Oct 1, 2020 6 min read

How to Install Tomcat 8.5 on CentOS 7

In this tutorial, you will install Tomcat 8.5 on CentOS 7. Tomcat is an open-source implementation of the Java Servlet. The JavaServer Pages, JavaExpression Language, and Java-WebSocket technologies.

How to Install Tomcat 8.5 on CentOS 7
Table of Contents


Before, we begin talking about how to install Tomcat 8.5 on CentOS 7. Let’s briefly understand - What is Tomcat?

Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, JavaExpression Language, and Java-WebSocket technologies.

In this tutorial, you will install Tomcat 8.5 on CentOS 7. We will also address FAQs related to the Tomcat installation.


  • A user with sudo privileges or with the root-user

Step 1 - Installing the OpenJDK

1) Tomcat 8.5 needs Java SE 7 version or later. Here, you will install OpenJDK 8. It is the open-source implementation of the Java Platform. Moreover, it is the default Java development and runtime in CentOS 7.

sudo yum install java-1.8.0-openjdk-devel

Step 2 - Creating the Tomcat System User

1) Running Tomcat as a root user is a security risk and hence is not recommended. Instead, you will create a new system user. Then, group it with home-directory /opt/tomcat. It will run the Tomcat service.

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Step 3 - Download Tomcat

1) Next, you will download the latest version of Tomcat 8.5.x from the Tomcat downloads page . Currently, the latest version is 8.5.37. Before continuing check the download page for any new version.

2) Now, navigate to the /tmp directory. Then, use wget to download the zip file, using the following command:

cd /tmp

wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.37/bin/apache-tomcat-8.5.37.zip

3) After the download is complete. Then, extract the zip file, and move it to the /opt/tomcat directory:

unzip apache-tomcat-*.zip

sudo mkdir -p /opt/tomcat

sudo mv apache-tomcat-8.5.37 /opt/tomcat/

4) Tomcat 8.5 is updated frequently. To have more control on versions and updates, you will need to create a symbolic-link latest. It will point to the Tomcat installation directory:

sudo ln -s /opt/tomcat/apache-tomcat-8.5.37 /opt/tomcat/latest

5) Now, the tomcat-user previously set up needs to have access to tomcat directory. So, change the directory ownership to the user. Then, group tomcat using the following command:

sudo chown -R tomcat: /opt/tomcat

6) After that, make the scripts inside bin directory executable by issuing the chmod command:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Step 4 - Creating a Systemd Unit File

1) So, you will now run Tomcat as a service. For that, you need to create a tomcat.service unit file in the /etc/systemd/system/ directory. Do it with the below contents:

Description=Tomcat 8.5 servlet container




Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"



2) Notify systemd of creation of a new unit file. Next, start the Tomcat service by executing:

sudo systemctl daemon-reload

sudo systemctl start tomcat

3) Now, check the service status. Do it with the below command:

sudo systemctl status tomcat

The output will be as below:


tomcat.service - Tomcat 8.5 servlet container
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)
   Active: active (running) since Mon 2020-09-28 16:30:48 UTC; 3s ago
  Process: 23826 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 23833 (java)
   CGroup: /system.slice/tomcat.service
           └─23833 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/opt/tomcat/latest/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.egd=fi...

4) Now, if there are no errors, you will enable the Tomcat-service to start automatically at boot-time:

sudo systemctl enable tomcat

Step 5 - Adjusting the Firewall

1) If the server has protection by a firewall and you want to access the tomcat-interface from outside of the local network. So, open the port 8080. You will use the below commands to open port:

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
In many cases, when running Tomcat in a production environment. You will use a load-balancer or reverse-proxy. The best practice to allow access to port 8080, is only to your internal network.

Step 6 - Configure the Tomcat Web Management Interface

1) The installation of Tomcat is complete. You can access it with a web browser on port 8080. But you cannot access the web management interface, as we have not created the user yet. The Tomcat-users and their roles are there in tomcat-users.xml file. If you open the file you will notice that it is full of comments. Even the examples describing how to configure file:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml

2) To add a new user, having access to the tomcat web interface (manager-GUI and admin-GUI). You will need to define the user in tomcat-users.xml file. Remember to change the username as well as password providing more security:

   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>

3) By default, the Tomcat web management interface is configured to allow access only from the localhost. If you want to access the web interface from a remote IP or from anywhere that is usually not right because it is a security risk. Therefore, open the following files. Next, comment or remove the below lines:

  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

4) Also, if you want to access the web interface only from a specific IP, instead of commenting on the blocks add your public IP to the list. Assume, your public IP is and you want to allow access only from that IP. Do it by:

<Context antiResourceLocking="false" privileged="true">
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|" />
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|" />

5) The list allowing IP addresses is a list with separation of the vertical bar |. You will add single IP addresses or use a regular expression.

6) You will now restart the Tomcat service for changes to take place:

sudo systemctl restart tomcat

Step 7 - Test the Installation

1) Next, open your browser and type: http://<your_domain_or_IP_address>:8080

After a successful installation, a screen similar to the following will appear:


2) The Tomcat web application manager dashboard is available at http://<your_domain_or_IP_address>:8080/manager/html. From now, you can deploy as well as un-deploy. Also, start, stop and even reload your applications.


3) Tomcat virtual host manager dashboard is available at http://<your_domain_or_IP_address>:8080/host-manager/html. Now, you can create, delete, and manage Tomcat virtual hosts.

Tomcat Virtual Host Manager

FAQs to Install Tomcat 8.5 on CentOS 7

1) Where to find the Jakarta-Tomcat?

The JK has moved to the Jakarta-Tomcat-connectors repository. Also, the source for JK is downloadable from a mirror at the Jakarta-source Download page. Additionally, the binaries for JK is downloadable from a mirror at Jakarta Binary Download-page.

2) How does Apache as well as Tomcat work together?

The Tomcat can also be run as the add-on to the Apache HTTP-Server. It runs as the Java servlet/JSP container. So, in this combination, Tomcat executes both the Java servlets and JSP. The Apache serves as the static HTML pages. In addition, it performs other server-side functions like CGI, PHP, SSI, etc.


We hope this detailed guide helped you to install Tomcat 8.5 on CentOS 7. To learn more about the Tomcat installation, check out the official Tomcat documentation.

If you have any queries, please leave a comment below and we’ll be happy to respond to them for sure.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.