This article was first published in: How to install Tomcat 9 - ITCoder on Ubuntu 20.04
This guide describes how to Ubuntu Install and configure Tomcat 9 on 20.04.
Apache Tomcat is an open source Web server and Java servlet container. It is the most popular choice in the world to build Java based websites and applications. Tomcat is lightweight, easy to use, and has a strong extended ecosystem.
1, Install Java
Tomcat 9 requires Java SE 8 or later to be installed on the system. We will install OpenJDK 11, an open source implementation of the Java platform.
Run the following command as root or other sudo user to update the package index and install the OpenJDK 11 JDK package
sudo apt update sudo apt install openjdk-11-jdk
Once the installation is complete, verify it by checking the Java version:
java -version
The output should look like this:
openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1) OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)
2, Create a system user
Running Tomcat as root has a security risk. We will create a system user and user group whose home directory is / opt/tomcat. We will use this user to run the Tomcat service. To do this, enter the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
3, Download Tomcat
Tomcat binary distribution in The Tomcat download page can be downloaded.
At the time of writing, the latest version of Tomcat was 9.0.35. Before proceeding to the next step, check the Tomcat 9 download page to see if an updated version can be downloaded.
Use wget to download the Tomcat zip file to the / tmp directory
VERSION=9.0.35
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmpOnce the download is complete, unzip the tar file to the / opt/tomcat Directory:
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
Tomcat regularly updates security patches and new features. To better upgrade the version and update, we will create a symbolic link called latest, pointing to the Tomcat installation directory.
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
Later, when you upgrade Tomcat, unzip the new version and modify the symbolic link to point to it.
The system user created earlier must have access to the tomcat installation directory. Modify the tomcat that the directory belongs to the user and user group:
sudo chown -R tomcat: /opt/tomcat
The shell script in Tomcat bin directory must be executable:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
These scripts will be used to start, stop, and other administrative operations on Tomcat.
4, Create SystemD unit file
Instead of using shell scripts to start and stop the Tomcat server, we will run it as a service.
Open your text editor and create a "Tomcat. Com" in / etc/systemd/system / Service unit file.
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration file:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
If your Java The installation path is different. Please modify it`JAVA_HOME`Environment variables.
Save and close the file and notify systemd that a new unit file exists:
sudo systemctl daemon-reload
Enable and start Tomcat service:
sudo systemctl enable --now tomcat
Check service status:
sudo systemctl status tomcat
The output should show that the Tomcat server is enabled and running:
● tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago Process: 5342 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 5362 (java) ...
You can start, stop and restart Tomcat like other systemd services:
sudo systemctl start tomcat sudo systemctl stop tomcat sudo systemctl restart tomcat
5, Configure firewall
If your server is protected by a firewall and you want to access your Tomcat from the outside, you need to open port 8080.
Use the following command to open the necessary ports:
sudo ufw allow 8080/tcp
Typically, when running in a production environment Tomcat You should use a load balancer or reverse proxy server. This is only allowed to access from your local network`8080`Port best practices.
6, Configure Tomcat web page management interface
At this point, you should access Tomcat through a browser on port 8080. The web management interface cannot be accessed because we haven't created a user yet.
Tomcat users and roles are defined in Tomcat users xml. This file is a template with comments and examples showing how to create a user and role.
In this example, we will create a user "admin GUI" and "manager GUI" role. This "admin GUI" role allows users to access / host Manager / htmlurl to create, delete and other management of virtual hosts. This "manager GUI" role allows users to deploy and undeploy web applications without restarting the entire container through the / host Manager / HTML interface.
Open Tomcat users XML file to create a new user, as follows:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users> <!-- Comments --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
Make sure you change your username and password more securely.
By default, the Tomcat web page management interface is configured to access the Manager and Host Manager application only from localhost. To access the web interface from remote IP, you need to remove these restrictions.
There may be some security risks, which we do not recommend in the production system.
If you want to access the web interface from anywhere, open two files of the configuration, comment or remove the part of the comment.
For Manager:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For Host Manager:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" > <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> --> </Context>
If you only want to access the web interface from the specified IP, don't comment on this paragraph, but add your public IP address.
If your public IP is 41.41.41.41 and you want to allow access to the web interface from that IP:
<Context antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" /> </Context>
The allowed IP list is separated by |. You can add a simple IP address or use regular expressions.
Once completed, restart the Tomcat service to make the application effective:
sudo systemctl restart tomcat
7, Test Tomcat installation
Open your browser and enter: http: / / < your_ domain_ or_ IP_ address>:8080
Assuming the installation is successful, a page similar to the following will appear:
Tomcat web application management:
http://<your_domain_or_IP_address>:8080/manager/html
Tomcat virtual host management:
http://<your_domain_or_IP_address>:8080/host-manager/html
8, Summary
We have shown you how to install Tomcat 9.0 on Ubuntu 20.04 and how to access the Tomcat management interface.
For more information about Apache Tomcat, visit Official document page.