Menu

How to Install Tomcat 9 on CentOS 8

Written by
, ,
How to Install Tomcat 9 on CentOS 8

Apache Tomcat is an opensource Java-capable HTTP server. That is used to implement Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. In this tutorial, we will discuss how to Install Apache Tomcat on CentOS 8.

Apache Tomcat 9 on CentOS 8

Step 1: Install Java

Tomcat 9 requires Java SE 8 or later to be installed on the server before we start installation. We will install OpenJDK 11 open-source Java Platform. Run following commands as root or user with sudo access to install OpenJDK package.

sudo dnf install java-11-openjdk-devel

Step 2: Create tomcat user and group

It’s a security risk to to run Tomcat under root user. We need to create a new user and group dedicated to running tomcat service. To do so, run the following command:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Step 3: Install Tomcat 9 on Linux CentOS 8

It’s always best practice to Check the latest release version of Tomcat 9. At the time of writing this tutorial, the latest Tomcat version is 9.0.34. Save the version number to VERSION variable and proceed to download.

After that, navigate to the /tmp directory and download the latest Tomcat binary release:

cd /tmp
VERSION=9.0.34
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz

Once download complete extract archive and move to /opt/tomcat directory.

sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/

Now, Create a symbolic link with name latest that points to the Tomcat installation directory. Later when upgrading Tomcat, you can easily migrate to another Tomcat version just by changing the symlink to point to the desired version.

sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest

Step 4: Set Permissions

Previously created user must have ownership of the /opt/tomcat directory. Set proper directory permissions by running the below command:

sudo chown -R tomcat: /opt/tomcat

Create a script inside the bin directory executable:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Step 5: Create Systemd Unit File

Create a new unit file to run Tomcat as a service. Using text editor create a tomcat.service file inside /etc/systemd/system/ directory:

sudo nano /etc/systemd/system/tomcat.service

Now, add the following code into the file.

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Save and close the file.

After that reload systemd daemon to notify systemd that a new file created and start the Tomcat service:

sudo systemctl daemon-reload

Next, start and enable the Tomcat service:

sudo systemctl start tomcat
sudo systemctl enable --now tomcat

Check service status with the following command:

sudo systemctl status tomcat
● tomcat.service - Tomcat 9 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2020-04-15 20:38:07 UTC; 28s ago
Process: 32520 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 31028 (java)

Step 6: Configure Firewall

If your server is protected by Firewall and you need to access tomcat outside of local network then you should open port 8080.

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload

Step 7: Configuring Tomcat Web Management Interface

At this point, Tomcat is installed and time to create user and roles to access web interface. The tomcat-users.xml file contains Tomcat users and their roles. Edit tomcat-users.xml configuration file by running following command:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml

We will define a new user in this file to access tomcat manager-gui and admin-gui. Its strongly recommended to set strong password for users.

<tomcat-users>
<!--
    Comments
-->
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>

Save and close the above file.

By default the Tomcat web management interface does not allow access the web interface from a remote IP. It’s a security risk to allow access from a remote IP or from anywhere. If you need to access the web interface from anywhere open the following files and make file content as given below.

Open Manager app context file using below command:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

Run below command to open Host Manager app context file:

sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

Save and close the files and restart the Tomcat server, type:

sudo systemctl restart tomcat

It is also allowed to set a specific IP to access web interface instead of from anywhere. Do not comment the blocks add your public IP to the list. For exmaple, your public IP is 51.21.36.102 then it should look like below:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|51.21.36.102" />
</Context>
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|51.21.36.102" />
</Context>

You can add more IP address with vertical bar separator. Again, Restart the Tomcat service for changes to take effect:

sudo systemctl restart tomcat

Step 9: Access Tomcat Web interface

Open your favorite web browser and type: http://your_domain_or_IP_address:8080

It should appear page as given below if your installation is successful.

tomcat-home

Visit http://your_domain_or_IP_address:8080/manager/html to open Tomcat web application manager dashboard. Enter the credentials which we created previously in tomcat-users.xml file.

tomcat-manager

The Virtual Host Manager App is available at http://your_domain_or_IP_address:8080/host-manager/html. By using this app you can manage virtual hosts.

tomcat-host-manager

Conclusion

You have successfully installed Tomcat 9.0.x on your CentOS 8 system. You also learned how to create tomcat user and access Tomcat management interface. To learn more about the Apache Tomcat visit the official Apache Tomcat 9.0 Documentation.

If you have any problem or suggestion, please leave a comment below.

If our content helps you, please consider buying us a coffee

Thank you for your support.

Related Posts

Leave a Reply

© 2020 TecNStuff All rights reserved. This website is using and storing cookies on your browser. By using this website you agree our Privacy Policy.  Follow us -  Twitter | Facebook