Installing Apache Tomcat on CentOS 8

Updated by Linode Written by Rajakavitha Kodhandapani

Contribute on GitHub

Report an Issue | View File | Edit File

Apache Tomcat is an open-source software implementation of the Java Servlet and Java Server Pages technologies. With this guide, you’ll run applications within Tomcat using the OpenJDK implementation of the Java development environment.

Before You Begin

  1. Familiarize yourself with our Getting Started guide and complete the steps for setting your Linode’s hostname and timezone.

  2. Follow our Securing Your Server guide to create a standard user account, harden SSH access, remove unnecessary network services and create firewall rules for your web server; you may need to make additional firewall exceptions for your specific application.

    Note

    This guide is written for a non-root user. Commands that require elevated privileges are prefixed with sudo. If you’re not familiar with the sudo command, visit our Users and Groups guide.

    All configuration files should be edited with elevated privileges. Remember to include sudo before running your text editor.

  3. Install the Java Development Kit.

    sudo yum install java-1.8.0-openjdk-headless
    
  4. Run the following commands to check the version of java that is installed.

    java -version
    javac -version
    
  5. Install the wget and tar utilities. You will need these in a later section to install the Apache Tomcat 9.

    sudo yum install wget -y && sudo yum install tar
    

Download and Install Apache Tomcat

  1. Create a directory to download Apache Tomcat 9:

    sudo mkdir /usr/local/tomcat
    
  2. Change to /usr/local/tomcat and download Apache Tomcat 9. As of writing this guide, Tomcat 9.0.33 is the latest version. See Apache Tomcat’s download page for their latest core tarball:

    sudo wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.33/bin/apache-tomcat-9.0.33.tar.gz
    
    Caution
    Ensure that the version number matches the Tomcat 9 version you wish to download.
  3. Extract the downloaded tarball’s contents into /usr/local/tomcat directory:

    sudo tar xvf apache-tomcat-9.0.33.tar.gz --strip-components=1 -C /usr/local/tomcat
    
  4. Create a symbolic link to the latest version of Tomcat, that points to the Tomcat installation directory:

    sudo ln -s /usr/local/tomcat/apache-tomcat-9.0.33 /usr/local/tomcat/tomcat
    
  5. Create a tomcat user and change the directory ownership to tomcat:

    sudo useradd -r tomcat
    sudo chown -R tomcat:tomcat /usr/local/tomcat
    
  6. Create a new systemd service file, /etc/systemd/system/tomcat.service, in the text editor of your choice with the following details:

    /etc/systemd/system/tomcat.service
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    
    [Unit]
    Description=Tomcat Server
    After=syslog.target network.target
    
    [Service]
    Type=forking
    User=tomcat
    Group=tomcat
    
    Environment=JAVA_HOME=/usr/lib/jvm/jre
    Environment='JAVA_OPTS=-Djava.awt.headless=true'
    Environment=CATALINA_HOME=/usr/local/tomcat
    Environment=CATALINA_BASE=/usr/local/tomcat
    Environment=CATALINA_PID=/usr/local/tomcat/temp/tomcat.pid
    Environment='CATALINA_OPTS=-Xms512M -Xmx1024M'
    ExecStart=/usr/local/tomcat/bin/catalina.sh start
    ExecStop=/usr/local/tomcat/bin/catalina.sh stop
    
    [Install]
    WantedBy=multi-user.target
  7. Reload the systemd daemon to let it know about the tomcat.service that you created:

    sudo systemctl daemon-reload
    
  8. Start and enable the Tomcat server:

    sudo systemctl enable tomcat
    sudo systemctl start tomcat
    
  9. Configure your firewall to access the Tomcat server on port 8080:

    sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
    sudo firewall-cmd --reload
    

Test and Use Tomcat

You can test your Tomcat installation by pointing your browser at your domain name specifying port 8080. For example, you might use http://example.com:8080/, replacing example.com with your domain name. Note that Tomcat listens on network port 8080 and does not accept forced HTTPS connections by default. By default, Tomcat configuration files are located in the /usr/local/tomcat/conf directory.

Configure tomcat9-admin (optional)

  1. To use the tomcat9-admin web application, add the following lines to the end of your /usr/local/tomcat/conf/tomcat-users.xml file before the </tomcat-users> line, substituting your own username and secure password. If using Tomcat Admin, include both the “manager-gui” role for the manager and the “admin-gui” role for the host-manager application.

    /usr/local/tomcat/conf/tomcat-users.xml
    1
    2
    3
    
    <role rolename="manager-gui"/>
    <role rolename="admin-gui"/>
    <user username="username" password="password" roles="manager-gui,admin-gui"/>
    Note
    If you are not using the web application and plan to manage your application(s) from the command line only, you should not enter these lines, because doing so may expose your server to unauthorized login attempts.
  2. For Tomcat versions 8+ the managers have been pre-configured to only allow access from the same IP of the server where it’s installed. If you’re trying to access it from a browser remotely, you’ll need to comment out this configuration in the file /usr/local/tomcat/webapps/manager/META-INF/context.xml.

    /usr/local/tomcat/webapps/manager/META-INF/context.xml
    1
    2
    3
    4
    5
    6
    
    ...
    <!--
      <Valve className="org.apache.catalina.valves.RemoteAddrValve"
             allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
    -->
    ...
  3. Restart the Tomcat server, which will allow these changes to take effect:

    sudo systemctl restart tomcat
    

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

Join our Community

Find answers, ask questions, and help others.

comments powered by Disqus

This guide is published under a CC BY-ND 4.0 license.