Apache Tomcat is a reliable open-source web server and Java servlet container that’s widely used for developing Java-based websites and applications. With its lightweight and user-friendly interface, Tomcat is a popular choice for powering large-scale web applications. Discover its robust ecosystem of add-ons and start building your Java-based project with confidence.
Learn how to easily install and configure Apache Tomcat 10 on Ubuntu 22.04 with this comprehensive guide.
Install Java
To install Tomcat 10, it is necessary to have Java version 11 or newer installed on your system. For this purpose, we recommend installing the OpenJDK 11 package, which is the open-source implementation of the Java Platform. Follow the commands to update the package index and install the OpenJDK 11 JDK package as a user with sudo privileges or root
sudo apt updatesudo apt install openjdk-11-jdkAfter completing the following, you verify the correct installation of Tomcat by checking the Java version:
java -versionThe output will display this:
openjdk version "11.0.17" 2022-10-18
OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04)
OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing)How to Create a System User for Running Tomcat
Running Tomcat as the root user can pose security risks and be unsafe. To avoid this, use the following command to create a new system user and group with the home directory /opt/tomcat that will execute the Tomcat service securely:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcatDownloading Tomcat
To download Tomcat, visit the Tomcat software downloads page and look for the binary distribution. Ensure that you have the latest version, which at the time of writing is Tomcat 10.1.4. Before proceeding with the installation, it is advisable to check if there is a newer version available on the Tomcat 10 download page.
To begin the download, use the wget command to download the Tomcat zip file and save it in the /tmp directory. This will ensure that the file is easily accessible and can be extracted later for installation:
VERSION=10.1.4wget https://www-eu.apache.org/dist/tomcat/tomcat-10/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmpOnce the Tomcat tar file download is complete, then extract it to the /opt/tomcat directory:
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/If you’re looking to stay up-to-date with the latest Tomcat updates, you’re in luck! Tomcat regularly updates new features, bug fixes, and security patches. To keep better control over versions and updates, we recommend creating a symbolic link called “latest” that points to your Tomcat installation directory. This will ensure that you always have access to the most recent version of Tomcat.
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latestTo upgrade your Tomcat instance, simply unpack the newer version and update the symlink to direct to it. Ensure that the system user created earlier has access to the tomcat installation directory. You can grant access by changing the directory ownership to user and group tomcat:
sudo chown -R tomcat: /opt/tomcatTomcat’s bin the directory has the shell script inside that must be executable in order to run:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'These scripts are used to control and manage Tomcat instances.
How to create a SystemD unit file to start and stop the Tomcat server as a service
Avoid executing shell scripts directly and follow these simple steps to create a tomcat service unit file in the /etc/systemd/system/ directory using your preferred text editor. With this approach, your Tomcat server will run more efficiently and reliably:
sudo nano /etc/systemd/system/tomcat.serviceUse the configuration given below:
[Unit]
Description=Tomcat 10 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
If your Java installation path is different then modify the JAVA_HOME.
Save and close the file and use the command below to let the systemd know that we’ve created a new unit file:
sudo systemctl daemon-reloadEnable it and start the Tomcat service:
sudo systemctl enable --now tomcatCheck the status of the service:
sudo systemctl status tomcatThe output will display that the Tomcat is enabled and running.
● tomcat.service - Tomcat 10 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-12-24 18:53:37 UTC; 6s ago
Process: 5124 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5131 (java)
...You can start, stop, and restart Tomcat the just like any other systemd service:
sudo systemctl start tomcat
sudo systemctl stop tomcat
sudo systemctl restart tomcatConfiguring Firewall
To access Tomcat from outside your local network while using a firewall, it’s essential to configure it properly. Opening port 8080 is necessary for filtering traffic. To do this, use the following command:
sudo ufw allow 8080/tcpIn a production environment, it’s essential to utilize a load balancer or reverse proxy when running Tomcat. Best practices dictate restricting access to port 8080 to your internal network.
Configure Tomcat Web Management Interface
First, make sure you can access Tomcat using a web browser on port 8080. However, you won’t be able to access the web management interface yet, as a user has not been created. To create users and roles, you’ll need to modify the tomcat-users.xml file. The file includes examples and comments that demonstrate how to create a user or role. This tutorial will create a user with “admin-gui” and “manager-gui” roles. The “admin-gui” role allows the user to manage virtual hosts, including creating and deleting them, through the /host-manager/html URL. The “manager-gui” role lets the user deploy and undeploy web applications without restarting the container via the /host-manager/html interface.
To create a new user, simply open the tomcat-users.xml file in a text editor and follow the steps below:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xmlcreate a new user:
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>Make sure to set the username and password to something secure.
To allow remote access to the Tomcat web management interface, you need to remove the default restrictions set to only allow access to the Manager and Host Manager apps from localhost. However, this action can lead to various security concerns and is not advisable for production systems. To enable the web interface accessible from any IP, you can modify two files by commenting or removing the highlighted lines. Take necessary precautions while making such changes to avoid potential security risks.
For the Manager app:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xmlFor the Host Manager app:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>To restrict access to the web interface to a specific IP address, simply add your public IP address to the designated list instead of commenting on the blocks. For instance, if your public IP address is 41.41.41.41 and you desire to permit access solely from that address:
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>When configuring your system’s IP address restrictions, you can use a list separated by a vertical bar “|” to specify allowed IPs whether you need to add individual IP addresses or leverage the power of regular expressions.
After completing, restart the Tomcat service for changes to take effect:
sudo systemctl restart tomcatTest the Tomcat Installation
To test your Tomcat installation, open your web browser and enter the following URL: http://<your_domain_or_IP_address>:8080
If the installation was successful, you should see a screen that resembles the one below:
Tomcat web application manager is available at: http://<your_domain_or_IP_address>:8080/manager/html.
Tomcat virtual host manager is available at: http://<your_domain_or_IP_address>:8080/host-manager/html.
Conclusion
In this tutorial, you have learned about how to install and access the Tomcat management interface of Tomcat 10.0 on Ubuntu 22.04.
If you’re interested in learning more about Apache Tomcat, head over to the official documentation page for more information visit- Official page. If you encounter any issues or have feedback, please don’t hesitate to leave a comment below.
