How to Install Tomcat 8.5 on CentOS 7
Introduction
Before, we begin talking about how to install Tomcat 8.5 on CentOS 7. Let’s briefly understand - What is Tomcat?
Tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, JavaExpression Language, and Java-WebSocket technologies.
In this tutorial, you will install Tomcat 8.5 on CentOS 7. We will also address FAQs related to the Tomcat installation.
Prerequisites
- A user with sudo privileges or with the root-user
Step 1 - Installing the OpenJDK
1) Tomcat 8.5 needs Java SE 7 version or later. Here, you will install OpenJDK 8. It is the open-source implementation of the Java Platform. Moreover, it is the default Java development and runtime in CentOS 7.
sudo yum install java-1.8.0-openjdk-devel
Step 2 - Creating the Tomcat System User
1) Running Tomcat as a root user is a security risk and hence is not recommended. Instead, you will create a new system user. Then, group it with home-directory /opt/tomcat
. It will run the Tomcat service.
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Step 3 - Download Tomcat
1) Next, you will download the latest version of Tomcat 8.5.x from the Tomcat downloads page . Currently, the latest version is 8.5.37. Before continuing check the download page for any new version.
2) Now, navigate to the /tmp
directory. Then, use wget to download the zip file, using the following command:
cd /tmp
wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.37/bin/apache-tomcat-8.5.37.zip
3) After the download is complete. Then, extract the zip file, and move it to the /opt/tomcat
directory:
unzip apache-tomcat-*.zip
sudo mkdir -p /opt/tomcat
sudo mv apache-tomcat-8.5.37 /opt/tomcat/
4) Tomcat 8.5 is updated frequently. To have more control on versions and updates, you will need to create a symbolic-link latest
. It will point to the Tomcat installation directory:
sudo ln -s /opt/tomcat/apache-tomcat-8.5.37 /opt/tomcat/latest
5) Now, the tomcat-user previously set up needs to have access to tomcat directory. So, change the directory ownership to the user. Then, group tomcat using the following command:
sudo chown -R tomcat: /opt/tomcat
6) After that, make the scripts inside bin
directory executable by issuing the chmod
command:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 4 - Creating a Systemd Unit File
1) So, you will now run Tomcat as a service. For that, you need to create a tomcat.service
unit file in the /etc/systemd/system/
directory. Do it with the below contents:
[Unit]
Description=Tomcat 8.5 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
2) Notify systemd of creation of a new unit file. Next, start the Tomcat service by executing:
sudo systemctl daemon-reload
sudo systemctl start tomcat
3) Now, check the service status. Do it with the below command:
sudo systemctl status tomcat
The output will be as below:
Output
tomcat.service - Tomcat 8.5 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2020-09-28 16:30:48 UTC; 3s ago
Process: 23826 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 23833 (java)
CGroup: /system.slice/tomcat.service
└─23833 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/opt/tomcat/latest/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.egd=fi...
4) Now, if there are no errors, you will enable the Tomcat-service to start automatically at boot-time:
sudo systemctl enable tomcat
Step 5 - Adjusting the Firewall
1) If the server has protection by a firewall and you want to access the tomcat-interface from outside of the local network. So, open the port 8080
. You will use the below commands to open port:
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
Step 6 - Configure the Tomcat Web Management Interface
1) The installation of Tomcat is complete. You can access it with a web browser on port 8080
. But you cannot access the web management interface, as we have not created the user yet. The Tomcat-users and their roles are there in tomcat-users.xml
file. If you open the file you will notice that it is full of comments. Even the examples describing how to configure file:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
2) To add a new user, having access to the tomcat web interface (manager-GUI and admin-GUI). You will need to define the user in tomcat-users.xml
file. Remember to change the username as well as password providing more security:
<tomcat-users>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
3) By default, the Tomcat web management interface is configured to allow access only from the localhost. If you want to access the web interface from a remote IP or from anywhere that is usually not right because it is a security risk. Therefore, open the following files. Next, comment or remove the below lines:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
4) Also, if you want to access the web interface only from a specific IP, instead of commenting on the blocks add your public IP to the list. Assume, your public IP is 31.31.31.31
and you want to allow access only from that IP. Do it by:
<Context antiResourceLocking="false" privileged="true">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|31.31.31.31" />
</Context>
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|31.31.31.31" />
</Context>
5) The list allowing IP addresses is a list with separation of the vertical bar |
. You will add single IP addresses or use a regular expression.
6) You will now restart the Tomcat service for changes to take place:
sudo systemctl restart tomcat
Step 7 - Test the Installation
1) Next, open your browser and type: http://<your_domain_or_IP_address>:8080
After a successful installation, a screen similar to the following will appear:
2) The Tomcat web application manager dashboard is available at http://<your_domain_or_IP_address>:8080/manager/html
. From now, you can deploy as well as un-deploy. Also, start, stop and even reload your applications.
3) Tomcat virtual host manager dashboard is available at http://<your_domain_or_IP_address>:8080/host-manager/html
. Now, you can create, delete, and manage Tomcat virtual hosts.
FAQs to Install Tomcat 8.5 on CentOS 7
1) Where to find the Jakarta-Tomcat?
The JK has moved to the Jakarta-Tomcat-connectors repository. Also, the source for JK is downloadable from a mirror at the Jakarta-source Download page. Additionally, the binaries for JK is downloadable from a mirror at Jakarta Binary Download-page.
2) How does Apache as well as Tomcat work together?
The Tomcat can also be run as the add-on to the Apache HTTP-Server. It runs as the Java servlet/JSP container. So, in this combination, Tomcat executes both the Java servlets and JSP. The Apache serves as the static HTML pages. In addition, it performs other server-side functions like CGI, PHP, SSI, etc.
Conclusion
We hope this detailed guide helped you to install Tomcat 8.5 on CentOS 7. To learn more about the Tomcat installation, check out the official Tomcat documentation.
If you have any queries, please leave a comment below and we’ll be happy to respond to them for sure.