This article was first published in: https://www.itcoder.tech/posts/how-to-install-tomcat-9-on-ubuntu-20-04/
This guide describes how to install and configure Tomcat 9 on Ubuntu 20.04.
Apache Tomcat is an open source Web server and Java servlet container.It is the most popular choice in the world for building Java-based websites and applications.Tomcat is lightweight, easy to use, and has a robust extended ecosystem.
1. Install Java
Tomcat 9 requires Java SE 8 or a newer version to be installed on the system.We will install OpenJDK 11, an open source implementation of the Java platform.
Run the following command as a root or other sudo user to update the package index and install the OpenJDK 11 JDK package:
sudo apt update sudo apt install openjdk-11-jdk
Once the installation is complete, verify it by checking the Java version:
java -version
The output should look like this:
openjdk version "11.0.7" 2020-04-14 OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1) OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)
2. Create a System User
Running Tomcat as root has a security risk.We will create a system user and user group whose home directory is/opt/tomcat.We will use this user to run the Tomcat service.To do this, type the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
3. Download Tomcat
Tomcat binary distribution in The Tomcat download page is available for download.
Just as I was writing, the latest Tomcat version was 9.0.35.Before proceeding to the next step, check the Tomcat 9 download page to see if an updated version is available for download.
Use wget to download the Tomcat zip file to the / tmp directory:
VERSION=9.0.35 wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp
Once the download is complete, unzip the tar file to the / opt/tomcat directory:
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
Tomcat regularly updates security patches and new features.To better upgrade versions and updates, we'll create a symbolic link called latest that points to the Tomcat installation directory.
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
Later, when Tomcat is upgraded, unzip the new version and modify the symbolic link to point to it.
The system user you created earlier must have access to the Tomcat installation directory.Modify directory attribution to user and user group tomcat:
sudo chown -R tomcat: /opt/tomcat
The shell script in the Tomcat bin directory must be executable:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
These scripts will be used to start, stop, and other administrative operations on Tomcat.
4. Create SystemD Cell File
We'll run the Tomcat server as a service instead of using a shell script to start and stop it.
Open your text editor and create one in the / etc/systemd/system/directoryTomcat.serviceCell file.
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration file:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
If your Java installation path is different, please modify `JAVA_HOME`Environment variable.
Save and close the file, notifying systemd that a new cell file exists:
sudo systemctl daemon-reload
Enable and start the Tomcat service:
sudo systemctl enable --now tomcat
Check service status:
sudo systemctl status tomcat
The output should show that the Tomcat server is enabled and running:
● tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago Process: 5342 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 5362 (java) ...
You can start, stop, and restart Tomcat just like any other systemd service:
sudo systemctl start tomcat sudo systemctl stop tomcat sudo systemctl restart tomcat
5. Configuring firewalls
If your server is firewalled and you want to access your Tomcat from outside, you need to open port 8080.
Use the following command to open the necessary ports:
sudo ufw allow 8080/tcp
Typically, when running Tomcat in a production environment, you should use a load balancing or reverse proxy server.This is a best practice to only allow access to port `8080'from your local network.
6. Configure Tomcat Web page management interface
At this point, you should access Tomcat through a browser on port 8080.The Web page management interface is not accessible because we have not created a user yet.
Tomcat users and roles are defined in tomcat-users.xml.This file is a template with comments and examples showing how to create a user and role.
In this example, we will create a user "admin-gui" and "manager-gui" role.This "admin-gui" role allows users to access/host-manager/html URLs to create, delete, and manage other virtual hosts.This "manager-gui" role allows users to deploy and undeploy web applications without restarting the entire container through the/host-manager/html interface.
Open tomcat-Users.xmlFile to create a new user, like the following:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users> <!-- Comments --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
Make sure you modify your username and password more securely.
By default, the Tomcat Web page management interface is configured to access Manager and Host Manager applications only from localhost.To access the web interface from a remote IP, you need to remove these restrictions.
This may pose some security risks, which we do not recommend in production systems.
To have access to the web interface from anywhere, open the two configured files, comment or remove the commented sections.
For Manager:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For Host Manager:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" > <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> --> </Context>
If you only want to access the web interface from the specified IP, do not comment on this paragraph, but add your public IP address.
Suppose you have a public IP of 41.41.41.41 and you want to allow access to the web interface from that IP:
<Context antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" /> </Context>
The list of allowed IPs is separated by |.You can add a simple IP address or use a regular expression.
Once completed, restart the Tomcat service for the application to take effect:
sudo systemctl restart tomcat
7. Testing Tomcat installation
Open your browser and enter: http://<your_Domain_Or_IP_Address>:8080
Assuming the installation is successful, a page like the following will appear:
{{< figure src="/img/linuxize/ubuntu/tomcat-home.jpg" link="https://cloud.tencent.com/act/cps/redirect?redirect=1040&cps_key=7ad172f808f30965a01c05887137e4d8&from=console" target="blank" >}}
Tomcat web application management in:
http://<your_domain_or_IP_address>:8080/manager/html
{{< figure src="/img/linuxize/ubuntu/tomcat-manager.jpg" link="https://cloud.tencent.com/act/cps/redirect?redirect=1040&cps_key=7ad172f808f30965a01c05887137e4d8&from=console" target="blank" >}}
The Tomcat virtual host is managed in:
http://<your_domain_or_IP_address>:8080/host-manager/html
{{< figure src="/img/linuxize/ubuntu/tomcat-host-manager.jpg" link="https://cloud.tencent.com/act/cps/redirect?redirect=1040&cps_key=7ad172f808f30965a01c05887137e4d8&from=console" target="blank" >}}
8. Summary
We've shown you how to install Tomcat 9.0 on Ubuntu 20.04 and access the Tomcat administration interface.
For more information about Apache Tomcat, browse Official Document Page.
If you have any questions, please contact us by:
WeChat:
WeChat Group:
Add WeChat above, note WeChat group
QQ: 3217680847
QQ group: 82695646 