This article will walk you through setting up and configuring Tomcat 10 on Ubuntu 22.04.
Tomcat, developed by Apache, is a widely used open-source web server and Java servlet container. It is renowned for its versatility and is a top choice for developing Java-based websites and applications. Tomcat boasts a lightweight architecture, user-friendly interface, and extensive collection of add-ons, and is trusted by numerous high-traffic web applications.
Installing Java
To successfully run Tomcat 10, it is essential to have Java version 11 or a more recent version installed on your system. We will now guide you through the process of installing OpenJDK 11, which is the open-source implementation of the Java Platform.
To begin, execute the following commands with root privileges or as a user with sudo access. These commands will update the package index and install the OpenJDK 11 JDK package:
$ sudo apt update
$ sudo apt install openjdk-11-jdkAfter the installation process is complete, you can confirm that Tomcat has been installed correctly by verifying the Java version. To do this, execute the following command:
$ java -version
The expected output should resemble the following:
Output
openjdk version "11.0.17" 2022-10-18
OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04)
OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing)Creating a System User
Running Tomcat under the root user poses security risks and is considered unsafe. To mitigate this, we will create a new system user and group specifically for running the Tomcat service. This can be achieved by executing the following command, which will create a system user with a home directory at /opt/tomcat:
$ sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcatDownloading Tomcat
You can obtain the Tomcat binary distribution by visiting the Tomcat software downloads page.
As of the time of writing, the most recent version of Tomcat is 10.1.4. However, before proceeding to the next step, it is advisable to visit the Tomcat 10 download page to confirm if a newer version is accessible. To download the Tomcat zip file, use the wget command and save it to the /tmp directory. Here is an example command:
$ VERSION=10.1.4
$ wget https://www-eu.apache.org/dist/tomcat/tomcat-10/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmpAfter successfully downloading the Tomcat tar file, you can proceed to extract its contents to the /opt/tomcat directory. Use the following command to accomplish this:
$ sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/Tomcat undergoes regular updates to address bug fixes, and security patches, and introduce new features. To have better control over versions and updates, we can create a symbolic link named “latest” that will point to the Tomcat installation directory. This can be achieved using the following command:
$ sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latestIn the future, if you need to upgrade your Tomcat instance, you can simply extract the newer version and update the symbolic link to point to it.
However, it’s important to ensure that the system user we created earlier has proper access to the Tomcat installation directory. To achieve this, you can change the ownership of the directory to the user and group “tomcat” using the following command:
$ sudo chown -R tomcat: /opt/tomcatFor the shell scripts within the Tomcat’s “bin” directory to be runnable, they need to be set as executable. You can achieve this by using the following command:
$ sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'The purpose of these scripts is to manage the Tomcat instance, including tasks such as starting, stopping, and other management operations.
Creating SystemD Unit File
To run the Tomcat server as a service and avoid directly executing the shell scripts for starting and stopping, we will utilize a systemd unit file. This will enable us to manage Tomcat as a service.
To create the “tomcat.service” unit file in the “/etc/systemd/system/” directory, open your preferred text editor and follow these steps:
$ sudo nano /etc/systemd/system/tomcat.servicePaste the following configuration:
/etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 10 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.targetModify the JAVA_HOME variable if the path to your Java installation is different.
After saving and closing the “tomcat.service” unit file, execute the following command to inform systemd about the newly created unit file:
$ sudo systemctl daemon-reloadEnable and start the Tomcat service:
$ sudo systemctl enable --now tomcatCheck the service status:
$ sudo systemctl status tomcatThe output should show that the Tomcat server is enabled and running:
Output
● tomcat.service - Tomcat 10 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2022-12-24 18:53:37 UTC; 6s ago
Process: 5124 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5131 (java)
...You can start, stop, and restart Tomcat the same as any other systemd service:
$ sudo systemctl start tomcat
$ sudo systemctl stop tomcat
$ sudo systemctl restart tomcatConfiguring Firewall
If you are utilizing a firewall to filter network traffic and wish to access Tomcat from outside your local network, it is necessary to open port 8080. You can achieve this by executing the following command:
$ sudo ufw allow 8080/tcpGenerally, when running Tomcat in a production environment, you should use a load balancer or reverse proxy. It’s a best practice to allow access to ports 8080 only from your internal network.
Configuring Tomcat Web Management Interface
At this stage, you should be able to access Tomcat through a web browser on port 8080. However, the web management interface is currently inaccessible because we haven’t created a user yet. User and role configurations for Tomcat are defined in the “tomcat-users.xml” file.
By default, this file includes examples and comments that demonstrate how to create users and roles. In this example, we will create a user with the “admin-gui” and “manager-gui” roles.
The “admin-gui” role grants access to the /host-manager/html URL, enabling the user to manage virtual hosts, including their creation and deletion. The “manager-gui” role permits the user to deploy and undeploy web applications through the /host-manager/html interface, without requiring a container restart.
Open the “tomcat-users.xml” file using your preferred text editor and add the following lines to create a new user:
$ sudo nano /opt/tomcat/latest/conf/tomcat-users.xml /opt/tomcat/latest/conf/tomcat-users.xml
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>Make sure you change the username and password to something more secure.
By default, the Tomcat web management interface restricts access to the Manager and Host Manager apps only from the localhost. If you wish to access the web interface from a remote IP, you will need to remove these restrictions. However, please note that this action can have security implications and is not recommended for production systems.
To allow access to the web interface from anywhere, open the following two files and comment out or remove the highlighted lines:
For the Manager app:
$ sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xmlFor the Host Manager app:
$ sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xmlcontext.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>If you want to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list.
Let’s say your public IP is 41.41.41.41, and you want to allow access only from that IP:
context.xml
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>The list of permitted IP addresses is represented as a pipe-separated list (|). You can add individual IP addresses or use regular expressions.
After making the necessary modifications, restart the Tomcat service to apply the changes:
$ sudo systemctl restart tomcatTest the Tomcat Installation
Open your browser and type: http://<your_domain_or_IP_address>:8080
Assuming the installation is successful, a screen similar to the following should appear:
Tomcat web application manager is available at: http://<your_domain_or_IP_address>:8080/manager/html.
Tomcat virtual host manager is available at: http://<your_domain_or_IP_address>:8080/host-manager/html.
Conclusion:
In this guide, we have provided you with the steps to install Tomcat 10.0 on Ubuntu 22.04 and access the Tomcat management interface.
For additional information about Apache Tomcat, we recommend visiting the official documentation page.
If you encounter any issues or have feedback, please feel free to leave a comment below.
![8 Uniq Command Examples [Remove Duplicate Lines in Linux]](https://wecareserver.com/wp-content/uploads/2023/07/8-Uniq-Command-Examples-Remove-Duplicate-Lines-in-Linux.png)
![8 Uniq Command Examples [Remove Duplicate Lines in Linux]](https://wecareserver.com/wp-content/uploads/2023/07/8-Uniq-Command-Examples-Remove-Duplicate-Lines-in-Linux-150x150.png)
No Comments
Leave a comment Cancel