How to Install Tomcat 9 on Ubuntu 18.04

Apache Tomcat 9 is an open-source Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket implementation. It is currently one of the most extensively used application and web servers in the world. Tomcat is easy to use and has a thriving ecosystem of add-ons.

This article will walk you through installing and configuring Tomcat 9 on Ubuntu 18.04. The procedures are the same for Ubuntu 18.04 and any other Ubuntu-based distribution, including Linux Mint and Elementary OS.

You must be logged in as a user with sudo rights in order to install packages on your Ubuntu system.

Step 1: Install OpenJDK first.

Tomcat 9 necessitates the installation of Java. We’ll install OpenJDK, which is Ubuntu 18.04’s default Java development and runtime.

Java installation is straightforward. To begin, update the package index:

$ sudo apt update

Install the OpenJDK package by running:

$ sudo apt install default-jdk

Step 2: Create Tomcat User

Tomcat 9 should not be run as the root user for security reasons. To run the Tomcat service, we will create a new system user and group with the home directory /opt/tomcat:

$ sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat

Step 3: Install Tomcat

We’ll get the most recent binary release of Tomcat 9 from the Tomcat 9 downloads website.

The most recent version at the time of writing is 9.0.27. Before proceeding to the next step, check the download page for a new version. If a new version is available, copy the link to the Core tar.gz file, which is located in the Binary Distributions section.

Begin by downloading the Tomcat archive to the /tmp directory with the wget command:

$ wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz -P /tmp

Once the download is complete, extract the Tomcat archive and move it to the /opt/tomcat directory:

$ sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat

Create a symbolic link called latest that connects to the Tomcat installation location to gain better control over Tomcat versions and updates:

$ sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest

If you want to upgrade your Tomcat instance later, simply unpack the newer version and update the symlink to point to the most recent version.

Tomcat will execute as the tomcat user, as indicated in the preceding section. This user must be able to access the Tomcat installation directory.

The following command transfers ownership of the directory to user and group tomcat:

$ sudo chown -RH tomcat: /opt/tomcat/latest

The scripts in the bin directory must be marked as executable:

$ sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Step 4: Create a systemd Unit File

To run Tomcat as a service you need to create a new unit file.

Open your text editor and create a file named tomcat.service in the /etc/systemd/system/:

$ sudo nano /etc/systemd/system/tomcat.service

Paste the following configuration:

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Modify the value of JAVA_HOME if the path to your Java installation is different.

Save and close the file and notify systemd that we created a new unit file:

$ sudo systemctl daemon-reload

Start the Tomcat service by executing:

sudo systemctl start tomcat

Use the following command to check the status of the service:

$ sudo systemctl status tomcat

Output

* tomcat.service - Tomcat 9 servlet container
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-09-05 15:45:28 PDT; 20s ago
  Process: 1582 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 1604 (java)
    Tasks: 47 (limit: 2319)
   CGroup: /system.slice/tomcat.service

If there are no issues, set the Tomcat service to start automatically at boot time:

$ sudo systemctl enable tomcat

Step 5: Adjust the Firewall

If your server is behind a firewall and you wish to access Tomcat from outside your local network, open port 8080.

Type the following command to allow traffic on port 8080:

$ sudo ufw allow 8080/tcp

Step 6: Set up Tomcat’s Web Management Interface

Now that Tomcat is up and operating, the following step is to grant access to the web management interface to a user.

Tomcat users and roles are defined in the tomcat-users.xml file. This file is a template with comments and examples describing how to configure user or role.

$ sudo nano /opt/tomcat/latest/conf/tomcat-users.xml

To add a new user with access to the Tomcat web interface (manager-gui and admin-gui) we need to define the user in the tomcat-users.xml file, as shown below. Make sure you change the username and password to something more secure:

/opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users>
<!--
    Comments
-->
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>

By default, Tomcat’s web management interface restricts access to the Manager and Host Manager apps to just localhost.

You must remove these limitations if you want to access the web interface from a remote IP address. This has a number of security implications and is not recommended for production systems.

Open the following two files and comment or remove the lines noted in yellow to enable access to the web interface from anywhere.

Open the following file for the Manager app:

$ sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml

For the Host Manager app, open the following file:

$ sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml

context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

Another option is to restrict access to the Manager and Host Manager apps to a single IP address. Rather than commenting the blocks, simply add your IP address to the list.

If your public IP address is 45.45.45.45, for example, you would make the following change:

context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|45.45.45.45" />
</Context>

The list of permitted IP addresses is separated by a vertical bar |. You can enter individual IP addresses or use regular expressions.

Remember to restart the Tomcat service after making changes to Tomcat configuration files:

$ sudo systemctl restart tomcat

Step 7: Test the Tomcat Installation

Open your browser and type: http://<your_domain_or_IP_address>:8080

Assuming the installation is successful, a screen similar to the following should appear:

The Tomcat web application manager dashboard can be found at http://your domain or IP address>:8080/manager/html. You may deploy, undeploy, start, stop, and reload your applications from here.

You can log in using the user you created in Step 6.

The Tomcat virtual host manager dashboard may be found at http://your domain or IP address>:8080/host-manager/html. You can build, delete, and manage Tomcat virtual hosts from this page.