Introduction
Apache Tomcat is a web server and servlet container used to serve Java applications. It is an open source implementation of Jakarta Servlet, Jakarta Server Pages and other technologies of the Jakarta EE platform.
In this tutorial, you will deploy Apache Tomcat 10 on Ubuntu 20.04. You’ll install Tomcat 10, configure users and roles, and navigate the administration user interface.
Prerequisites
An Ubuntu 20.04 server
- with a non-root sudo user and a firewall, which you can configure by following the initial configuration of the Ubuntu 20.04
server.
Step 1 — Installing
Tomcat
In this section, you configure Tomcat 10 on your server. To get started, you’ll download your latest version and set up a separate user and the appropriate permissions for it. You will also install Java Development Kit (JDK).
For security reasons, Tomcat must run under a separate, unprivileged user. Run the following command to create a user named
tomcat:
- sudo useradd -m -d /opt
/tomcat -U -s /bin/false tomcat Providing /
bin/false as the user’s default shell ensures that logging in as a tomcat is not possible
.
You will now install the JDK. First, update the package manager cache by
running: sudo apt update
Next, install the JDK by running the following command
:
- sudo apt install default-jdk
Respond and when prompted to continue with
the installation.
When the installation
is complete, check the version of the available Java installation
: java -version
The output should look something like this:
Outputopenjdk version “11.0.14” 2022-01-18 OpenJDK Runtime Environment (build 11.0.14+9-Ubuntu-0ubuntu2.20.04) OpenJDK 64-Bit Server VM (build 11.0.14+9-Ubuntu-0ubuntu2.20.04, mixed mode, sharing) To install Tomcat,
you’ll need the latest Core Linux build for Tomcat 10, which you can get from the downloads page. Select the latest build of Core Linux, which ends in .tar.gz. At the time of writing, the latest version was 10.0.20.
First, navigate to
the /tmp directory:
- cd /tmp
Download the file using wget by running the
following command
: wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.20/bin/apache-tomcat-10.0.20.tar.gz
The wget command downloads resources from the Internet.
Then, extract the file you downloaded by running:
- sudo tar xzvf apache-tomcat-10 * tar.gz -C /opt/tomcat -strip-components=1
Since you have already created a user, you can now grant tomcat ownership over the extracted installation by running
: sudo chown -R tomcat:tomcat /opt/tomcat/
- sudo chmod -are you+x /opt/tomcat/bin
Both commands update the configuration of the tomcat installation. To learn more about these commands and what they do, visit Linux Permissions Basics and How to Use Umask on a VPS.
In this step, you installed JDK and Tomcat. He also created a separate user for him and configured permissions on Tomcat binaries. You will now configure the credentials to access the Tomcat instance.
Step 2 — Configuring
admin users
To access the Manager and Host Manager pages, you will define privileged users in the Tomcat settings. You will need to remove IP address restrictions, which do not allow all external IP addresses to access those pages.
Tomcat users are defined in /opt/tomcat/conf/tomcat-users.xml. Open the file for editing with
the following command: sudo nano /opt/tomcat/
- conf/tomcat-users.xml
Add the following lines before the final tag:
<role rolename=”manager-gui” /> <user username=”manager” password=”manager_password” roles=”manager-gui” /> <role rolename=”admin-gui” /> <user username=”admin” password=”admin_password” roles=”manager-gui,admin-gui” />
Replace highlighted passwords with your own. When you’re done, save and close the file.
Two user roles, manager-gui and admin-gui, are defined here, allowing access to the Manager and Host Manager pages, respectively. Two users, administrator and administrator, with relevant roles are also defined.
By default, Tomcat is configured to restrict access to administration pages, unless the connection comes from the server itself. To access those pages with the users you just defined, you’ll need to edit the configuration files for those pages.
To remove the restriction from the Manager page, open your configuration file for editing
:
- sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
Comment out Valve’s definition, as shown:
… <Context antiResourceLocking=”false” privileged=”true” > <CookieProcessor className=”org.apache.tomcat.util.http.Rfc6265CookieProcessor” sameSiteCookies=”strict” /> <!- <Valve className=”org.apache.catalina.valves.RemoteAddrValve” allow=”127\.\d+\.\d+\.d+|::1|0:0:0:0:0:0:0:1″ /> -> <Manager sessionAttributeValueClassNameFilter=”java\.lang\. (?:Boolean| Whole| Long| Number| String)|org\.apache\.catalina\.filters\. Csr> </Context> Save and close the file, then
repeat for Host Manager:
- sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
You have now defined two users, administrator and administrator, which you will then use to access restricted parts of the management interface. You will now create a systemd service for Tomcat.
