Table of contents
- Prerequisites
- Step 1: Update Your System
- Step 2: Install Java Development Kit (JDK)
- Step 3: Download Apache Tomcat
- Step 4: Extract Apache Tomcat
- Step 5: Move Tomcat to Its Final Location
- Step 6: Create a Tomcat User
- Step 7: Set Permissions and Environment Variables
- Step 8: Create a Systemd Service File
- Step 9: Start Tomcat
- Step 10: Configure Tomcat Users
- Step 11: Comment Out Valve Tags
- Step 12: Reload systemd and Check Status
If you're looking to set up Apache Tomcat on your Ubuntu system, you've come to the right place. Apache Tomcat is a popular open-source application server used for deploying Java web applications. In this article, we will walk you through the installation process step by step, ensuring a smooth and hassle-free experience.
Prerequisites
Before we dive into the installation, make sure you have the following prerequisites in place:
An Ubuntu-based system.
Administrative (sudo) access to the server.
An internet connection.
Now, let's get started with the installation.
Step 1: Update Your System
The first step is to ensure that your system's package repository is up to date. Open your terminal and run the following command:
sudo apt-get update
This command will refresh the package list, ensuring that you have access to the latest software packages.
Step 2: Install Java Development Kit (JDK)
Tomcat requires Java to run. You can install the default Java Development Kit (JDK) using the following command:
sudo apt install default-jdk
This command installs the necessary Java runtime environment on your system.
Step 3: Download Apache Tomcat
Navigate to the /opt/
directory where we will install Apache Tomcat:
cd /opt/
Next, download the Apache Tomcat archive using wget
. We use wget
because it is a command-line tool that allows us to retrieve files from the internet. In this case, we are fetching the Apache Tomcat distribution file:
wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.80/bin/apache-tomcat-9.0.80.tar.gz
Step 4: Extract Apache Tomcat
Once the download is complete, extract the archive using the tar
command with the -xzvf
option:
tar -xzvf apache-tomcat-9.0.80.tar.gz
Here's why we use the -xzvf
option with tar
:
-x
(extract): This option tellstar
to extract the files from the archive.-z
(gzip): Apache Tomcat is typically distributed in a compressed format to reduce file size. The-z
option tellstar
to use gzip decompression to extract the archive.-v
(verbose): This option is helpful for showing the progress and details of the extraction process. It allows you to see which files are being extracted and their paths. This can be especially useful for troubleshooting or verifying that the extraction is proceeding as expected.-f
(file): This option specifies the archive file thattar
should work with. In this case, it'sapache-tomcat-9.0.80.tar.gz
. By including the-f
option followed by the filename, you indicate which archive should be extracted.
Step 5: Move Tomcat to Its Final Location
Move the extracted Apache Tomcat directory to /opt/tomcat/
for better organization:
mv apache-tomcat-9.0.80 /opt/tomcat/
Step 6: Create a Tomcat User
For security purposes, create a dedicated user for running Tomcat:
adduser tomcat
Step 7: Set Permissions and Environment Variables
Set the ownership of the Tomcat directory to the newly created user and group:
chown -R tomcat:tomcat /opt/tomcat/
Make the Tomcat startup scripts executable:
chmod -R u+x /opt/tomcat/bin/
Step 8: Create a Systemd Service File
To manage Tomcat as a service, create a systemd service file:
vi /etc/systemd/system/tomcat.service
Copy and paste the following configuration into the file:
[Unit]
Description=Tomcat
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target
Save and exit the text editor.
Step 9: Start Tomcat
Start the Tomcat service:
systemctl start tomcat
Check the status to ensure it's running without errors:
systemctl status tomcat
The output of running the `systemctl status tomcat` command when the Tomcat service is running should be similar to the following:
● tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-09-21 10:30:15 UTC; 1 day ago
Process: 1234 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5678 (java)
CGroup: /system.slice/tomcat.service
└─5678 /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.security.egd=file:/dev/urandom -Djava.awt.headless=true -Xmx1024M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -Djava....
