Installing Apache Tomcat on CentOS 8
Updated by Linode Written by Rajakavitha Kodhandapani
Apache Tomcat is an open-source software implementation of the Java Servlet and Java Server Pages technologies. With this guide, you’ll run applications within Tomcat using the OpenJDK implementation of the Java development environment.
Before You Begin
Follow our Securing Your Server guide to create a standard user account, harden SSH access, remove unnecessary network services and create firewall rules for your web server; you may need to make additional firewall exceptions for your specific application.
This guide is written for a non-root user. Commands that require elevated privileges are prefixed with
sudo. If you’re not familiar with the
sudocommand, visit our Users and Groups guide.
All configuration files should be edited with elevated privileges. Remember to include
sudobefore running your text editor.
Install the Java Development Kit.
sudo yum install java-1.8.0-openjdk-headless
Run the following commands to check the version of java that is installed.
java -version javac -version
tarutilities. You will need these in a later section to install the Apache Tomcat 9.
sudo yum install wget -y && sudo yum install tar
Download and Install Apache Tomcat
Create a directory to download Apache Tomcat 9:
sudo mkdir /usr/local/tomcat
/usr/local/tomcatand download Apache Tomcat 9. As of writing this guide, Tomcat 9.0.33 is the latest version. See Apache Tomcat’s download page for their latest core tarball:
sudo wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.33/bin/apache-tomcat-9.0.33.tar.gz
CautionEnsure that the version number matches the Tomcat 9 version you wish to download.
Extract the downloaded tarball’s contents into
sudo tar xvf apache-tomcat-9.0.33.tar.gz --strip-components=1 -C /usr/local/tomcat
Create a symbolic link to the latest version of Tomcat, that points to the Tomcat installation directory:
sudo ln -s /usr/local/tomcat/apache-tomcat-9.0.33 /usr/local/tomcat/tomcat
tomcatuser and change the directory ownership to
sudo useradd -r tomcat sudo chown -R tomcat:tomcat /usr/local/tomcat
Create a new
/etc/systemd/system/tomcat.service, in the text editor of your choice with the following details:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
[Unit] Description=Tomcat Server After=syslog.target network.target [Service] Type=forking User=tomcat Group=tomcat Environment=JAVA_HOME=/usr/lib/jvm/jre Environment='JAVA_OPTS=-Djava.awt.headless=true' Environment=CATALINA_HOME=/usr/local/tomcat Environment=CATALINA_BASE=/usr/local/tomcat Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid Environment='CATALINA_OPTS=-Xms512M -Xmx1024M' ExecStart=/usr/local/tomcat/bin/catalina.sh start ExecStop=/usr/local/tomcat/bin/catalina.sh stop [Install] WantedBy=multi-user.target
systemddaemon to let it know about the
tomcat.servicethat you created:
sudo systemctl daemon-reload
Start and enable the Tomcat server:
sudo systemctl enable tomcat sudo systemctl start tomcat
Configure your firewall to access the Tomcat server on port 8080:
sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp sudo firewall-cmd --reload
Test and Use Tomcat
You can test your Tomcat installation by pointing your browser at your domain name specifying port
8080. For example, you might use
example.com with your domain name. Note that Tomcat listens on network port 8080 and does not accept forced HTTPS connections by default. By default, Tomcat configuration files are located in the
Configure tomcat9-admin (optional)
To use the
tomcat9-adminweb application, add the following lines to the end of your
/usr/local/tomcat/conf/tomcat-users.xmlfile before the
</tomcat-users>line, substituting your own username and secure password. If using Tomcat Admin, include both the “manager-gui” role for the manager and the “admin-gui” role for the host-manager application.
1 2 3
<role rolename="manager-gui"/> <role rolename="admin-gui"/> <user username="username" password="password" roles="manager-gui,admin-gui"/>
NoteIf you are not using the web application and plan to manage your application(s) from the command line only, you should not enter these lines, because doing so may expose your server to unauthorized login attempts.
For Tomcat versions 8+ the managers have been pre-configured to only allow access from the same IP of the server where it’s installed. If you’re trying to access it from a browser remotely, you’ll need to comment out this configuration in the file
1 2 3 4 5 6
... <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> --> ...
Restart the Tomcat server, which will allow these changes to take effect:
sudo systemctl restart tomcat
You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.
Join our Community
This guide is published under a CC BY-ND 4.0 license.