Apache Tomcat is an open-source web server and servlet container developed by the Apache Software Foundation (ASF).
Tomcat implements the Java Servlet and the JavaServer Pages (JSP) specifications from Oracle and provides a “pure Java” HTTP web server environment for running the Java codes.
Apache Tomcat includes tools for configuration and management, but can also be configured by editing XML configuration files.
Here is the step by step guide to install Apache Tomcat 9.0 / 8.5 on CentOS 6 / RHEL 6.
Prerequisites
Install Java
Tomcat requires to have a stable release of Java 8 or later installed on your machine. You can either install Oracle JDK or OpenJDK on your machine.
Here I will use OpenJDK.
yum install -y java-1.8.0 wget
You can also verify Java by issuing the following command.
java -version
Output:
openjdk version "1.8.0_222" OpenJDK Runtime Environment (build 1.8.0_222-b10) OpenJDK 64-Bit Server VM (build 25.222-b10, mixed mode)
Create a Service Account
For best practice, Tomcat should never be run as a privileged user (root). So, create a low-privilege user for running the Tomcat service.
useradd -d /opt/tomcat tomcat
Install Apache Tomcat
Download Apache Tomcat
Download Apache Tomcat from the official website.
### Apache Tomcat 9.0 ### wget https://www-us.apache.org/dist/tomcat/tomcat-9/v9.0.22/bin/apache-tomcat-9.0.22.tar.gz ### Apache Tomcat 8.5 ### wget https://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.43/bin/apache-tomcat-8.5.43.tar.gz
Setup Apache Tomcat
Extract the tomcat on to your desired (/opt/tomcat) directory.
tar -zxvf apache-tomcat-*.tar.gz mv apache-tomcat-*/* /opt/tomcat/ chown -R tomcat:tomcat /opt/tomcat/
Create Init Script
Apache Tomcat can be started and stopped manually by the script which comes with the package. But, here, we will use the init script to handle it.
vi /etc/init.d/tomcat9
Use the below information.
#!/bin/bash # chkconfig: 2345 95 20 # description: This application was developed by me and is tested on this server # processname: my_app # # Tomcat 8 start/stop/status init.d script # Initially forked from: https://gist.github.com/valotas/1000094 # @author: Miglen Evlogiev <[email protected]> # # Release updates: # Updated method for gathering pid of the current proccess # Added usage of CATALINA_BASE # Added coloring and additional status # Added check for existence of the tomcat user # Added termination proccess #Location of JAVA_HOME (bin files) export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64/ #Add Java binary files to PATH export PATH=$JAVA_HOME/bin:$PATH #CATALINA_HOME is the location of the bin files of Tomcat export CATALINA_HOME=/opt/tomcat/ #CATALINA_BASE is the location of the configuration files of this instance of Tomcat export CATALINA_BASE=/opt/tomcat/ #TOMCAT_USER is the default user of tomcat export TOMCAT_USER=tomcat #TOMCAT_USAGE is the message if this script is called without any options TOMCAT_USAGE="Usage: $0 {\e[00;32mstart\e[00m|\e[00;31mstop\e[00m|\e[00;31mkill\e[00m|\e[00;32mstatus\e[00m|\e[00;31mrestart\e[00m}" #SHUTDOWN_WAIT is wait time in seconds for java proccess to stop SHUTDOWN_WAIT=20 tomcat_pid() { echo `ps -fe | grep $CATALINA_BASE | grep -v grep | tr -s " "|cut -d" " -f2` } start() { pid=$(tomcat_pid) if [ -n "$pid" ] then echo -e "\e[00;31mTomcat is already running (pid: $pid)\e[00m" else # Start tomcat echo -e "\e[00;32mStarting tomcat\e[00m" #ulimit -n 100000 #umask 007 #/bin/su -p -s /bin/sh $TOMCAT_USER if [ `user_exists $TOMCAT_USER` = "1" ] then /bin/su $TOMCAT_USER -c $CATALINA_HOME/bin/startup.sh else sh $CATALINA_HOME/bin/startup.sh fi status fi return 0 } status(){ pid=$(tomcat_pid) if [ -n "$pid" ]; then echo -e "\e[00;32mTomcat is running with pid: $pid\e[00m" else echo -e "\e[00;31mTomcat is not running\e[00m" fi } terminate() { echo -e "\e[00;31mTerminating Tomcat\e[00m" kill -9 $(tomcat_pid) } stop() { pid=$(tomcat_pid) if [ -n "$pid" ] then echo -e "\e[00;31mStoping Tomcat\e[00m" #/bin/su -p -s /bin/sh $TOMCAT_USER sh $CATALINA_HOME/bin/shutdown.sh let kwait=$SHUTDOWN_WAIT count=0; until [ `ps -p $pid | grep -c $pid` = '0' ] || [ $count -gt $kwait ] do echo -n -e "\n\e[00;31mwaiting for processes to exit\e[00m"; sleep 1 let count=$count+1; done if [ $count -gt $kwait ]; then echo -n -e "\n\e[00;31mkilling processes didn't stop after $SHUTDOWN_WAIT seconds\e[00m" terminate fi else echo -e "\e[00;31mTomcat is not running\e[00m" fi return 0 } user_exists(){ if id -u $1 >/dev/null 2>&1; then echo "1" else echo "0" fi } case $1 in start) start ;; stop) stop ;; restart) stop start ;; status) status ;; kill) terminate ;; *) echo -e $TOMCAT_USAGE ;; esac exit 0
Credit: Timothy Hutz.
Set the script to be executable.
chmod +x /etc/init.d/tomcat9
Start Apache Tomcat
Start the service.
service tomcat9 start
You can verify the service running, by default tomcat runs on port no 8080
netstat -antup | grep 8080
Output:
tcp 0 0 :::8080 :::* LISTEN 1526/java
Enable the Tomcat service to start automatically on system startup.
chkconfig --add tomcat9 chkconfig tomcat9 on
Firewall
Allow Tomcat web application requests through the firewall.
iptables -I INPUT -p tcp -m tcp --dport 8080 -j ACCEPT /etc/init.d/iptables save
Configure Apache Tomcat Web UI
Tomcat can be managed through the web-manager and virtual host manager. Both Web manager and Host manager are password protected and require username and password to access.
The user with manager-gui and admin-gui role have access to web application manager and host-manager, respectively. These users and roles are defined in tomcat-users.xml.
vi /opt/tomcat/conf/tomcat-users.xml
Place the following two lines just above the last line.
<role rolename="admin-gui,manager-gui"/> <user username="admin" password="tomcat" roles="manager-gui,admin-gui"/>
For security reason, Web Manager and Host Manager are accessible only from the localhost, i.e., from the server itself.
To access web and host managers from the remote system, you would need to add your source network in the allow list. To do that, edit the below two files.
### Web Manager ### vi /opt/tomcat/webapps/manager/META-INF/context.xml ### Host Manager ### vi /opt/tomcat/webapps/host-manager/META-INF/context.xml
Update the below line on above files with source IP from which your accessing the web and host Manager. .* will allow everyone to have access to both managers.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|.*" />OR
You can also allow part of your network only. For example: To allow the 192.168.1.0/24 network only, you can use the below values.
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.1.*" />Restart the Tomcat service.
service tomcat9 restart
Access Apache Tomcat
Open the web browser and point to
You would get the Tomcat default page.
Web Manager: – Login Required. Username: admin, Password: tomcat.
Here, you can deploy a new application, deploy a new application on specified context, list the active or inactive applications, start and stop the web applications.
Also, you can check the server status.
Host Manager: – Login Required. Username: admin, Password: tomcat.
Here, you can handle virtual hosts of Tomcat.
Conclusion
That’s All. I hope you have learned how to install Tomcat 9 on CentOS 6 / RHEL 6. You are now ready to deploy your first web application. As a security recommendation, consider implementing SSL/TLS for Tomcat