In this tutorial, we will discuss how to install Apache Tomcat 9 on RHEL 8 / CentOS 8. Apache Tomcat is an open-source Java-capable HTTP server developed by the Apache Software Foundation. It is used to execute special Java programs known as “Java Servlet” and “Java Server Pages (JSP)“.
Apache Tomcat 9 support:
- Java Servlet 4.0
- JavaServer Pages 2.4
- Java Unified Expression Language 3.1
- and Java API for WebSocket 2.0 specifications.
The major dependency of Apache Tomcat 9.0.x is Java 8 or later. So this dependency will need to be installed before you download and install Tomcat Server.
For Debian: Install Tomcat 9 on Debian with Ansible
Apache Tomcat 9 on RHEL 8 / CentOS 8
We will do the manual installation which works best for users new to Linux. The steps required to have working Tomcat 9 server installation on RHEL / CentOS 8 are:
Step 1: Install Java
Use our guide below to install Java on RHEL / CentOS server.
How to Install Java 11 (OpenJDK 11) on RHEL / CentOS 8
How to Install Java 11 on CentOS 7
Step 2: Create tomcat user and group
We nee to add user dedicated to running tomcat service.
sudo groupadd --system tomcat
sudo useradd -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcatStep 3: Install Tomcat 9 on Linux RHEL / CentOS 8
Check the latest release version of Tomcat 9. Save the version number to VER variable and proceed to download.
sudo yum -y install wget
export VER="9.0.48"
wget https://archive.apache.org/dist/tomcat/tomcat-9/v${VER}/bin/apache-tomcat-${VER}.tar.gzExtract downloaded file with tar.
sudo tar xvf apache-tomcat-${VER}.tar.gz -C /usr/share/Create symlink to extracted tomcat data.
sudo ln -s /usr/share/apache-tomcat-$VER/ /usr/share/tomcatIf you download a newer version of Tomcat, just update the symbolic link to the new version folder.
Set proper directory permissions.
sudo chown -R tomcat:tomcat /usr/share/tomcat
sudo chown -R tomcat:tomcat /usr/share/apache-tomcat-$VER/ The /usr/share/tomcat directory has the following sub-directories:
bin : contains the binaries and scripts (e.gstartup.shand shutdown.shfor Unixes and Mac OS X).- conf: contains the system-wide configuration files, such
as server.xml, web.xml, and context.xml. - webapps: contains the webapps to be deployed. You can also place the WAR (Webapp Archive) file for deployment here.
- lib: contains the Tomcat’s system-wide library JAR files, accessible by all webapps. You could also place external JAR file (such as MySQL JDBC Driver) here.
- logs: contains Tomcat’s log files. You may need to check for error messages here.
- work: Tomcat’s working directory used by JSP, for JSP-to-Servlet conversion.
Step 4: Configure Tomcat 9 Systemd service
Create a new systemd service to Tomcat.
sudo vim /etc/systemd/system/tomcat.serviceWith below configuration:
[Unit]
Description=Tomcat Server
After=syslog.target network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment='JAVA_OPTS=-Djava.awt.headless=true'
Environment=CATALINA_HOME=/usr/share/tomcat
Environment=CATALINA_BASE=/usr/share/tomcat
Environment=CATALINA_PID=/usr/share/tomcat/temp/tomcat.pid
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M'
ExecStart=/usr/share/tomcat/bin/catalina.sh start
ExecStop=/usr/share/tomcat/bin/catalina.sh stop
[Install]
WantedBy=multi-user.targetUpdate CATALINA_OPTS values with your memory limits for Tomcat service.
Start and enable service.
sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat
Check service status with the following command:
$ systemctl status tomcat
● tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-12-29 11:18:44 EAT; 29s ago
Process: 31508 ExecStart=/usr/share/tomcat/bin/catalina.sh start (code=exited, status=0/SUCCESS)
Main PID: 31514 (java)
Tasks: 50 (limit: 11510)
Memory: 92.2M
CGroup: /system.slice/tomcat.service
└─31514 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/usr/share/tomcat/conf/logging.properties -Djava.util.logging.manager=org>
Dec 29 11:18:44 rhel8.local systemd[1]: Starting Tomcat…
Dec 29 11:18:44 rhel8.local systemd[1]: Started Tomcat.Step 5: Configure Firewall
Allow Port used by tomcat on the firewall – TCP port 8080.
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reloadStep 6: Configure Tomcat Authentication
To this point, you have done a great work of installing and configuring Tomcat. The missing piece is configuration of users which are used to access Tomcat web management interface.
Edit the users configuration file:
sudo vi /usr/share/tomcat/conf/tomcat-users.xmlAdd below line before </tomcat-users>
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="MyStrongPassword" fullName="Administrator" roles="admin-gui,manager-gui"/>Replace MyStrongPassword with your desired admin password. See below
Step 7: Configure Tomcat Proxy
We will use Apache httpd as a proxy to an Apache Tomcat application container. Install httpd package using command below.
sudo yum -y install httpd Create VirtualHost for accessing Tomcat Admin web interface – /etc/httpd/conf.d/tomcat_manager.conf
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName tomcat.example.com
DefaultType text/html
ProxyRequests off
ProxyPreserveHost On
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost>tomcat.example.com should be value of your tomcat server name.
For AJP connector, it will be configuration like this:
<VirtualHost *:80>
ServerName example.com
ProxyRequests Off
ProxyPass / ajp://localhost:8009/
ProxyPassReverse / ajp://localhost:8009/
</VirtualHost>Configure SELinux for Apache to access Tomcat.
sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_relay 1
sudo setsebool -P httpd_graceful_shutdown 1
sudo setsebool -P nis_enabled 1
Restart httpd service
sudo systemctl restart httpd && sudo systemctl enable httpdStep 8: Access Tomcat Web interface
Use your domain name configured on VirtualHost to access Tomcat management
You need to authenticate to view server status and manage Tomcat Applications.
Server status and Applications management sections looks as shown.
From Web Application Manager section, you can list, deploy WAR applications, Manage SSL and Diagnose applications.
The Tomcat Virtual Host Manager section allows you to can create, delete and manage Tomcat virtual hosts.
Conclusion
You have successfully installed Tomcat 9 on your RHEL / CentOS 8 system. Visit the official Apache Tomcat 9 Documentation to learn more about the Apache Tomcat configurations and administration.
Similar:
How to run Java Jar Application with Systemd on Linux
How to Install Metabase with Systemd on Ubuntu 18.04 / Ubuntu 16.04
This part fails:
sudo systemctl start tomcat
# journalctl -xe
PID file found but either no matching process was found or the current user does not have perm
The only way I could start is was by using:
# /usr/share/tomcat/bin/catalina.sh start
which means the installation won’t survive a reboot
I found this article useful, thanks
In Red Hat 8 I discovered that fapolicyd was blocking the start of Tomcat.
you need to update the rules to give the Tomcat UID full access to the Tomcat Directory.
Edit /etc/fapolicyd/fapolicyd.rules to include:
allow perm=any uid={Tomcat UID} : dir=/usr/share/tomcat
allow perm=any uid={Tomcat UID} : dir=/usr/share/apache-tomcat-{insert your version}/
Restart fapolicyd to take affect.
Unfortunately the fapolcyd does not appear to support wildcards, so when you upgrade tomcat you will need to update this rule, but it is better than running the application as root.
Try replacing tomcat user with root in the tomcat.service.