentaho.com/pentaho-11-installation-en/installation/post-installation-tasks.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.