
Apache Tomcat is an opensource Java-capable HTTP server. That is used to implement Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. In this tutorial, we will discuss how to Install Apache Tomcat on CentOS 8.
Apache Tomcat 9 on CentOS 8
Step 1: Install Java
Tomcat 9 requires Java SE 8 or later to be installed on the server before we start installation. We will install OpenJDK 11 open-source Java Platform. Run following commands as root or user with sudo access to install OpenJDK package.
sudo dnf install java-11-openjdk-devel
Step 2: Create tomcat user and group
It’s a security risk to to run Tomcat under root user. We need to create a new user and group dedicated to running tomcat service. To do so, run the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Step 3: Install Tomcat 9 on Linux CentOS 8
It’s always best practice to Check the latest release version of Tomcat 9. At the time of writing this tutorial, the latest Tomcat version is 9.0.34
. Save the version number to VERSION
variable and proceed to download.
After that, navigate to the /tmp
directory and download the latest Tomcat binary release:
cd /tmp
VERSION=9.0.34
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz
Once download complete extract archive and move to /opt/tomcat
directory.
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
Now, Create a symbolic link with name latest that points to the Tomcat installation directory. Later when upgrading Tomcat, you can easily migrate to another Tomcat version just by changing the symlink to point to the desired version.
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
Step 4: Set Permissions
Previously created user must have ownership of the /opt/tomcat
directory. Set proper directory permissions by running the below command:
sudo chown -R tomcat: /opt/tomcat
Create a script inside the bin
directory executable:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 5: Create Systemd Unit File
Create a new unit file to run Tomcat as a service. Using text editor create a tomcat.service
file inside /etc/systemd/system/
directory:
sudo nano /etc/systemd/system/tomcat.service
Now, add the following code into the file.
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Save and close the file.
After that reload systemd daemon to notify systemd that a new file created and start the Tomcat service:
sudo systemctl daemon-reload
Next, start and enable the Tomcat service:
sudo systemctl start tomcat
sudo systemctl enable --now tomcat
Check service status with the following command:
sudo systemctl status tomcat
● tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2020-04-15 20:38:07 UTC; 28s ago Process: 32520 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 31028 (java)
Step 6: Configure Firewall
If your server is protected by Firewall and you need to access tomcat outside of local network then you should open port 8080
.
sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
Step 7: Configuring Tomcat Web Management Interface
At this point, Tomcat is installed and time to create user and roles to access web interface. The tomcat-users.xml
file contains Tomcat users and their roles. Edit tomcat-users.xml
configuration file by running following command:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
We will define a new user in this file to access tomcat manager-gui
and admin-gui
. Its strongly recommended to set strong password for users.
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
Save and close the above file.
By default the Tomcat web management interface does not allow access the web interface from a remote IP. It’s a security risk to allow access from a remote IP or from anywhere. If you need to access the web interface from anywhere open the following files and make file content as given below.
Open Manager app context file using below command:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
Run below command to open Host Manager app context file:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
Save and close the files and restart the Tomcat server, type:
sudo systemctl restart tomcat
It is also allowed to set a specific IP to access web interface instead of from anywhere. Do not comment the blocks add your public IP to the list. For exmaple, your public IP is 51.21.36.102
then it should look like below:
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|51.21.36.102" />
</Context>
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|51.21.36.102" />
</Context>
You can add more IP address with vertical bar separator. Again, Restart the Tomcat service for changes to take effect:
sudo systemctl restart tomcat
Step 9: Access Tomcat Web interface
Open your favorite web browser and type: http://your_domain_or_IP_address:8080
It should appear page as given below if your installation is successful.

Visit http://your_domain_or_IP_address:8080/manager/html
to open Tomcat web application manager dashboard. Enter the credentials which we created previously in tomcat-users.xml
file.

The Virtual Host Manager App is available at http://your_domain_or_IP_address:8080/host-manager/html
. By using this app you can manage virtual hosts.

Conclusion
You have successfully installed Tomcat 9.0.x on your CentOS 8 system. You also learned how to create tomcat user and access Tomcat management interface. To learn more about the Apache Tomcat visit the official Apache Tomcat 9.0 Documentation.
If you have any problem or suggestion, please leave a comment below.
Leave a Reply