Install Apache Tomcat 10 on CentOS 8/7 | Rocky Linux 8

Apache Tomcat is an open-source Java servlet and Java Server Page container. It has enabled developers to build and deploy dynamic java-based applications. Java servlets are small java programs defining how a server handles requests and responses. Developers write the servlets while Tomcat handles all the backend and routing work. Being opensource, Apache Tomcat is contributed by developers all over the world.

Features of Apache Tomcat 10

Apache Tomcat 10 is the latest version and applications running an version 9 and earlier need to be changed in order to run on version 10. Some of the changes made on version 10 include:

• Re-work the HTTP/2 overhead protection to reduce the likelihood of false positives.
• Update to Eclipse JDT compiler 4.20.
• Fix regressions in JSP compilation in the previous release

Installing Apache Tomcat 10 on CentOS 8|7 and Rocky Linux 8

Installation of Apache Tomcat requires a number of step as discussed below:

Step 1: System Update

As always run package update on your server to ensure that you have the latest packages during installation

sudo dnf update
sudo dnf upgrade

Step 2: Set Hostname and Hosts File

Set server hostname and configure hosts file with the below commands

$ sudo hostnamectl set-hostname tomcat.example.com
$ sudo vim /etc/hosts
192.168.50.3  tomcat.example.com

You can then reboot for the above changes to take effect

sudo reboot

Step 3: Install OpenJDK on CentOS / Rocky

We need to insall OpenJDK runtime environment as below. I am going to be installing version 11 but you can also choose to install version 8. For developers, they can opt for the development environment

# OpenJDK 11
sudo dnf install java-11-openjdk java-11-openjdk-devel

# OpenJDK 8
sudo dnf install java-1.8.0-openjdk java-1.8.0-openjdk-devel

Step 4: Create a non-root user and a Directory for Tomcat

We need to create a non-root user that will only be accessing Tomcat and no other use. We also need a directory to place tomcat files.

# Add Tomcat group
sudo groupadd tomcat

# Create Tomcat directory
sudo mkdir /opt/tomcat

# Create tomcat user, disable login and give rights
sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

Step 5: Download Tomcat 10 on CentOS 8|7 / Rocky Linux 8

Now, visit Apache Tomcat official site to download the latest Tomcat version. Once on the page, right click on the .tar.gz file and copy the link address.

Use wget to download Apache Tomcat binaries as below.

sudo dnf install wget
wget https://downloads.apache.org/tomcat/tomcat-10/v10.0.8/bin/apache-tomcat-10.0.8.tar.gz

Extract the archived file and copy the extracted files to the tomcat directory previously created

sudo tar -xvf apache-tomcat-10.0.8.tar.gz -C /opt/tomcat --strip-components=1

Step 6: Set Permissions on Tomcat directories

We need to allow the tomcat user to read files in the tomcat directory. Also enable the scripts in the directory to be executable.

sudo chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'

Step 7: Create Apache Tomcat Systemd file

We can create a systemd file for starting and stopping Apache Tomcat. It is also quite helpful for tomcat autostart on system reboot. We require to pass java installation location as a variable in the systemd file. To get the path, run the below command:

$ sudo alternatives --list | grep ^java
java   auto    /usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64/bin/java

Proceed to create apache tomcat service file

sudo vim /etc/systemd/system/tomcat.service

Paste the following content

[Unit]
Description=Apache Tomcat Web Application Container
Wants=network.target
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-11-openjdk-11.0.12.0.7-0.el8_4.x86_64

Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1G -Djava.net.preferIPv4Stack=true'
Environment='JAVA_OPTS=-Djava.awt.headless=true'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
SuccessExitStatus=143

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

Step 8: Start and Enable Tomcat Service

Now that we have a service file, we can easily start and enable Apache Tomcat to automatically start at system reboot

sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat

Confirm Tomcat status that it is running

sudo systemctl status status tomcat

The below output shows it is running

Step 9: Configure Tomcat Web Management

Apache Tomcat can be fully managed from the web interface. We need to create a user and password for we management access as below:

sudo vim /opt/tomcat/conf/tomcat-users.xml

Add the highlighted lines between the <tomcat-users> tag to look as shown:

<tomcat-users
...
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="must-be-changed" roles="tomcat"/>
  <user username="both" password="must-be-changed" roles="tomcat,role1"/>
  <user username="role1" password="must-be-changed" roles="role1"/>
-->
  <role rolename="admin-gui"/>
  <user username="admin" password="MyAdminPassword" roles="admin-gui"/>
  <role rolename="manager-gui"/>
  <user username="admin" password="MyManagerPassword" roles="manager-gui"/>
</tomcat-users>

We also need to allow Tomcat to be accessible remotely both for manager and host manager apps. By default, tomcat is only accessible locally.

For connection to manager:

sudo vim  /opt/tomcat/webapps/manager/META-INF/context.xml

Enter the remote IPs addresses to access tomcat from, separated by a pipe. In my case, 192.168.50.2 is the remote IP.

...
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
          allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.50.2" />
...
</Context>

For Host Manager;

sudo vim /opt/tomcat/webapps/host-manager/META-INF/context.xml

Add the remote IP

...
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.50.2" />
...
</Context>

Step 10: Allow Apache Tomcat through the firewall

If you are running an active firewall, you need to open Tomcat port on the firewall

sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

At this point, you have successfully installed Apache Tomcat and you can test from the browser with http://<your-server-ip>:8080. You should see the below page open

Step 11: Configure Nginx as Apache Tomcat Reverse Proxy

In our installation, we are goingto be using Nginx Web server to access our Apache Tomcat application.

Install Nginx on CentOS 8 | Rocky Linux

We begin by installing nginx

sudo dnf install -y nginx

Then start and enable Nginx

sudo systemctl start nginx
sudo systemctl enable nginx

Create Nginx Virtual Host for Apache Tomcat

Create virtual host configuration file as below:

sudo vim /etc/nginx/conf.d/tomcat.conf

Add the following content

server {
  listen          80;
  server_name     example.com;
  root            /opt/tomcat/webapps/;


  location / {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://127.0.0.1:8080/;
  }
}

Test nginx configuration

sudo nginx -t

Restart nginx

sudo systemctl restart nginx

Now head to your browser and Apache Tomcat using the server hostname. For my case, http://example.com

If you click on Server Status or Manager App, it should prompt you for username and password to be able to access.

Enter the Admin or Manager username and password you configured in tomcat-users.xml and you ready to use Apache Tomcat web interface. That’s it. You have successfully installed Apache Tomcat on CentOS 8|7 and on Rocky Linux.

Learning Video course & Book:

I trust the guide has been helpful. Check below more informative guides you may like: