In this tutorial, we will discuss how to install Apache Tomcat 9 on RHEL 8 / CentOS 8. Apache Tomcat is an open-source Java-capable HTTP server developed by the Apache Software Foundation. It is used to execute special Java programs known as “Java Servlet” and “Java Server Pages (JSP)“.

Apache Tomcat 9 support:

  • Java Servlet 4.0
  • JavaServer Pages 2.4
  • Java Unified Expression Language 3.1
  • and Java API for WebSocket 2.0 specifications.

The major dependency of Apache Tomcat 9.0.x is Java 8 or later. So this dependency will need to be installed before you download and install Tomcat Server.

For Debian: Install Tomcat 9 on Debian with Ansible

Apache Tomcat 9 on CentOS 8|RHEL 8|Rocky Linux 8

We will do the manual installation which works best for users new to Linux. The steps required to have working Tomcat 9 server installation on RHEL / CentOS 8 are:

Step 1: Install Java on CentOS 8|RHEL 8|Rocky Linux 8

Use our guide below to install Java on RHEL / CentOS server.

Confirm Java installation was successful

$ java -version
java version "11.0.15.1" 2022-04-22 LTS
Java(TM) SE Runtime Environment 18.9 (build 11.0.15.1+2-LTS-10)
Java HotSpot(TM) 64-Bit Server VM 18.9 (build 11.0.15.1+2-LTS-10, mixed mode)

Step 2: Create tomcat user and group

We nee to add user dedicated to running tomcat service.

sudo groupadd --system tomcat
sudo useradd -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat

Step 3: Install Tomcat 9 on Linux CentOS 8|RHEL 8|Rocky Linux 8

Check the latest release version of Tomcat 9. Save the version number to VER variable and proceed to download.

sudo yum -y install wget
export VER="9.0.64"
wget https://archive.apache.org/dist/tomcat/tomcat-9/v${VER}/bin/apache-tomcat-${VER}.tar.gz

Extract downloaded file with tar.

sudo tar xvf apache-tomcat-${VER}.tar.gz -C /usr/share/

Create symlink to extracted tomcat data.

sudo ln -s /usr/share/apache-tomcat-$VER/ /usr/share/tomcat

If you download a newer version of Tomcat, just update the symbolic link to the new version folder.

Set proper directory permissions.

sudo chown -R tomcat:tomcat /usr/share/tomcat
sudo chown -R tomcat:tomcat /usr/share/apache-tomcat-$VER/

The /usr/share/tomcat directory has the following sub-directories:

  • bin: contains the binaries and scripts (e.g startup.sh and shutdown.sh for Unixes and Mac OS X).
  • conf: contains the system-wide configuration files, such as server.xml, web.xml, and context.xml.
  • webapps: contains the webapps to be deployed. You can also place the WAR (Webapp Archive) file for deployment here.
  • lib: contains the Tomcat’s system-wide library JAR files, accessible by all webapps. You could also place external JAR file (such as MySQL JDBC Driver) here.
  • logs: contains Tomcat’s log files. You may need to check for error messages here.
  • work: Tomcat’s working directory used by JSP, for JSP-to-Servlet conversion.

Step 4: Configure Tomcat 9 Systemd service

Create a new systemd service to Tomcat.

sudo vim /etc/systemd/system/tomcat.service

With below configuration:

[Unit]
Description=Tomcat
After=syslog.target network.target

[Service]
Type=forking
User=tomcat
Group=tomcat

Environment=JAVA_HOME=/usr/lib/jvm/jre-openjdk
Environment='JAVA_OPTS=-Djava.awt.headless=true'

Environment=CATALINA_HOME=/usr/share/tomcat
Environment=CATALINA_BASE=/usr/share/tomcat
Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid

ExecStart=/usr/share/tomcat/bin/catalina.sh start
ExecStop=/usr/share/tomcat/bin/catalina.sh stop

[Install]
WantedBy=multi-user.target

Update CATALINA_OPTS values with your memory limits for Tomcat service.

