How To Install Apache Tomcat 10/9 on CentOS 8 / RHEL 8
Abstract: tomcat /opt/tomcat/ Create Systemd file We can configure the systemd to start the Tomcat service for yousystemctl status tomcat Tomcat Service Status
Apache Tomcat is an open-source Java HTTP web server developed by the Apache Software Foundation (ASF). Tomcat helps to deploy the Java Servlet and the JavaServer Pages (JSP) and serves them like an HTTP web server.
In this post, we will see how to install Apache Tomcat 10/9 on CentOS 8 / RHEL 8.
Prerequisites Install JavaTomcat requires Java 8 or above to be installed on your machine. You can install any stable version of Oracle JDK or OpenJDK.
READ: How To Install Oracle JAVA on CentOS 8 / RHEL 8
For this post, I am using OpenJDK.
yum install -y java curl tar
Verify the Java installation by issuing the following command.
java -version
Output:
openjdk version "1.8.0_275" OpenJDK Runtime Environment (build 1.8.0_275-b01) OpenJDK 64-Bit Server VM (build 25.275-b01, mixed mode)Create Tomcat Service Account
As a best practice, the Tomcat service should not be run as the root user. So, create a regular Linux user for running the Tomcat service.
useradd -d /opt/tomcat -s /bin/nologin tomcatInstall Apache Tomcat Download Tomcat
Download Apache Tomcat from the official website and save it in your working directory.
At the time of writing this article, Tomcat v9.0.22 is available for installation.
BrowserDownload Apache Tomcat 10
Download Apache Tomcat 9.0
Terminal### Apache Tomcat 10.x curl https://downloads.apache.org/tomcat/tomcat-10/v10.0.4/bin/apache-tomcat-10.0.4.tar.gz -o apache-tomcat-10.0.4.tar.gz ### Apache Tomcat 9.x curl https://downloads.apache.org/tomcat/tomcat-9/v9.0.44/bin/apache-tomcat-9.0.44.tar.gz -o apache-tomcat-9.0.44.tar.gzSetup Tomcat
Extract the Tomcat tarball and move it to your desired (/opt/tomcat) directory.
tar -zxvf apache-tomcat-*.tar.gz mv apache-tomcat-*/* /opt/tomcat/
Change the ownership of the directory to the tomcat user.
chown -R tomcat:tomcat /opt/tomcat/Create Systemd file
We can configure the systemd to start the Tomcat service for you, and it also helps us to autostart Apache Tomcat service on the system start.
Tomcat’s systemd service file requires a Java installation location. So, list the available Java versions on your system using the following command.
alternatives --list | grep ^java
Output:
java auto /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0.x86_64/jre/bin/java
At this time, I only have Java 1.8 on my system.
Create a tomcat systemd service file.
vi /etc/systemd/system/tomcat.service
Add the below information to the systemd service file. Change values according to your environment.
[Unit] Description=Apache Tomcat Web Application Container Wants=network.target After=network.target [Service] Type=forking Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el8_0.x86_64/jre Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid Environment=CATALINA_HOME=/opt/tomcat Environment='CATALINA_OPTS=-Xms512M -Xmx1G -Djava.net.preferIPv4Stack=true' Environment='JAVA_OPTS=-Djava.awt.headless=true' ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh SuccessExitStatus=143 User=tomcat Group=tomcat UMask=0007 RestartSec=10 Restart=always [Install] WantedBy=multi-user.targetSELinux
Consider disabling SELinux if it blocks starting the tomcat.
setenforce 0 sed -i 's/ELINUX=enforcing/ELINUX=disabled/g' /etc/selinux/configStart Apache Tomcat
Reload systemd daemon.
systemctl daemon-reload
To start the Tomcat service; run:
systemctl start tomcat
Check the status of Tomcat, run:
systemctl status tomcatTomcat Service Status
Enable Tomcat service to autostart on system start.
systemctl enable tomcat
By default, Tomcat runs on port 8080. Use the netstat command to check if the service is listening on port 8080 or not.
netstat -antup | grep 8080
Output:
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2904/javaFirewall
Allow port 8080 in the firewall so that we can access Apache Tomcat from external networks.
firewall-cmd --permanent --add-port=8080/tcp firewall-cmd --reloadConfigure Apache Tomcat Web UI
Apache Tomcat can be managed through the Web Manager.
With Web Manager, you can
- Deploy new applications
- Deploy new applications in the specified context
- List the active or inactive applications
- Start and stop the web applications
Also, Tomcat has the Host Manager to manage its virtual hosts.
User ManagementBoth The Web and Host Manager are password-protected, require a username and password to access.
Only the user with the 「manager-gui」 and 「admin-gui」 role is allowed to access the Web and Host manager respectively.
These users and roles are defined in tomcat-users.xml.
vi /opt/tomcat/conf/tomcat-users.xml
Place the following two lines just above the last line.
<role rolename="admin-gui,manager-gui"/> <user username="admin" password="tomcat" roles="manager-gui,admin-gui"/>Allow Access
For security reason, both Web and Host Manager is accessible only from localhost, i.e., from the server itself.
To enable access for Web and Host manager from remote systems, you need to add your network to the allow list.
To do that, follow the steps.
Web Managervi /opt/tomcat/webapps/manager/META-INF/context.xml
Update the below line with the source IP from which you’re accessing the Web and Host Manager.
Allow everyone.* will allow everyone to have access to the Web manager.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|.*" />
Allow Org network
You can also allow only your organization network. For example: To allow the 192.168.1.0/24 network only, you can use the below values.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.*" />
Host Manager
vi /opt/tomcat/webapps/host-manager/META-INF/context.xml
Update the below line with the source IP from which you’re accessing the Host Manager.
Allow everyone.* will allow everyone to have access to the Host manager.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|.*" />
Allow Org network
You can also allow only your organization network. For example: To allow the 192.168.1.0/24 network only, you can use the below values.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.*" />
Restart the Tomcat service.
systemctl restart tomcatAccess Tomcat
Open the web browser and point it to:
http://ip.add.re.ss:8080You will now get Tomcat’s default page.
Apache Tomcat 10 Default PageManager App (manager-gui): – Login Required. Username: admin, Password: tomcat.
Login AccessHere, you can deploy an application, deploy an application in a specified context, start, stop, reload, and un-deploy an application.
Tomcat Web Application ManagerAlso, you can see the Tomcat server status.
Tomcat Server StatusHost Manager (admin-gui): – Login Required. Username: admin, Password: tomcat.
Here, you can manage Tomcat’s virtual hosts.
Tomcat Virtual Host Manager ConclusionThat’s All. I hope you have learned how to install Tomcat 10/9 on CentOS 8 / RHEL 8. You are now ready for your first web application. As a security recommendation, consider implementing SSL/TLS for Tomcat