[ad_1]
This tutorial describes how to install and configure Tomcat 9 on Ubuntu 20.04.
Apache Tomcat is an open-source web server and Java servlet container. It is one of the most popular choices for building Java-based websites and applications. Tomcat is lightweight, easy to use, and has a robust ecosystem of add-ons.
Installing Java #
Tomcat 9 requires Java SE 8 or later to be installed on the system. We’ll install OpenJDK 11
, the open-source implementation of the Java Platform.
Run the following commands as root or user with sudo privileges
or root to update the packages index and install the OpenJDK 11 JDK package:
sudo apt update
sudo apt install openjdk-11-jdk
Once the installation is complete, verify it by checking the Java version:
java -version
The output should look something like this:
openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)
Creating a System User #
Running Tomcat under the root user is a security risk. We’ll create a new system user
and group with home directory /opt/tomcat
that will run the Tomcat service. To do so, enter the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Downloading Tomcat #
Tomcat binary distribution is available for download from the Tomcat downloads page
.
At the time of writing, the latest Tomcat version is 9.0.35
. Before continuing with the next step, check the Tomcat 9 download page to see if a newer version is available.
Use wget
to download the Tomcat zip file to the /tmp
directory:
VERSION=9.0.35
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp
Once the download is complete, extract the tar file
to the /opt/tomcat
directory::
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
Tomcat is updated on a regular basis with security patches and new features. To have more control over versions and updates, we’ll create a symbolic link
called latest
, that points to the Tomcat installation directory:
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
Later, when upgrading Tomcat, unpack the newer version and change the symlink to point to it.
The system user that was previously created must have access to the tomcat installation directory. Change the directory ownership
to user and group tomcat:
sudo chown -R tomcat: /opt/tomcat
The shell scripts inside the Tomcat’s bin
directory must be executable
:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
These scripts are used to start, stop and, otherwise manage the Tomcat instance.
Creating SystemD Unit File #
Instead of using the shell scripts to start and stop the Tomcat server, we’ll set it to run as a service.
Open your text editor
and create a tomcat.service
unit file in the /etc/systemd/system/
directory:
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration:
/etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Modify the JAVA_HOME
variable if the path to your Java installation is different.
Save and close the file and notify systemd that a new unit file exists:
sudo systemctl daemon-reload
Enable and start the Tomcat service:
sudo systemctl enable --now tomcat
Check the service status:
sudo systemctl status tomcat
The output should show that the Tomcat server is enabled and running:
● tomcat.service - Tomcat 9 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago
Process: 5342 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5362 (java)
...
You can start, stop and restart Tomcat same as any other systemd service:
sudo systemctl start tomcat
sudo systemctl stop tomcat
sudo systemctl restart tomcat
Configuring Firewall #
If your server is protected by a firewall
and you want to access Tomcat from the outside of your local network, you need to open port 8080
.
Use the following command to open the necessary port:
sudo ufw allow 8080/tcp
.
It’s a best practice to allow access to port
8080
only from your internal network.Configuring Tomcat Web Management Interface #
At this point, you should be able to access Tomcat with a web browser on port 8080
. The web management interface is not accessible because we have not created a user yet.
Tomcat users and roles are defined in the tomcat-users.xml
file. This file is a template with comments and examples showing how to create a user or role.
In this example, we’ll create a user with “admin-gui” and “manager-gui” roles. The “admin-gui” role allows the user to access the /host-manager/html
URL and create, delete, and otherwise manage virtual hosts. The “manager-gui” role allows the user to deploy and undeploy web application without having to restart the entire container through the /host-manager/html
interface.
Open the tomcat-users.xml
file and create a new user, as shown below:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
/opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
Make sure you change the username and password to something more secure.
By default, Tomcat web management interface is configured to allow access to the Manager and Host Manager apps only from the localhost. To access the web interface from a remote IP, you will have to remove these restrictions. This may have various security implications, and it is not recommended for production systems.
To enable access to the web interface from anywhere, open the following two files and comment or remove the lines highlighted in yellow.
For the Manager app:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For the Host Manager app:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>
If you want to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list.
Let’s say your public IP is 41.41.41.41
and you want to allow access only from that IP:
context.xml
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>
The list of allowed IP addresses is a list separated with vertical bar |
. You can add single IP addresses or use a regular expressions.
Once done, restart the Tomcat service for changes to take effect:
sudo systemctl restart tomcat
Test the Tomcat Installation #
Open your browser and type: http://<your_domain_or_IP_address>:8080
Assuming the installation is successful, a screen similar to the following should appear:
Tomcat web application manager is available at: http://<your_domain_or_IP_address>:8080/manager/html
.
Tomcat virtual host manager is available at: http://<your_domain_or_IP_address>:8080/host-manager/html
.
Conclusion #
We’ve shown you how to install Tomcat 9.0 on CentOS 8 and how to access the Tomcat management interface.
For more information about Apache Tomcat, visit the official documentation page
.
If you hit a problem or have feedback, leave a comment below.
[ad_2]
Source link