Start and enable service.

sudo systemctl daemon-reload
sudo systemctl restart tomcat
sudo systemctl enable tomcat

Check service status with the following command:

$ systemctl status tomcat
 ● tomcat.service - Tomcat
    Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)
    Active: active (running) since Sat 2018-12-29 11:18:44 EAT; 29s ago
   Process: 31508 ExecStart=/usr/share/tomcat/bin/catalina.sh start (code=exited, status=0/SUCCESS)
  Main PID: 31514 (java)
     Tasks: 50 (limit: 11510)
    Memory: 92.2M
    CGroup: /system.slice/tomcat.service
            └─31514 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org>
 Dec 29 11:18:44 rhel8.local systemd[1]: Starting Tomcat…
 Dec 29 11:18:44 rhel8.local systemd[1]: Started Tomcat.

Step 5: Configure Firewall

Allow Port used by tomcat on the firewall – TCP port 8080.

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Step 6: Configure Tomcat Authentication

To this point, you have done a great work of installing and configuring Tomcat. The missing piece is configuration of users which are used to access Tomcat web management interface.

Edit the users configuration file:

sudo vi /usr/share/tomcat/conf/tomcat-users.xml

Add below line before </tomcat-users>

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="MyStrongPassword" fullName="Administrator" roles="admin-gui,manager-gui"/>

Replace MyStrongPassword with your desired admin password. See below

apache tomcat add user

Step 7: Configure Tomcat Proxy

We will use Apache httpd as a proxy to an Apache Tomcat application container. Install httpd package using command below.

sudo yum -y install httpd 

Create VirtualHost for accessing Tomcat Admin web interface – /etc/httpd/conf.d/tomcat_manager.conf

<VirtualHost *:80>
    ServerAdmin root@localhost
    ServerName tomcat.example.com
    DefaultType text/html
    ProxyRequests off
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost>

tomcat.example.com should be value of your tomcat server name.

For AJP connector, it will be configuration like this:

<VirtualHost *:80>
  ServerName example.com

  ProxyRequests Off
  ProxyPass / ajp://localhost:8009/
  ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>

Configure SELinux for Apache to access Tomcat.

sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_relay 1
sudo setsebool -P httpd_graceful_shutdown 1
sudo setsebool -P nis_enabled 1

Restart httpd service

sudo systemctl restart httpd && sudo systemctl enable httpd

Step 8: Access Tomcat Web interface

Use your domain name configured on VirtualHost to access Tomcat management interface.

apache tomcat web ui

You need to authenticate to view server status and manage Tomcat Applications.

apache tomcat aunthenticate

Server status and Applications management sections looks as shown.

apache tomcat check server status

From Web Application Manager section, you can list, deploy WAR applications, Manage SSL and Diagnose applications.

apache tomcat list applications

The Tomcat Virtual Host Manager section allows you to can create, delete and manage Tomcat virtual hosts.

apache tomcat manage virtualhosts

Conclusion

You have successfully installed Tomcat 9 on your CentOS 8|RHEL 8|Rocky Linux 8 system. Visit the official Apache Tomcat 9 Documentation to learn more about the Apache Tomcat configurations and administration.

Similar:

6 COMMENTS

  1. This part fails:

    sudo systemctl start tomcat

    # journalctl -xe
    PID file found but either no matching process was found or the current user does not have perm

    The only way I could start is was by using:
    # /usr/share/tomcat/bin/catalina.sh start

    which means the installation won’t survive a reboot

    • I found this article useful, thanks

      In Red Hat 8 I discovered that fapolicyd was blocking the start of Tomcat.

      you need to update the rules to give the Tomcat UID full access to the Tomcat Directory.

      Edit /etc/fapolicyd/fapolicyd.rules to include:

      allow perm=any uid={Tomcat UID} : dir=/usr/share/tomcat
      allow perm=any uid={Tomcat UID} : dir=/usr/share/apache-tomcat-{insert your version}/

      Restart fapolicyd to take affect.

      Unfortunately the fapolcyd does not appear to support wildcards, so when you upgrade tomcat you will need to update this rule, but it is better than running the application as root.

  2. thanks for tutorial, already follow ur step by step but theres problem with virtual hosts.
    im trying to Configure Tomcat Proxy with my domain and it doesnt work.
    im trying to add this virtual hosts on my VPS sub.mydomain.com , doesnt work. but if im trying access sub.mydomain.com:8080 , it works. what did i missed ?

LEAVE A REPLY

Please enter your comment!
Please enter your name here