How to Install and Configure Apache Tomcat 9 in CentOS 8/7?

Apache Tomcat is a popular open-source web server and servlet container that is widely used to deploy Java-based web applications. In this article, we will show you how to install and configure Apache Tomcat 9 on CentOS 8/7.

Step 1: Install Java

The first step to installing Apache Tomcat is to install Java. Tomcat requires a Java Development Kit (JDK) version 8 or later to be installed. You can check the installed Java version on your system by running the following command

java -version

If Java is not installed on your system, you can install it by running the following command

sudo dnf install java-1.8.0-openjdk-devel

This will install OpenJDK 8 development kit, which is the recommended Java version for Tomcat 9.

Step 2: Create Tomcat User

It is a security best practice to run Tomcat with a dedicated user account rather than root. Create a new user and group for Tomcat

sudo useradd -r -s /bin/false tomcat

Step 3: Download and Install Apache Tomcat

After installing Java, you can download the latest version of Apache Tomcat 9 from the official Apache website. You can use the following command to download the Tomcat 9 archive

wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.59/bin/apache-tomcat-9.0.59.tar.gz

Once the download is complete, extract the Tomcat archive using the following command

tar -xzf apache-tomcat-9.0.59.tar.gz

Move the extracted directory to /opt/tomcat and set proper ownership

sudo mv apache-tomcat-9.0.59 /opt/tomcat
sudo chown -R tomcat:tomcat /opt/tomcat
sudo chmod +x /opt/tomcat/bin/*.sh

Step 4: Configure Tomcat

By default, Tomcat listens on port 8080. If you want to change this, you can edit the conf/server.xml file and modify the Connector element as follows

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

You may also want to configure Tomcat to use a different port for the shutdown command. By default, Tomcat listens on port 8005 for the shutdown command. You can change this by editing the conf/server.xml file and modifying the Server element as follows

<Server port="8005" shutdown="SHUTDOWN">

Step 5: Configure Tomcat as a System Service

To ensure Tomcat starts automatically when the system boots up, configure it as a system service. Create a new file named tomcat.service in the /etc/systemd/system/ directory with the following content

[Unit]
Description=Apache Tomcat 9
After=syslog.target network.target

[Service]
User=tomcat
Group=tomcat
Type=forking
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Save the file and reload the systemd daemon to recognize the new service file

sudo systemctl daemon-reload

Enable the Tomcat service to start automatically at boot time

sudo systemctl enable tomcat.service

Start the Tomcat service

sudo systemctl start tomcat.service

You can check the status of the Tomcat service using the following command

sudo systemctl status tomcat.service

Step 6: Configure Firewall

To ensure security of your server, configure the firewall to allow traffic on the appropriate ports. To allow traffic on port 8080, run the following commands

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
sudo firewall-cmd --reload

Now you can access the Tomcat web interface by opening a web browser and navigating to http://localhost:8080.

Step 7: Configure Tomcat Security

By default, Tomcat does not require authentication to access its web interface. This can be a security risk, especially if Tomcat is running on a public network. To secure Tomcat, add a username and password to the conf/tomcat-users.xml file. Open the file and add the following lines between the <tomcat-users> and </tomcat-users> tags

<user username="admin" password="securepassword123" roles="manager-gui,admin-gui"/>

In this example, the username is admin and the password is securepassword123. You should replace these values with your own secure credentials. The roles attribute specifies the roles that the user is assigned to. In this case, the user has both manager-gui and admin-gui roles, which allow them to manage Tomcat through the web interface.

After saving changes to the tomcat-users.xml file, restart Tomcat for the changes to take effect

sudo systemctl restart tomcat.service

Additional Configuration Options

Virtual Hosts

Virtual hosts allow you to run multiple websites on the same Tomcat instance. To configure virtual hosts, edit the conf/server.xml file and add the following lines inside the <Engine> element

<Host name="example.com" appBase="webapps/example">
   <Context path="" docBase="."/>
</Host>

JVM Memory Settings

To optimize Tomcat performance, you can configure JVM memory settings by creating a setenv.sh file in the /opt/tomcat/bin/ directory

export CATALINA_OPTS="-Xms512m -Xmx2048m -XX:PermSize=256m -XX:MaxPermSize=512m"

SSL/HTTPS Configuration

To enable HTTPS, generate an SSL certificate and configure the HTTPS connector in server.xml

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/opt/tomcat/conf/keystore.jks"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

Conclusion

In this article, we have shown you how to install and configure Apache Tomcat 9 on CentOS 8/7. We covered the essential steps including Java installation, creating a dedicated tomcat user, downloading and installing Tomcat, configuring it as a system service, and securing the installation. With these steps, you can set up a robust and secure Tomcat server to deploy your Java web applications.