Apache Tomcat is an open source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. It is one of the most widely used application and web servers in the world today. Tomcat is easy to use and has a robust ecosystem of add-ons.
This tutorial explains how to install and configure Tomcat 9 on Ubuntu 18.04. The same instructions apply to Ubuntu 16.04 and all Ubuntu-based distributions, including Linux Mint and Elementary OS.
In order to be able to install packages on your Ubuntu system, you must be logged in as a user with sudo rights.
Step 1: Install OpenJDK
Tomcat requires Java to be installed. We install OpenJDK, the standard Java development and runtime in Ubuntu 18.04.
Installing Java is pretty straightforward. Start by updating the package index:
sudo apt update
Install the OpenJDK package by running:
sudo apt install default-jdk
Step 2: create Tomcat users
For security reasons, Tomcat should not run under the root user. We are going to create a new system user and a new group with a home directory
/opt/tomcat that will run the tomcat service:
sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat
Step 3: install Tomcat
We’ll be downloading the latest binary version of Tomcat 9 from the Tomcat 9 download page
At the time of writing it is the latest version
9.0.27. Before you move on to the next step, you should check for a new version on the download page. If there is a new version, copy the link to the core
tar.gz File located in the Binary Distributions section.
First, load the Tomcat archive in the. down
/tmp Directory with the following
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz -P /tmp
Once the download is complete, unzip the Tomcat archive and move it to the
sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
To have more control over Tomcat versions and updates, create a symbolic link called
latest which points to the Tomcat installation directory:
sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest
If you want to update your Tomcat instance later, just unzip the newer version and change the symlink to point to the latest version.
As mentioned in the previous section, Tomcat runs under the
tomcat User. This user must have access to the Tomcat installation directory.
The following command changes ownership of the directory to the Tomcat user and group:
sudo chown -RH tomcat: /opt/tomcat/latest
The scripts inside
bin Directory must have an executable flag:
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 4: create a systemd device file
To run Tomcat as a service, you need to create a new unit file.
Open your text editor and create a file called
tomcat.service by doing
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/default-java" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
JAVA_HOMEif the path to your Java installation is different.
Save and close the file and notify systemd that we have created a new unit file:
sudo systemctl daemon-reload
Start the Tomcat service by running:
sudo systemctl start tomcat
Check the service status with the following command:
sudo systemctl status tomcat
* tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2018-09-05 15:45:28 PDT; 20s ago Process: 1582 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 1604 (java) Tasks: 47 (limit: 2319) CGroup: /system.slice/tomcat.service
If no errors occur, enable the Tomcat service automatically at boot:
sudo systemctl enable tomcat
Step 5: Customize the firewall
If your server is protected by a firewall and you want to access Tomcat from outside your local network, you need to open the port
So allow traffic on the port
8080 enter the following command:
sudo ufw allow 8080/tcp
8080only in your internal network.
Step 6: Configure the Tomcat Web Management Interface
Now that Tomcat is installed and running, the next step is to create a user with access to the web administration interface.
Tomcat users and roles are defined in the
tomcat-users.xml File. This file is a template with comments and examples that describe how to configure a user or role.
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
To add a new user with access to the Tomcat web interface (manager-gui and admin-gui), we need to add the user in
tomcat-users.xml File as shown below. Make sure to change the username and password to something more secure:
<tomcat-users> <!-- Comments --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
By default, the Tomcat administrative web interface is configured to restrict access to the Manager and Host Manager apps only from localhost.
If you want to access the Web Interface from a remote IP, you must remove these restrictions. This can have several security implications and is not recommended for production systems.
To enable access to the web interface from anywhere, open the following two files and comment or remove the lines marked in yellow.
For the Manager app, open the following file:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For the Host Manager app, open the following file:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" > <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" /> --> </Context>
Another option is to only allow access to the manager and host manager apps from a specific IP. Instead of commenting on the blocks, you can just add your IP address to the list.
For example if your public IP address
22.214.171.124 You would make the following change:
<Context antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1|126.96.36.199" /> </Context>
The list of permitted IP addresses is a list separated by a vertical bar
|. You can add individual IP addresses or use regular expressions.
Remember to restart the Tomcat service each time you edit the Tomcat configuration files for the changes to take effect:
sudo systemctl restart tomcat
Step 6: test the Tomcat installation
Open your browser and enter:
If the installation is successful, you should see a screen similar to the following:
The Tomcat web application manager dashboard is available at
https://<your_domain_or_IP_address>:8080/manager/html. From here you can deploy, deploy, start, stop, and reload your applications.
You can log in with the user you created
The Tomcat Virtual Host Manager Dashboard is available at
https://<your_domain_or_IP_address>:8080/host-manager/html. From here you can create, delete and manage Tomcat virtual hosts.
You have successfully installed Tomcat 9 on your Ubuntu 18.04 system. You can now visit the official Apache Tomcat 9 documentation
and learn more about the Apache Tomcat features.
If you run into any problem or have any feedback, please leave a comment below.