Apache Tomcat is an open-source Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket implementation. It is currently one of the most extensively used application and web servers in the world. Tomcat is easy to use and has a thriving ecosystem of add-ons.
This article will walk you through installing and configuring Tomcat 9 on Ubuntu 18.04. The procedures are the same for Ubuntu 16.04 and any other Ubuntu-based distribution, including Linux Mint and Elementary OS.
You must be logged in as a user with sudo rights in order to install packages on your Ubuntu system.
Step 1: Install OpenJDK first.
Tomcat necessitates the installation of Java. We’ll install OpenJDK, which is Ubuntu 18.04’s default Java development and runtime.
Java installation is straightforward. To begin, update the package index:
$ sudo apt update
Install the OpenJDK package by running:
$ sudo apt install default-jdk
Step 2: Create Tomcat User
Tomcat should not be run as the root user for security reasons. To run the Tomcat service, we will create a new system user and group with the home directory /opt/tomcat:
$ sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat
Step 3: Install Tomcat
We’ll get the most recent binary release of Tomcat 9 from the Tomcat 9 downloads website.
The most recent version at the time of writing is 9.0.27. Before proceeding to the next step, check the download page for a new version. If a new version is available, copy the link to the Core tar.gz file, which is located in the Binary Distributions section.
Begin by downloading the Tomcat archive to the /tmp directory with the wget command:
$ wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz -P /tmp
Once the download is complete, extract the Tomcat archive and move it to the
$ sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
Create a symbolic link called latest that connects to the Tomcat installation location to gain better control over Tomcat versions and updates:
$ sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest
If you want to upgrade your Tomcat instance later, simply unpack the newer version and update the symlink to point to the most recent version.
Tomcat will execute as the tomcat user, as indicated in the preceding section. This user must be able to access the Tomcat installation directory.
The following command transfers ownership of the directory to user and group tomcat:
$ sudo chown -RH tomcat: /opt/tomcat/latest
The scripts in the bin directory must be marked as executable:
$ sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 4: Create a systemd Unit File
To run Tomcat as a service you need to create a new unit file.
Open your text editor and create a file named tomcat.service in the /etc/systemd/system/:
$ sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/default-java" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
Modify the value of JAVA_HOME if the path to your Java installation is different.
Save and close the file and notify systemd that we created a new unit file:
$ sudo systemctl daemon-reload
Start the Tomcat service by executing:
sudo systemctl start tomcat
Use the following command to check the status of the service:
$ sudo systemctl status tomcat
Output * tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2018-09-05 15:45:28 PDT; 20s ago Process: 1582 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 1604 (java) Tasks: 47 (limit: 2319) CGroup: /system.slice/tomcat.service
If there are no issues, set the Tomcat service to start automatically at boot time:
$ sudo systemctl enable tomcat
Step 5: Adjust the Firewall
If your server is behind a firewall and you wish to access Tomcat from outside your local network, open port 8080.
Type the following command to allow traffic on port 8080:
$ sudo ufw allow 8080/tcp
Step 6: Set up Tomcat’s Web Management Interface
Now that Tomcat is up and operating, the following step is to grant access to the web management interface to a user.
Tomcat users and roles are defined in the
tomcat-users.xml file. This file is a template with comments and examples describing how to configure user or role.
$ sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
To add a new user with access to the Tomcat web interface (manager-gui and admin-gui) we need to define the user in the
tomcat-users.xml file, as shown below. Make sure you change the username and password to something more secure:
/opt/tomcat/latest/conf/tomcat-users.xml <tomcat-users> <!-- Comments --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
By default, Tomcat’s web management interface restricts access to the Manager and Host Manager apps to just localhost.
You must remove these limitations if you want to access the web interface from a remote IP address. This has a number of security implications and is not recommended for production systems.
Open the following two files and comment or remove the lines noted in yellow to enable access to the web interface from anywhere.
Open the following file for the Manager app:
$ sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For the Host Manager app, open the following file:
$ sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
context.xml <Context antiResourceLocking="false" privileged="true" > <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> --> </Context>
Another option is to restrict access to the Manager and Host Manager apps to a single IP address. Rather than commenting the blocks, simply add your IP address to the list.
If your public IP address is 184.108.40.206, for example, you would make the following change:
context.xml <Context antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|220.127.116.11" /> </Context>
The list of permitted IP addresses is separated by a vertical bar |. You can enter individual IP addresses or use regular expressions.
Remember to restart the Tomcat service after making changes to Tomcat configuration files:
$ sudo systemctl restart tomcat
Step 7: Test the Tomcat Installation
Open your browser and type:
Assuming the installation is successful, a screen similar to the following should appear:
The Tomcat web application manager dashboard can be found at http://your domain or IP address>:8080/manager/html. You may deploy, undeploy, start, stop, and reload your applications from here.
You can log in using the user you created in Step 6.
The Tomcat virtual host manager dashboard may be found at http://your domain or IP address>:8080/host-manager/html. You can build, delete, and manage Tomcat virtual hosts from this page.