Introduction

Tomcat is an open source Java implementation package developed by the Apache Software Foundation. In this tutorial learn how to install Tomcat 9 on CentOS 7.

how to install tomcat centOS

Prerequisites

  • A user account with sudo privileges
  • Access to a terminal window / command line (Ctrl-Alt-F2)

Check if Java is Installed

Tomcat relies on an existing Java installation. Check to see if your system has Java installed. Enter the following into a terminal window:

java –version

You should be running at least Java SE 8. If the system reports an older version or no Java installed, install Java by entering:

sudo yum install java-1.8.0-openjdk-devel

Note: This guide uses OpenJDK SE (Standard Edition) 8. OpenJDK is fully open source. If your software uses Oracle Java, you can use it instead.


Create Tomcat User and Group

Tomcat should not be run as root. Create a new user and group by entering:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Download Tomcat 9

Tomcat 9.0.20 is the latest version at the time this was written. A later release may be available on the official download page. Alternately, enter the following:

cd /tmp
wget http://apache.cs.utah.edu/tomcat/tomcat-9/v9.0.20/bin/apache-tomcat-9.0.20.tar.gz

Extract the .tar.gz file

To extract the Tomcat tar.gz file, enter the following:

tar –xf apache-tomcat-9.0.20.tar.gz

Move the files to the /opt/tomcat directory:

sudo mv apache-tomcat-9.0.20 /opt/tomcat/

(Optional) Create a symbolic link for updates:

sudo ln –s /opt/tomcat/apache-tomcat-9.0.20 /opt/tomcat/latest

Modify Tomcat User Permissions

The new users needs to execute privileges over the directory.

Enter the following:

sudo chown –R tomcat:tomcat /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Create a System Unit File

Creating a systems unit file allows Tomcat to run as a service.

1. To create a tomcat.service file, use the command:

sudo nano /etc/systemd/system/tomcat.service

2. In the file, enter the following:

[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target

3. Save and close the file.

4. Refresh system:

sudo systemctl daemon-reload

5. Set the Tomcat service to start on boot:

sudo systemctl enable tomcat

6. Start the tomcat service:

sudo systemctl start tomcat

7. Verify that the tomcat service is installed and running:

sudo systemctl status tomcat

Adjust the Firewall

The tomcat service needs access to Port 8080.

Allow traffic by entering the commands:

firewall-cmd --zone=public --permanent --add-port=8080/tcp
firewall-cmd –reload

You should be able to see the Tomcat server in a web browser.

Input this web address into a browser window:

http://server_ip:8080

Setup Web Management Interface

1. To create a user to access the Web Management Interface, edit the user file by entering:

sudo nano /opt/tomcat/conf/tomcat-users.xml

2. Adjust the file to appear as follows:

<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="good_password " roles="admin-gui,manager-gui"/>
</tomcat-users>

Replace good_password with a secure password of your choosing. Save the file and exit. You should now be able to access the Web Management Interface in a web browser. Visit http://server_ip:8080/manager/html to use the interface.

Configure Remote Access (Optional)

By default, Tomcat is only accessible from the local machine it’s installed on. This step enabled you to grant access to a specific IP address.

1. Edit the following file:

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

2. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

3. Save the file and exit.

4. Repeat the process for the second file:

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

5. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

6. Save, and exit.

This will grant access to any system in the 192.168.0.* range of IP addresses.

You can change the IP address to a specific range for your intranet. Alternately, you can use the IP address of a single system.

The asterisk acts as a wildcard to allow multiple IP addresses. Granting full access can leave security vulnerabilities. Instead, enable only systems with a business need to access Tomcat.

Conclusion

You should have a working installation of Tomcat 9 on your CentOS Apache server.