How To Install Apache Tomcat 9.0 / 8.5 on CentOS 6 / RHEL 6


Apache Tomcat is an open-source web server and servlet container developed by the Apache Software Foundation (ASF).

Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Oracle and provides a “pure Java” HTTP web server environment for running the Java codes.

Apache Tomcat includes tools for configuration and management, but can also be configured by editing XML configuration files.

Here is the step by step guide to install Apache Tomcat 9.0 / 8.5 on CentOS 6 / RHEL 6.


Install Java

Tomcat requires to have a stable release of Java 8 or later installed on your machine. You can either install Oracle JDK or OpenJDK on your machine.

Here I will use OpenJDK.

yum install -y java-1.8.0 wget

You can also verify Java by issuing the following command.

java -version


openjdk version "1.8.0_222"
OpenJDK Runtime Environment (build 1.8.0_222-b10)
OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)

Create a Service Account

For best practice, Tomcat should never be run as a privileged user (root). So, create a low-privilege user for running the Tomcat service.

useradd -d /opt/tomcat  tomcat

Install Apache Tomcat

Download Apache Tomcat

Download Apache Tomcat from the official website.

### Apache Tomcat 9.0 ###


### Apache Tomcat 8.5 ###


Setup Apache Tomcat

Extract the tomcat on to your desired (/opt/tomcat) directory.

tar -zxvf apache-tomcat-*.tar.gz

mv apache-tomcat-*/* /opt/tomcat/

chown -R tomcat:tomcat /opt/tomcat/

Create Init Script

Apache Tomcat can be started and stopped manually by the script which comes with the package. But, here, we will use the init script to handle it.

vi /etc/init.d/tomcat9

Use the below information.

# chkconfig: 2345 95 20
# description: This application was developed by me and is tested on this server
# processname: my_app
# Tomcat 8 start/stop/status init.d script
# Initially forked from:
# @author: Miglen Evlogiev <[email protected]>
# Release updates:
# Updated method for gathering pid of the current proccess
# Added usage of CATALINA_BASE
# Added coloring and additional status
# Added check for existence of the tomcat user
# Added termination proccess
#Location of JAVA_HOME (bin files)
export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/
#Add Java binary files to PATH
export PATH=$JAVA_HOME/bin:$PATH
#CATALINA_HOME is the location of the bin files of Tomcat  
export CATALINA_HOME=/opt/tomcat/
#CATALINA_BASE is the location of the configuration files of this instance of Tomcat
export CATALINA_BASE=/opt/tomcat/
#TOMCAT_USER is the default user of tomcat
export TOMCAT_USER=tomcat
#TOMCAT_USAGE is the message if this script is called without any options
TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;31mkill\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}"
#SHUTDOWN_WAIT is wait time in seconds for java proccess to stop
tomcat_pid() {
        echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2`
start() {
  if [ -n "$pid" ]
    echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m"
    # Start tomcat
    echo -e "\e[00;32mStarting tomcat\e[00m"
    #ulimit -n 100000
    #umask 007
    #/bin/su -p -s /bin/sh $TOMCAT_USER
        if [ `user_exists $TOMCAT_USER` = "1" ]
                /bin/su $TOMCAT_USER -c $CATALINA_HOME/bin/
                sh $CATALINA_HOME/bin/
  return 0
          if [ -n "$pid" ]; then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m"
          else echo -e "\e[00;31mTomcat is not running\e[00m"

terminate() {
	echo -e "\e[00;31mTerminating Tomcat\e[00m"
	kill -9 $(tomcat_pid)

stop() {
  if [ -n "$pid" ]
    echo -e "\e[00;31mStoping Tomcat\e[00m"
    #/bin/su -p -s /bin/sh $TOMCAT_USER
        sh $CATALINA_HOME/bin/
    let kwait=$SHUTDOWN_WAIT
    until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ]
      echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m";
      sleep 1
      let count=$count+1;
    if [ $count -gt $kwait ]; then
      echo -n -e "\n\e[00;31mkilling processes didn't stop after $SHUTDOWN_WAIT seconds\e[00m"
    echo -e "\e[00;31mTomcat is not running\e[00m"
  return 0
        if id -u $1 >/dev/null 2>&1; then
        echo "1"
                echo "0"
case $1 in
		echo -e $TOMCAT_USAGE
exit 0

Credit: Timothy Hutz.

Set the script to be executable.

chmod +x /etc/init.d/tomcat9

Start Apache Tomcat

Start the service.

service tomcat9 start

You can verify the service running, by default tomcat runs on port no 8080

netstat -antup | grep 8080


tcp        0      0 :::8080                     :::*                        LISTEN      1526/java

Enable the Tomcat service to start automatically on system startup.

chkconfig --add tomcat9

chkconfig tomcat9 on


Allow Tomcat web application requests through the firewall.

iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

/etc/init.d/iptables save

Configure Apache Tomcat Web UI

Tomcat can be managed through the web-manager and virtual host manager. Both Web manager and Host manager are password protected and require username and password to access.

The user with manager-gui and admin-gui role have access to web application manager and host-manager, respectively. These users and roles are defined in tomcat-users.xml.

vi /opt/tomcat/conf/tomcat-users.xml

Place the following two lines just above the last line.

<role rolename="admin-gui,manager-gui"/>
<user username="admin" password="tomcat" roles="manager-gui,admin-gui"/>

For security reason, Web Manager and Host Manager are accessible only from the localhost, i.e., from the server itself.

To access web and host managers from the remote system, you would need to add your source network in the allow list. To do that, edit the below two files.

### Web Manager ###

vi /opt/tomcat/webapps/manager/META-INF/context.xml

### Host Manager ###

vi /opt/tomcat/webapps/host-manager/META-INF/context.xml

Update the below line on above files with source IP from which your accessing the web and host Manager. .* will allow everyone to have access to both managers.

allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|.*" />


You can also allow part of your network only. For example: To allow the network only, you can use the below values.

allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.*" />

Restart the Tomcat service.

service tomcat9 restart

Access Apache Tomcat

Open the web browser and point to

You would get the Tomcat default page.

Apache Tomcat Default Page
Apache Tomcat Default Page

Web Manager: – Login Required. Username: admin, Password: tomcat.

Login to Manager App
Login to Manager App

Here, you can deploy a new application, deploy a new application on specified context, list the active or inactive applications, start and stop the web applications.

Tomcat Web Application Manager
Tomcat Web Application Manager

Also, you can check the server status.

Tomcat Server Status
Tomcat Server Status

Host Manager: – Login Required. Username: admin, Password: tomcat.

Login to Tomcat Host Manager
Login to Tomcat Host Manager

Here, you can handle virtual hosts of Tomcat.

Tomcat Virtual Host Manager
Tomcat Virtual Host Manager


That’s All. I hope you have learned how to install Tomcat 9 on CentOS 6 / RHEL 6. You are now ready to deploy your first web application. As a security recommendation, consider implementing SSL/TLS for Tomcat

You might also like