Sep 21 10:30:15 ubuntu systemd[1]: Starting Tomcat...
Sep 21 10:30:15 ubuntu startup.sh[1234]: Tomcat started.
Sep 21 10:30:15 ubuntu systemd[1]: Started Tomcat.
Step 10: Configure Tomcat Users
To manage user access to the Tomcat Manager and Host Manager applications, you need to configure user roles and permissions in the tomcat-users.xml
file. This file is located in the conf
directory within your Tomcat installation directory.
- Open the
tomcat-users.xml
file for editing:
vi /opt/tomcat/conf/tomcat-users.xml
- Add the following sample configuration to create a user with manager and admin roles. Replace
your_username
andyour_password
with your desired credentials:
<tomcat-users>
<!-- Define a user with manager and admin roles -->
<user username="your_username" password="your_password" roles="manager-gui,admin-gui"/>
</tomcat-users>
This configuration grants the user the roles required to access the Tomcat Manager and Host Manager applications.
Save and exit the text editor.
Optionally, you can configure additional users and roles as needed by adding more
<user>
elements within the<tomcat-users>
section.
Now, your Tomcat Manager and Host Manager applications are configured with the specified user credentials and roles. You can use these credentials to access and manage your web applications through the Tomcat Manager web interface.
Remember to keep your credentials secure and choose strong passwords to ensure the security of your Tomcat server.
Step 11: Comment Out Valve Tags
To enhance the security of the Tomcat Manager and Host Manager applications, it's a good practice to comment out the Valve tags in their respective context.xml
files. This helps prevent unauthorized access.
Tomcat Manager:
- Open the
context.xml
file for the Tomcat Manager application:
vi /opt/tomcat/webapps/manager/META-INF/context.xml
- Locate the Valve tag and comment it out by adding
<!--
before the opening tag and-->
after the closing tag. Here's a sample:
<!-- Comment out the Valve tag for enhanced security -->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|0\.0\.0\.0|0:0:0:0:0:0:0:0"
deny=""/>
-->
- Save and exit the text editor.
Host Manager:
- Open the
context.xml
file for the Host Manager application:
vi /opt/tomcat/webapps/host-manager/META-INF/context.xml
- Locate the Valve tag and comment it out using after the closing tag. Here's a sample:
<!-- Comment out the Valve tag for enhanced security -->
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|0\.0\.0\.0|0:0:0:0:0:0:0:0"
deny=""/>
-->
- Save and exit the text editor.
By commenting out the Valve tags as shown in the samples, you restrict access to the Tomcat Manager and Host Manager applications to specific IP addresses. This added layer of security helps prevent unauthorized access and enhances the overall security of your Tomcat server.
Step 12: Reload systemd and Check Status
After making these changes, reload systemd for the changes to take effect:
systemctl daemon-reload
Check the status of the Tomcat service again:
systemctl status tomcat.service
The output of running the systemctl status tomcat.service
command when the Tomcat service is running should be similar to the following:
● tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2023-09-21 10:30:15 UTC; 1 day ago
Process: 1234 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5678 (java)
CGroup: /system.slice/tomcat.service
└─5678 /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.security.egd=file:/dev/urandom -Djava.awt.headless=true -Xmx1024M -XX:MaxPermSize=256M -XX:+UseConcMarkSweepGC -Djava....
Sep 21 10:30:15 ubuntu systemd[1]: Starting Tomcat...
Sep 21 10:30:15 ubuntu startup.sh[1234]: Tomcat started.
Sep 21 10:30:15 ubuntu systemd[1]: Started Tomcat.
You have successfully installed and configured Apache Tomcat on your Ubuntu system. You can now deploy your Java web applications and enjoy the benefits of this powerful application server.
In this guide, we've covered every step in detail to ensure a smooth installation process for Tomcat. Whether you're a beginner or an experienced user, you should now have a fully functional Tomcat server ready to host your Java web applications. Happy coding!