In this tutorial, we will discuss how to install Apache Tomcat 9 on RHEL 8 / CentOS 8. Apache Tomcat is an open-source Java-capable HTTP server developed by the Apache Software Foundation. It is used to execute special Java programs known as “Java Servlet” and “Java Server Pages (JSP)“.

Apache Tomcat 9 support:

  • Java Servlet 4.0
  • JavaServer Pages 2.4
  • Java Unified Expression Language 3.1
  • and Java API for WebSocket 2.0 specifications.

The major dependency of Apache Tomcat 9.0.x is Java 8 or later. So this dependency will need to be installed before you download and install Tomcat Server.

For Debian: Install Tomcat 9 on Debian with Ansible

Apache Tomcat 9 on RHEL 8 / CentOS 8

We will do the manual installation which works best for users new to Linux. The steps required to have working Tomcat 9 server installation on RHEL / CentOS 8 are:

Step 1: Install Java

Use our guide below to install Java on RHEL / CentOS server.

How to Install Java 11 (OpenJDK 11) on RHEL / CentOS 8

How to Install Java 11 on CentOS 7

Step 2: Create tomcat user and group

We nee to add user dedicated to running tomcat service.

sudo groupadd --system tomcat
sudo useradd -d /usr/share/tomcat -r -s /bin/false -g tomcat tomcat

Step 3: Install Tomcat 9 on Linux RHEL / CentOS 8

Check the latest release version of Tomcat 9. Save the version number to VER variable and proceed to download.

sudo yum -y install wget
export VER="9.0.48"

Extract downloaded file with tar.

sudo tar xvf apache-tomcat-${VER}.tar.gz -C /usr/share/

Create symlink to extracted tomcat data.

sudo ln -s /usr/share/apache-tomcat-$VER/ /usr/share/tomcat

If you download a newer version of Tomcat, just update the symbolic link to the new version folder.

Set proper directory permissions.

sudo chown -R tomcat:tomcat /usr/share/tomcat
sudo chown -R tomcat:tomcat /usr/share/apache-tomcat-$VER/

The /usr/share/tomcat directory has the following sub-directories:

  • bin: contains the binaries and scripts (e.g and for Unixes and Mac OS X).
  • conf: contains the system-wide configuration files, such as server.xml, web.xml, and context.xml.
  • webapps: contains the webapps to be deployed. You can also place the WAR (Webapp Archive) file for deployment here.
  • lib: contains the Tomcat’s system-wide library JAR files, accessible by all webapps. You could also place external JAR file (such as MySQL JDBC Driver) here.
  • logs: contains Tomcat’s log files. You may need to check for error messages here.
  • work: Tomcat’s working directory used by JSP, for JSP-to-Servlet conversion.

Step 4: Configure Tomcat 9 Systemd service

Create a new systemd service to Tomcat.

sudo vim /etc/systemd/system/tomcat.service

With below configuration:

Description=Tomcat Server


Environment='CATALINA_OPTS=-Xms512M -Xmx1024M'
ExecStart=/usr/share/tomcat/bin/ start
ExecStop=/usr/share/tomcat/bin/ stop


Update CATALINA_OPTS values with your memory limits for Tomcat service.

Start and enable service.

sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat

Check service status with the following command:

$ systemctl status tomcat
● tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-12-29 11:18:44 EAT; 29s ago
Process: 31508 ExecStart=/usr/share/tomcat/bin/ start (code=exited, status=0/SUCCESS)
Main PID: 31514 (java)
Tasks: 50 (limit: 11510)
Memory: 92.2M
CGroup: /system.slice/tomcat.service
└─31514 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/usr/share/tomcat/conf/ -Djava.util.logging.manager=org>
Dec 29 11:18:44 rhel8.local systemd[1]: Starting Tomcat…
Dec 29 11:18:44 rhel8.local systemd[1]: Started Tomcat.

Step 5: Configure Firewall

Allow Port used by tomcat on the firewall – TCP port 8080.

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

Step 6: Configure Tomcat Authentication

To this point, you have done a great work of installing and configuring Tomcat. The missing piece is configuration of users which are used to access Tomcat web management interface.

Edit the users configuration file:

sudo vi /usr/share/tomcat/conf/tomcat-users.xml

Add below line before </tomcat-users>

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="MyStrongPassword" fullName="Administrator" roles="admin-gui,manager-gui"/>

Replace MyStrongPassword with your desired admin password. See below

apache tomcat add user

Step 7: Configure Tomcat Proxy

We will use Apache httpd as a proxy to an Apache Tomcat application container. Install httpd package using command below.

sudo yum -y install httpd 

Create VirtualHost for accessing Tomcat Admin web interface – /etc/httpd/conf.d/tomcat_manager.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    DefaultType text/html
    ProxyRequests off
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
</VirtualHost> should be value of your tomcat server name.

For AJP connector, it will be configuration like this:

<VirtualHost *:80>

  ProxyRequests Off
  ProxyPass / ajp://localhost:8009/
  ProxyPassReverse / ajp://localhost:8009/

Configure SELinux for Apache to access Tomcat.

sudo setsebool -P httpd_can_network_connect 1
sudo setsebool -P httpd_can_network_relay 1
sudo setsebool -P httpd_graceful_shutdown 1
sudo setsebool -P nis_enabled 1

Restart httpd service

sudo systemctl restart httpd && sudo systemctl enable httpd

Step 8: Access Tomcat Web interface

Use your domain name configured on VirtualHost to access Tomcat management interface.

apache tomcat web ui

You need to authenticate to view server status and manage Tomcat Applications.

apache tomcat aunthenticate

Server status and Applications management sections looks as shown.

apache tomcat check server status

From Web Application Manager section, you can list, deploy WAR applications, Manage SSL and Diagnose applications.

apache tomcat list applications

The Tomcat Virtual Host Manager section allows you to can create, delete and manage Tomcat virtual hosts.

apache tomcat manage virtualhosts


You have successfully installed Tomcat 9 on your RHEL / CentOS 8 system. Visit the official Apache Tomcat 9 Documentation to learn more about the Apache Tomcat configurations and administration.


How to run Java Jar Application with Systemd on Linux

How to Install Metabase with Systemd on Ubuntu 18.04 / Ubuntu 16.04

Your support is our everlasting motivation,
that cup of coffee is what keeps us going!

As we continue to grow, we would wish to reach and impact more people who visit and take advantage of the guides we have on our blog. This is a big task for us and we are so far extremely grateful for the kind people who have shown amazing support for our work over the time we have been online.

Thank You for your support as we work to give you the best of guides and articles. Click below to buy us a coffee.


  1. This part fails:

    sudo systemctl start tomcat

    # journalctl -xe
    PID file found but either no matching process was found or the current user does not have perm

    The only way I could start is was by using:
    # /usr/share/tomcat/bin/ start

    which means the installation won’t survive a reboot

    • I found this article useful, thanks

      In Red Hat 8 I discovered that fapolicyd was blocking the start of Tomcat.

      you need to update the rules to give the Tomcat UID full access to the Tomcat Directory.

      Edit /etc/fapolicyd/fapolicyd.rules to include:

      allow perm=any uid={Tomcat UID} : dir=/usr/share/tomcat
      allow perm=any uid={Tomcat UID} : dir=/usr/share/apache-tomcat-{insert your version}/

      Restart fapolicyd to take affect.

      Unfortunately the fapolcyd does not appear to support wildcards, so when you upgrade tomcat you will need to update this rule, but it is better than running the application as root.


Please enter your comment!
Please enter your name here