How to Install Tomcat 9 on CentOS/RHEL 8

Apache Tomcat 9 is the latest version available for the installation of the Tomcat web server. Tomcat is an open-source web server for Java-based applications developed by the Apache Foundation. We use Tomcat for deploying Java Servlet and JSP applications. To know more about the Apache Tomcat visit apache official site http://tomcat.apache.org/.

This tutorial will help you to install and configure the Tomcat 9 server on CentOS 8 and RHEL 8 Linux systems.

Prerequisites

• Shell access
• sudo priviledged account access

Step 1 – Install Java

Java is the primary requirement for running Tomcat 9 on CentOS 8 Linux system. Make sure you have Java 8 or higher version installed in your system. Use the following command to install OpenJDK on your system.

sudo dnf install openjdk 

Then check the installed Java version

java -version

openjdk version "11.0.7" 2020-04-14 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.7+10-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.7+10-LTS, mixed mode, sharing)

Step 2 – Create Tomcat User

Many system administrators run Tomcat as a root user which is not the correct way for security purposes. So, create a separate account to run your Tomcat server on your system.

sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat 

The above command will create a user with the name “tomcat” with a group named “tomcat”.

Step 3 – Download Tomcat 9 Archive

The Apache Tomcat is available on official download pages, Where you can select the nearest peers to download Tomcat faster. To download Apache Tomcat archive file from Apache tomcat official download server use the following command:

wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.70/bin/apache-tomcat-9.0.70.tar.gz 

Then extract the archive file and copy all the files under the tomcat home directory

tar xzf apache-tomcat-9.0.70.tar.gz 
sudo mv apache-tomcat-9.0.70/* /opt/tomcat/ 

Also, set the proper ownership of all files.

sudo chown -R tomcat:tomcat /opt/tomcat/ 

Step 4 – Enable Host/Manager for Remote IP

By default Tomcat manager and host-manager, pages are enabled to access from localhost only. To access these pages from the remote system, you have to allow your IP or IP range in the application-specific context.xml file.

• Manager – /opt/tomcat/webapps/manager/META-INF/context.xml
• Host Manager – /opt/tomcat/webapps/host-manager/META-INF/context.xml

Edit both of the above files one by one and add your IP address (like 192.168.1.10) or range of IP addresses to allow access. For reference see the below screenshot.

You can also totally comment on these Valve entries to allow all.

Step 5 – Setup User Accounts

Now, configure your tomcat with user accounts to secure access to admin/manager pages. To do this, edit /opt/tomcat/conf/tomcat-users.xml file in your editor and paste the following code inside <tomcat-users> </tomcat-users> tags. We recommend changing the password in the below configuration with high secured password.

<!-- user manager can access only manager section -->
<role rolename="manager-gui" />
<user username="manager" password="_SECRET_PASSWORD_" roles="manager-gui" />

<!-- user admin can access manager and admin section both -->
<role rolename="admin-gui" />
<user username="admin" password="_SECRET_PASSWORD_" roles="manager-gui,admin-gui" />

Save the file and close.

Step 6 – Create Tomcat Start Script

Tomcat provides bash scripts to start, and stop service. But, to make it simple, create a startup script to manage Tomcat as systemd service. Let’s create a tomcat.service file with the following content:

sudo vim /etc/systemd/system/tomcat.service 

Add the below snippet.

[Unit]
Description=Tomcat 9
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Reload the systemd daemon service to apply changes

sudo systemctl daemon-reload 

Then, enable and start the Tomcat service on your system

sudo systemctl enable tomcat.service 
sudo systemctl start tomcat.service 

Step 7 – Access Tomcat in Browser

Tomcat server works on port 8080 default. To access Tomcat on the web browser by connecting your server to port 8080.

If you are connecting from the local machine then use the localhost. To connect from a remote machine use the IP address of the system with port:

 http://localhost:8080 

Conclusion

You have a running Tomcat 9 server on CentOS 8 system. You may need to create a Virtual host or configure a SSL certificate in Tomcat.