Step 3 — Creating a
systemd service
The systemd service you will now create will keep Tomcat running silently in the background. The systemd service will also restart Tomcat automatically in the event of an error or failure.
Tomcat, being a Java application in itself, requires the Java runtime to be present, which you installed with the JDK in step 1. Before you create the service, you need to know where Java is located. You can search for it by running the following command
:
- sudo update-java-alternatives -l
The output will look something like this:
Outputjava-1.11.0-openjdk-amd64 1111 /usr/lib/jvm/java-1.11.0-openjdk-amd64
Note the path where Java resides, listed in the last column. You will need the path momentarily to define the service.
You will store the tomcat service in a file named tomcat.service, in /etc/systemd/system. Create the file for editing by running
:
- sudo nano /etc/systemd/system
/tomcat.service
Add the following lines:
[Drive] Description=Tomcat After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment=”JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64″ Environment=”JAVA_OPTS=-Djava.security.egd=file:///dev/urandom” Environment=”CATALINA_BASE=/opt/tomcat” Environment=”CATALINA_HOME=/opt/tomcat” Environment=”CATALINA_PID=/opt/tomcat/temp/tomcat.pid” Environment=”CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC” ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh RestartSec=10 Restart=always [Install] WantedBy=multiuser.target
Modify the highlighted value of JAVA_HOME if it differs from the one you noted earlier.
Here, define a service that will run Tomcat by running the startup and shutdown scripts it provides. You can also set some environment variables to define your home directory (which is /opt/tomcat as before) and limit the amount of memory that the Java virtual machine can allocate (in CATALINA_OPTS). In case of error, the Tomcat service will restart automatically.
When you’re done, save and close the file.
Reload the systemd
daemon
so that you know the new service: sudo systemctl daemon-reload You can then start the Tomcat service by typing: sudo systemctl start tomcat
Then, look at its status to confirm that it started successfully
: sudo systemctl status tomcat
The result will look like this
: Output● tomcat.service – Tomcat Loaded: loaded (/etc/systemd/system/
tomcat.service
; disabled; preset by the provider: enabled) Active: active (running) since Fri 2022-03-11 14:37:10 UTC; 2s Aug Process: 4845 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 4860 (java) Tasks: 15 (limit: 1132) Memory: 90.1M CGroup: /system.slice/tomcat.service └─4860 /usr/lib/jvm/java-1.11.0-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties …
Press q to exit the command.
To enable Tomcat to
start with the system, run the following command:
- sudo systemctl enable tomcat
In this step, you identified where Java resides and enabled systemd to run Tomcat in the background. You will now access Tomcat through your web browser.
Step 4 — Accessing the Web Interface
Now that the Tomcat
service is running, you can configure the firewall to allow connections to Tomcat. Then, you will be able to access its web interface.
Tomcat uses port 8080 to accept HTTP requests. Run the following command
to allow traffic to that port:
- sudo ufw allow
8080
In your browser, you can now access Tomcat by navigating to your server’s IP address
: http://your_server_ip:8080 You
will see Tomcat’s
default welcome page: <img src="https://assets.digitalocean.com/articles/tomcat-2004/tomcat-2.png" alt="Tomcat
– Default Welcome Page” />
You have now verified that the Tomcat service is working.
Press the Manager App button on the right. You will be prompted to enter the account credentials that you defined in a previous step.
You should see a page similar to this:
Web Application Manager
is used to manage Java applications. You can start, stop, reload, deploy, and override them from here. You can also run some diagnostics on your applications (for example, to find memory leaks). Information about your server is available at the bottom of this page.
Now, take a look at the Host Manager, accessible by pressing its button on the main page:
Here, you can add virtual hosts to serve your applications. Note that this page is not accessible to users who are not assigned the admin-gui role, such as manager.
Conclusion
You installed Tomcat 10 on your Ubuntu 20.04 server and configured it to be remotely accessible with admin accounts. You can now use it to deploy your Java applications, based on Jakarta EE technologies. You can learn more about Java applications by visiting the official documents.
Currently, your
Tomcat installation is functional, but your traffic is not encrypted. This means that all data, including sensitive items such as passwords, is sent in plain text that can be intercepted and read by other parties on the Internet. To prevent this from happening, you can add a domain name to your server and install a TLS certificate on it with this tutorial on how to secure Tomcat 10 with Apache or Nginx. For more information about encryption, see Introduction to Let’s Encrypt. To add a domain to a DigitalOcean Droplet, follow this guide on How to Add Domains.
