How to install Tomcat 9 on Ubuntu 20.04

Posted by muadzir on Thu, 28 May 2020 04:43:56 +0200

This article was first published in:

This guide describes how to install and configure Tomcat 9 on Ubuntu 20.04.

Apache Tomcat is an open source Web server and Java servlet container.It is the most popular choice in the world for building Java-based websites and applications.Tomcat is lightweight, easy to use, and has a robust extended ecosystem.

1. Install Java

Tomcat 9 requires Java SE 8 or a newer version to be installed on the system.We will install OpenJDK 11, an open source implementation of the Java platform.

Run the following command as a root or other sudo user to update the package index and install the OpenJDK 11 JDK package:

sudo apt update
sudo apt install openjdk-11-jdk

Once the installation is complete, verify it by checking the Java version:

java -version

The output should look like this:

openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)

2. Create a System User

Running Tomcat as root has a security risk.We will create a system user and user group whose home directory is/opt/tomcat.We will use this user to run the Tomcat service.To do this, type the following command:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

3. Download Tomcat

Tomcat binary distribution in The Tomcat download page is available for download.

Just as I was writing, the latest Tomcat version was 9.0.35.Before proceeding to the next step, check the Tomcat 9 download page to see if an updated version is available for download.

Use wget to download the Tomcat zip file to the / tmp directory:

wget${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp

Once the download is complete, unzip the tar file to the / opt/tomcat directory:

sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/

Tomcat regularly updates security patches and new features.To better upgrade versions and updates, we'll create a symbolic link called latest that points to the Tomcat installation directory.

sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest

Later, when Tomcat is upgraded, unzip the new version and modify the symbolic link to point to it.

The system user you created earlier must have access to the Tomcat installation directory.Modify directory attribution to user and user group tomcat:

sudo chown -R tomcat: /opt/tomcat

The shell script in the Tomcat bin directory must be executable:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

These scripts will be used to start, stop, and other administrative operations on Tomcat.

4. Create SystemD Cell File

We'll run the Tomcat server as a service instead of using a shell script to start and stop it.

Open your text editor and create one in the / etc/systemd/system/directoryTomcat.serviceCell file.

sudo nano /etc/systemd/system/tomcat.service

Paste the following configuration file:

Description=Tomcat 9 servlet container



Environment=" -Djava.awt.headless=true"

Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"


If your Java installation path is different, please modify `JAVA_HOME`Environment variable.

Save and close the file, notifying systemd that a new cell file exists:

sudo systemctl daemon-reload

Enable and start the Tomcat service:

sudo systemctl enable --now tomcat

Check service status:

sudo systemctl status tomcat

The output should show that the Tomcat server is enabled and running:

‚óŹ tomcat.service - Tomcat 9 servlet container
     Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago
    Process: 5342 ExecStart=/opt/tomcat/latest/bin/ (code=exited, status=0/SUCCESS)
   Main PID: 5362 (java)

You can start, stop, and restart Tomcat just like any other systemd service:

sudo systemctl start tomcat
sudo systemctl stop tomcat
sudo systemctl restart tomcat

5. Configuring firewalls

If your server is firewalled and you want to access your Tomcat from outside, you need to open port 8080.

Use the following command to open the necessary ports:

sudo ufw allow 8080/tcp
Typically, when running Tomcat in a production environment, you should use a load balancing or reverse proxy server.This is a best practice to only allow access to port `8080'from your local network.

6. Configure Tomcat Web page management interface

At this point, you should access Tomcat through a browser on port 8080.The Web page management interface is not accessible because we have not created a user yet.

Tomcat users and roles are defined in tomcat-users.xml.This file is a template with comments and examples showing how to create a user and role.

In this example, we will create a user "admin-gui" and "manager-gui" role.This "admin-gui" role allows users to access/host-manager/html URLs to create, delete, and manage other virtual hosts.This "manager-gui" role allows users to deploy and undeploy web applications without restarting the entire container through the/host-manager/html interface.

Open tomcat-Users.xmlFile to create a new user, like the following:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>

Make sure you modify your username and password more securely.

By default, the Tomcat Web page management interface is configured to access Manager and Host Manager applications only from localhost.To access the web interface from a remote IP, you need to remove these restrictions.

This may pose some security risks, which we do not recommend in production systems.

To have access to the web interface from anywhere, open the two configured files, comment or remove the commented sections.

For Manager:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml

For Host Manager:

sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

If you only want to access the web interface from the specified IP, do not comment on this paragraph, but add your public IP address.

Suppose you have a public IP of and you want to allow access to the web interface from that IP:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|" />

The list of allowed IPs is separated by |.You can add a simple IP address or use a regular expression.

Once completed, restart the Tomcat service for the application to take effect:

sudo systemctl restart tomcat

7. Testing Tomcat installation

Open your browser and enter: http://<your_Domain_Or_IP_Address>:8080

Assuming the installation is successful, a page like the following will appear:

{{< figure src="/img/linuxize/ubuntu/tomcat-home.jpg" link="" target="blank" >}}

Tomcat web application management in:


{{< figure src="/img/linuxize/ubuntu/tomcat-manager.jpg" link="" target="blank" >}}

The Tomcat virtual host is managed in:


{{< figure src="/img/linuxize/ubuntu/tomcat-host-manager.jpg" link="" target="blank" >}}

8. Summary

We've shown you how to install Tomcat 9.0 on Ubuntu 20.04 and access the Tomcat administration interface.

For more information about Apache Tomcat, browse Official Document Page.

If you have any questions, please contact us by:


WeChat Group:
Add WeChat above, note WeChat group

QQ: 3217680847

QQ group: 82695646

Topics: Java Tomcat sudo Ubuntu