(Last Updated On: November 10, 2018)

Today we’ll look at how you can install Apache Tomcat 9 on CentOS 7 / Fedora 29 / Fedora 28. Tomcat Server is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF) and released under the Apache License version 2. This tool enables you to host web applications written in Java. Tomcat executes Java servlets and renders Web pages that include Java Server Page coding.

Tomcat 9 is built on top of the latest Java EE 8 specifications such as Servlet 4.0, EL 3.1, JSP 2.4 and WebSocket 1.2. Below are the steps to install Apache Tomcat 9 on CentOS 7 / Fedora 29 / Fedora 28.

Step 1: Disable SELinux and Install curl

Since we will be running tomcat service as tomcat user, disable or set SELinux in permissive mode:

sudo yum -y install curl vim wget
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

To completely disable it, run:

sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
sudo reboot

Step 2: Install OpenJDK 11 on CentOS 7 / Fedora 29 / Fedora 28.

The first step is to install OpenJDK 11 on CentOS 7 / Fedora 29 / Fedora 28 as it is a Tomcat dependency. I had earlier written an article on how to install JDK on  CentOS 7 / Fedora 29 / Fedora 28. The link to the article is:

How to Install Java 11 on CentOS 7 / Fedora 29 / Fedora 28

Step 3: Install Apache Tomcat 9 on CentOS 7 / Fedora 29 / Fedora 28

After installing OpenJDK 11, proceed to download and install Tomcat 9 on CentOS 7 / Fedora 29 / Fedora 28. Check for the latest release of Tomcat 9 from Apache website before downloading.

export VER="9.0.8"
curl -O https://archive.apache.org/dist/tomcat/tomcat-9/v${VER}/bin/apache-tomcat-${VER}.tar.gz
tar xvf apache-tomcat-${VER}.tar.gz

Move the resulting folder to /usr/libexec/tomcat9

sudo mv apache-tomcat-${VER} /usr/libexec/tomcat9

Step 4: Add Tomcat user and group

We need to add a user to manage Tomcat. This user will be named tomcat

sudo groupadd --system tomcat
sudo useradd -M -d /usr/libexec/tomcat9 -g tomcat tomcat

Change the ownership of the /usr/libexec/tomcat9directory to the tomcat user and group.

sudo chown -R tomcat:tomcat /usr/libexec/tomcat9

Step 5: Create Tomcat Systemd service

The last step is to create a service unit file for tomcat. Create a new file under:

sudo vim /etc/systemd/system/tomcat9.service

Then add:

[Unit]
Description=Apache Tomcat 9
Documentation=http://tomcat.apache.org/tomcat-9.0-doc/
After=network.target syslog.target
[Service]
User=tomcat
Group=tomcat
Type=oneshot
ExecStart=/usr/libexec/tomcat9/bin/startup.sh
ExecStop=/usr/libexec/tomcat9/bin/shutdown.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

Reload systemd and start tomcat9 service

sudo systemctl daemon-reload
sudo systemctl restart tomcat9.service

You can check service status using:

$ sudo systemctl status tomcat9.service
● tomcat9.service - Apache Tomcat 9
   Loaded: loaded (/etc/systemd/system/tomcat9.service; disabled; vendor preset: disabled)
   Active: active (running) since Sat 2018-11-10 06:34:50 UTC; 4min 15s ago
     Docs: http://tomcat.apache.org/tomcat-9.0-doc/
  Process: 3226 ExecStart=/usr/libexec/tomcat9/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 3226 (code=exited, status=0/SUCCESS)
    Tasks: 43 (limit: 1149)
   Memory: 81.5M
   CGroup: /system.slice/tomcat9.service
           └─3241 /usr/bin/java -Djava.util.logging.config.file=/usr/libexec/tomcat9/conf/logging.properties -Djava.util.logging.manager=org.apache.j>

Nov 10 06:34:50 fed29 systemd[1]: Starting Apache Tomcat 9...
Nov 10 06:34:50 fed29 startup.sh[3226]: Tomcat started.
Nov 10 06:34:50 fed29 systemd[1]: Started Apache Tomcat 9.

The service should be listening on port 8080

$ sudo ss -tunelp | grep 8080
tcp   LISTEN  0       100                         *:8080                *:*      users:(("java",pid=3241,fd=37)) uid:1001 ino:29845 sk:a v6only:0 <->

If you have an active firewall service, allow port 8080

sudo firewall-cmd --add-port=8080/tcp
sudo firewall-cmd --reload

Tomcat default website is available on [http://(server's hostname or IP address):8080/]

Administration guide is available on http://<IP>:8080/docs/index.html.

Step 6: Proxy Pass Access to Tomcat with Apache HTTP server ( Optional)

You can configure Apache http server to access Tomcat interface without specifying port 8080

Install and start Apache web server.

sudo yum -y install httpd
sudo systemctl start httpd && sudo systemctl enable httpd
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reload

Create tomcat configuration file

sudo vim /etc/httpd/conf.d/proxy_tomcat.conf

Add:

ProxyPass /tomcat9/ ajp://localhost:8009/

Access to [http://(server's hostname or IP address)/tomcat9/] and confirm that the change is working as expected.

Step 7: Configure Authentication

Create a Tomcat user to access Tomcat manager

sudo vim /usr/libexec/tomcat9/conf/tomcat-users.xml

Add the following lines to the file:

<role rolename="admin-gui" />
<user username="admin" password="StrongPassword" roles="manager-gui,admin-gui"
</tomcat-users>

Replace StrongPassword with your strong actual admin password.

Other Articles:

How to run Java Jar Application with Systemd on Linux

How to Install Metabase with Systemd on Ubuntu 18.04 / Ubuntu 16.04