How to Install Tomcat 9 on CentOS 8 Linux

The Apache Tomcat software is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies.
 
Apache Tomcat software powers to run numerous large-scale, mission-critical web application across a diverse range of industries and organizations.
 
The Apache tomcat is very powerful and popular application server in the world and having a robust ecosystem of add-ons. It is straightforward to use and configure to run java applications.
 
In this tutorial, we will explain how to install and configure Tomcat 9 application server on CentOS 8 Operating System.

Prerequisites

We need a system running on CentOS 8 Linux, and having a user to login on the system with sudo privileges to execute installation command without any issue.

Install OpenJDK

Tomcat application server needs Java to installed on the system. Here, we will install OpenJDK, which is default Java Development and runtime environment provided by CentOS.

You can install any java in your system ether OpenJDK or Oracle Java, follow this to install Java into CentOS.

The installation of OpenJDK is straightforward, first update the CentOS package repository index:

$ sudo yum update

Now, install OpenJDK using following command:

$ sudo yum install java-1.8.0-openjdk-devel

Create Tomcat User

Due to some security issue, we are not running Tomcat under the root user privileges. So, we are creating a new system user to run Tomcat service with home directory “/opt/tomcat”:
$ sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Install Tomcat Application Server

To install Tomcat first need to download binary release of Tomcat 9 from the Tomcat application server download page.
 

At the time of writing this tutorial, the latest version of Tomcat is 9.0.27. Before continuing the next step to install Tomcat, you should check the Tomcat 9 download page for the latest release. If there is a new version of Tomcat is available, copy the link od the core “tar.gz” file from the Binary distribution section.

Use wget command to download Tomcat archive in the “/tmp” directory using the following command:
$ cd /tmp
$ wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz

After completing the download of Tomcat binary package, extract the package and move it to the “/opt/tomcat” directory using the following command:

$ tar -xf apache-tomcat-9.0.27.tar.gz
$ sudo mv apache-tomcat-9.0.27 /opt/tomcat/

We can control Tomcat versions and updates by creating a symbolic link of tomcat installation directory with the name of “latest” as shown below:

$ sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest
When you want to upgrade Tomcat instance to the latest version, simple unpack the newer version of Tomcat and change the symlink point to the latest version.
 
Now we need to give access to the Tomcat installation directory to the tomcat user, as we want to run the tomcat service using this system user.
 
We can use the following command to change the directory ownership for user and group to Tomcat:
$ sudo chown -R tomcat: /opt/tomcat

The scripts available inside “bin” directory must be having executable permission:

$ sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Create a system Unit File

If we want to run Tomcat as a service, we need to create a new unit file. First, we will create a tomcat service file as name “tomcat.service” in the “/etc/system/system/” directory, using the following command:
$ sudo vim /etc/systemd/system/tomcat.service
Copy and paste the following configuration into the service file:
/etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target

“you should modify the “JAVA_HOME” path as per your installation path”.

After saving the above service file, notify the system that we have a new unit file using the following command:

$ sudo systemctl daemon-reload

Now, start Tomcat service by executing the below command:

$ sudo systemctl start tomcat

We can use the following command to check the service status:

$ sudo systemctl status tomcat
● tomcat.service - Tomcat 9 servlet container
   Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: disabled)
   Active: active (running) since Thu 2019-09-15 20:47:50 UTC; 4s ago
  Process: 1729 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 1727 (java)
   CGroup: /system.slice/tomcat.service

If we are not getting any error in the service file, we will enable the Tomcat service to start it automatically on system boot time:

$ sudo systemctl enable tomcat

Adjust the Firewall

If a firewall protects your CentOS 8 Operating system, and you want to access your Tomcat from the outside of your local network, need to open port 8080 on the firewall as tomcat service is running on default port 8080.

To open port 8080 from outside of the local network, execute below command:
$ sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
$ sudo firewall-cmd --reload

Generally, we are using the Tomcat application server with a load balancer or reverse proxy server. It is the best practice to restrict access on port 8080 for the local network and use the application on a proxy server.

Configure Tomcat Web Management Interface

Now the Tomcat is successfully installed and running into the CentOS 8 machine. In the next step, we will check how to create a user to access the Tomcat’s web management interface.

We have a configuration file in Tomcat with name “tomcat-users.xml”. This file is a template with comment and examples of configuring a user and role.
 
To check the file, use below command:
$ sudo vim /opt/tomcat/latest/conf/tomcat-users.xml
To create a user to access Tomcat web interface with the access of Manager and admin, we need to create a user in the tomcat-user.xml file as shown below.
 
It would be best if you changed the username and password as we use less secure user and password here:
/opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users>
<!--
    Comments
-->
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
By default, Tomcat web management interface is accessible from localhost only. If you want to access it from remote location or IP, you have to remove these restrictions.
 
To open access to the web interface from anywhere, comment or remove these lines from these two files:
context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
But I recommend you to allow your IP to access it from your IP, and due to security issue don’t open it for all. To allow it from a specific IP you can simply add your IP into both files.
 
For example, we enable your IP 111.111.111.111 to access the Manager and Host Manager app, as shown below:
context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1|111.111.111.111" />
</Context>

The allowed IP addresses separated by vertical bar “|”. You can use it to add a single IP address or use a regular expression. To take effect of the above configuration, always restart Tomcat services when you edit Tomcat configuration files:

$ sudo systemctl restart tomcat

Test the Tomcat Installation

Open your browser and assess Tomcat using IP address and port 8080, like http://<your_domain_or_IP_address>:8080 After successful installation of Tomcat you will get a similar screen shown below:

The Tomcat web application manager dashboard is available on url “http://<your_domain_or_IP_address>:8080/manager/html”. You can deploy, undeploy, start, stop and reload application from this manager window.

Similarly, Tomcat virtual host manager dashboard is available on url “http://<your_domain_or_IP_address>:8080/host-manager/html”. This dashboard you can use to create, delete and manage Tomcat virtual hosts.

To sign in above both panel, you can use username and password which have created for tomcat web interface access in the above steps.

Conclusion

You have installed Tomcat 9 on your CentOS 8 machine. You have learned to access tomcat applications, manager and host-manager dashboard. You lean to configure tomcat user to access web interfaces to manage tomcat services and virtual hosts.

If you want to know more about the Tomcat application server, you can visit official Apache Tomcat 9 Documentation site.
 
If you are getting any problem with this article or have any feedback, leave a comment below.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Related Articles