Apache Tomcat is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. It provides a “pure Java” HTTP web server environment in which Java code can run. In this tutorial, you will learn how to Install Apache Tomcat 9 on CentOS 7.
To install Apache Tomcat, you should have logged in non-root user account with sudo privileges.
Install Apache Tomcat 9 on CentOS 7
You should follow the below steps to install Tomcat 9 on your CentOS server.
Java should installed on your system before start Tomcat installation process. So we will install OpenJDK which is the default Java development and runtime in CentOS.
Issue below command to install the OpenJDK package:
sudo yum install java-1.8.0-openjdk-devel
All done! Java is installed on your system.
Create Tomcat User
It is a security risk to run Tomcat as a root user. So you should create a new system user for tomcat by issuing below command:
sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat
We will download the latest binary release of Tomcat 9 from Tomcat 9 downloads page to install Tomcat. At the time of writing, the latest version is 9.0.20.
We will download Tomcat archive in the
/tmp directory using the following wget command:
Once the download completed then extract the archive and move to
sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
To easily manage Tomcat versions and updates create a symbolic link for installation directory. So if you want to migrate to next Tomcat version you need to only change this symbolic link.
sudo ln -s /opt/tomcat/apache-tomcat-9.0.20 /opt/tomcat/latest
As we mention previously Tomcat should run under tomcat user. So this user should have installation access to the tomcat installation directory.
Run the below chown command to give ownership to tomcat user and tomcat group:
sudo chown -RH tomcat: /opt/tomcat/latest
The scripts inside bin directory must have executable flag:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Create a systemd unit file
You should create tomcat.service unit file under
/etc/systemd/system/ directory to run Tomcat. Run the below command to create it:
sudo nano /etc/systemd/system/tomcat.service
Add the following content to file:
[Unit] Description=Tomcat 9.0 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/default-java" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
Now you have to reload systemd daemon to notify that new unit file created and start the Tomcat service by executing:
sudo systemctl daemon-reload
sudo systemctl start tomcat
You can check the tomcat service status by typing:
sudo systemctl status tomcat
It should show output as below:
● tomcat.service - Tomcat 9.0 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2019-06-05 18:31:17 IST; 22s ago Process: 19408 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 19416 (java) Tasks: 42 (limit: 4915) CGroup: /system.slice/tomcat.service
If everything gone without error then you can enable autostart Tomcat after boot using below command:
sudo systemctl enable tomcat
Adjust the Firewall
If your CentOS server protected using Firewall then you need to open port
8080 to access tomcat interface from outside network.
sudo ufw allow 8080/tcp
Configure Tomcat Web Management Interface
Now to access web management interface you should create a user. In
tomcat-users.xml file defined users and roles. Edit
tomcat-users.xml file by running following command:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
Once file is opened you notice that there are comments given for how to add users and roles. You can use this instructions to create user.
Next we will add new username and password for
manager-gui. File will shown as below:
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
Make sure that password should stronger.
Save and close the file.
By default the Tomcat web management interface allows access and connections only from the
localhost. If you need to access the web interface from anywhere you should remove this restriction. To change IP address restriction open following files.
Open Manager app context and Host Manager file using below command:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
Now remove Valve tag line or add comments as given in following file:
<Context antiResourceLocking="false" privileged="true" >
If you want to set IP restriction to allow web interface then you can add your public IP address to the list instead of commenting the block. For example your IP address is
18.104.22.168 and you want to access only from that IP then you should make change in file as below:
<Context antiResourceLocking="false" privileged="true" >
At last save and close the file and restart the Tomcat server to get effect.
sudo systemctl restart tomcat
Open your browser and type below address:
If your installation is successful then you should get the following output:
You can visit Tomcat web application manager dashboard at following address:
Now to login enter username and password you have created in tomcat-users.xml file.
From here you can deploy, undeploy, start, stop and reload your applications.
Tomcat virtual host manager dashboard is available at below address:
From here you can create, delete and manage Tomcat virtual hosts.
You have installed Tomcat 9.0 on your CentOS 7 system. You can visit the official Apache Tomcat 9.0 Documentation and learn more about the Apache Tomcat features.
If you have any question then you can leave comment below.