Post Installation Tasks

By default, Tomcat sends a Server header exposing version information. You can override it to reduce information leakage.

1. Edit the Tomcat connector in server.xml.

sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml

1. Add or update the server attribute on the HTTP connector and (if used) AJP connector, then save.

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           server=" "
           redirectPort="8443" />

1. Restart Pentaho Server.

sudo systemctl restart pentaho-server

The legacy Java Security Manager is deprecated and not available on modern Java LTS versions (including Java 21). Do not use -security with Tomcat on Java 21. Prefer OS‑level hardening, least‑privilege users, network scoping, and container/AppArmor/SELinux policies as appropriate.

Change the context path if you do not want the application accessible at /pentaho.

1. Stop the Pentaho Server.

cd /opt/pentaho/server/pentaho-server
sudo ./stop-pentaho.sh

1. Edit context.xml.

sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho/META-INF/context.xml

1. Update the context path.

<Context path="/company" docBase="webapps/company/" />

1. Rename the webapp folder to match the new context name.

sudo mv /opt/pentaho/server/pentaho-server/tomcat/webapps/pentaho \
        /opt/pentaho/server/pentaho-server/tomcat/webapps/company

1. Update the redirect in ROOT/index.jsp.

sudo nano /opt/pentaho/server/pentaho-server/tomcat/webapps/ROOT/index.jsp

Change the meta refresh to:

<meta http-equiv="refresh" content="0;URL=/company">

1. Update the server URL.

sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties

fully-qualified-server-url=http://localhost:8080/company/

1. Start the server and test.

sudo ./start-pentaho.sh

Default port is 8080.

1. Stop the Pentaho Server.

cd /opt/pentaho/server/pentaho-server
sudo ./stop-pentaho.sh

1. Change the connector port.

sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml

<Connector URIEncoding="UTF-8"
      port="8443"
      protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="150"
      SSLEnabled="true"
      scheme="https"
      secure="true"
      clientAuth="false"
      sslProtocol="TLS"
      keystoreType="PKCS12"
      keystoreFile="/opt/pentaho/pentaho-server/tomcat/ssl/keystore.p12"
      keystorePass="changeit"
    />

1. Update the server URL.

sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties

fully-qualified-server-url=http://localhost:8090/pentaho/

1. Start the server and verify.

sudo ./start-pentaho.sh
curl -I http://localhost:8090/pentaho/ | head -n 1

Default port is 8080.

1. Stop the Pentaho Server.

cd /opt/pentaho/server/pentaho-server
sudo ./stop-pentaho.sh

1. Change the connector port.

sudo nano /opt/pentaho/server/pentaho-server/tomcat/conf/server.xml

<Connector URIEncoding="UTF-8"
           port="8090" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443"
           relaxedPathChars="[]|"
           relaxedQueryChars="^{}[]|&amp;"
           maxHttpHeaderSize="65536" />

1. Update the server URL.

sudo nano /opt/pentaho/server/pentaho-server/pentaho-solutions/system/server.properties

fully-qualified-server-url=http://localhost:8090/pentaho/

1. Start the server and verify.

sudo ./start-pentaho.sh
curl -I http://localhost:8090/pentaho/ | head -n 1

By default Tomcat listens on a local shutdown port (8005) for the SHUTDOWN command.

• Disable the port by setting port="-1", or

• Change both the port and the shutdown command to unpredictable values.

1. Edit the <Server> element in server.xml.

Examples:

or

1. Restart Pentaho Server.

Define application‑level error pages to avoid exposing defaults.

1. Create an error page in your webapp.

1. Add error mappings in the webapp web.xml.

1. Restart the server and test.

Set a global session timeout for the application.

1. Edit the webapp web.xml.

If server startup times out while Karaf installs features, increase the wait time.

1. Stop the server.

1. Edit server.properties.

Uncomment or add:

1. Start the server.

Remove evaluation samples before moving to production.

1. Stop the server.

1. Delete the samples.zip from default content (path may vary by version).

1. Edit the webapp web.xml and remove the HSQLDB sample definitions and the SystemStatusFilter (dev‑only).

Remove blocks similar to:

1. Optionally remove the server data/ directory if only sample content was used (verify your environment before deleting).

1. Start the server and remove sample folders via PUC (Browse Files → Public → Move to Trash).

Hide Getting Started and other widgets from the PUC Home page.

1. Stop the server.

1. Edit the Home perspective configuration.

Add or update:

1. Start the server and log in to verify.

Changing vendor JSPs may be overwritten on upgrade. Prefer SSO or reverse proxy controls. If you must, edit the login JSP.

1. Stop the server.

1. Edit PUCLogin.jsp.

1. Set autocomplete to off for user/password inputs.

1. Start the server.

Adjust upload limits and (optionally) staging database.

1. Edit pentaho.xml.

1. Change the staging database for CSV files (optional) in data-access/settings.xml.

1. In PUC, go to Tools → Refresh System Settings, then restart PUC (or the server) to apply.