Installing Apache Tomcat on CentOS 8

Apache Tomcat is an open-source software implementation of the Java Servlet and Java Server Pages technologies. With this guide, you’ll run applications within Tomcat using the OpenJDK implementation of the Java development environment.

Before You Begin

1. Familiarize yourself with our Getting Started guide and complete the steps for setting your Linode’s hostname and timezone.

2. Follow our Securing Your Server guide to create a standard user account, harden SSH access, and create firewall rules for your web server; you may need to make additional firewall exceptions for your specific application.

   Note

   This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, visit our Users and Groups guide.

   All configuration files should be edited with elevated privileges. Remember to include sudo before running your text editor.

3. Install the Java Development Kit.

   sudo yum install java-1.8.0-openjdk-headless
   

4. Run the following commands to check the version of java that is installed.

   java -version
   javac -version
   

5. Install the wget and tar utilities. You will need these in a later section to install the Apache Tomcat 9.

   sudo yum install wget -y && sudo yum install tar
   

Download and Install Apache Tomcat

1. Create a directory to download Apache Tomcat 9:

   sudo mkdir /usr/local/tomcat
   

2. Change to /usr/local/tomcat and download Apache Tomcat 9. As of writing this guide, Tomcat 9.0.33 is the latest version. See Apache Tomcat’s download page for their latest core tarball:

   sudo wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.33/bin/apache-tomcat-9.0.33.tar.gz
   

   Important

   Ensure that the version number matches the Tomcat 9 version you wish to download.

3. Extract the downloaded tarball’s contents into /usr/local/tomcat directory:

   sudo tar xvf apache-tomcat-9.0.33.tar.gz --strip-components=1 -C /usr/local/tomcat
   

4. Create a symbolic link to the latest version of Tomcat, that points to the Tomcat installation directory:

   sudo ln -s /usr/local/tomcat/apache-tomcat-9.0.33 /usr/local/tomcat/tomcat
   

5. Create a tomcat user and change the directory ownership to tomcat:

   sudo useradd -r tomcat
   sudo chown -R tomcat:tomcat /usr/local/tomcat
   

6. Create a new systemd service file, /etc/systemd/system/tomcat.service, in the text editor of your choice with the following details:

   File: /etc/systemd/system/tomcat.service

   1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20

   [Unit] Description=Tomcat Server After=syslog.target network.target [Service] Type=forking User=tomcat Group=tomcat Environment=JAVA_HOME=/usr/lib/jvm/jre Environment='JAVA_OPTS=-Djava.awt.headless=true' Environment=CATALINA_HOME=/usr/local/tomcat Environment=CATALINA_BASE=/usr/local/tomcat Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid Environment='CATALINA_OPTS=-Xms512M -Xmx1024M' ExecStart=/usr/local/tomcat/bin/catalina.sh start ExecStop=/usr/local/tomcat/bin/catalina.sh stop [Install] WantedBy=multi-user.target

7. Reload the systemd daemon to let it know about the tomcat.service that you created:

   sudo systemctl daemon-reload
   

8. Start and enable the Tomcat server:

   sudo systemctl enable tomcat
   sudo systemctl start tomcat
   

9. Configure your firewall to access the Tomcat server on port 8080:

   sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
   sudo firewall-cmd --reload
   

Test and Use Tomcat

You can test your Tomcat installation by pointing your browser at your domain name specifying port 8080. For example, you might use http://example.com:8080/, replacing example.com with your domain name. Note that Tomcat listens on network port 8080 and does not accept forced HTTPS connections by default. By default, Tomcat configuration files are located in the /usr/local/tomcat/conf directory.

Configure tomcat9-admin (optional)

1. To use the tomcat9-admin web application, add the following lines to the end of your /usr/local/tomcat/conf/tomcat-users.xml file before the </tomcat-users> line, substituting your own username and secure password. If using Tomcat Admin, include both the “manager-gui” role for the manager and the “admin-gui” role for the host-manager application.

   File: /usr/local/tomcat/conf/tomcat-users.xml

   1 2 3

   <role rolename="manager-gui"/> <role rolename="admin-gui"/> <user username="username" password="password" roles="manager-gui,admin-gui"/>

   Note

   If you are not using the web application and plan to manage your application(s) from the command line only, you should not enter these lines, because doing so may expose your server to unauthorized login attempts.

2. For Tomcat versions 8+ the managers have been pre-configured to only allow access from the same IP of the server where it’s installed. If you’re trying to access it from a browser remotely, you’ll need to comment out this configuration in the file /usr/local/tomcat/webapps/manager/META-INF/context.xml.

   File: /usr/local/tomcat/webapps/manager/META-INF/context.xml

   1 2 3 4 5 6

   ... <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> --> ...

3. Restart the Tomcat server, which will allow these changes to take effect:

   sudo systemctl restart tomcat
   

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

• Tomcat Home Page
• Tomcat FAQ