Apache Tomcat is a web server and servlet container used to provide services for Java applications. Tomcat is an open source implementation of Java Servlet and JavaServer Pages technology released by Apache Software Foundation. This tutorial introduces the basic installation and some configuration of the latest version of Tomcat 8 on Ubuntu 16.04 server.
Before starting this tutorial, you should have a non-root user with sudo permissions set on your server.
Students who don’t have a server can buy it from here, but I personally recommend you to use the free Tencent Cloud Developer Lab for experimentation, and then buy server.
Tomcat requires Java to be installed on the server so that any Java web application code can be executed. We can install OpenJDK through apt-get to meet this requirement.
First, update the apt-get package index:
sudo apt-get update
Then use apt-get to install the Java Development Kit package:
sudo apt-get install default-jdk
Now that Java is installed, we can create a tomcat
user to run the Tomcat service.
For security reasons, Tomcat should be run as an unprivileged user (that is, not a root user). We will create a new user and group that will run the Tomcat service.
First, create a new tomcat
group:
sudo groupadd tomcat
Next, create a new tomcat
user. We will make this user a member of the tomcat
group, its home directory is /opt/tomcat
(we will install Tomcat here), and the shell is /bin/false
(so no one can log in to the account) :
sudo useradd -s /bin/false-g tomcat -d /opt/tomcat tomcat
Now that our tomcat
user has been set up, let's download and install Tomcat.
The best way to install Tomcat 8 is to download the latest binary version and then configure it manually.
Find the latest version of Tomcat 8 on Tomcat 8 download page. Under the Binary Distributions section, and under the Core list, copy the link to "tar.gz".
Next, switch to the directory /tmp
on the server. This is a good directory for downloading short-lived projects, such as the Tomcat tarball. After extracting the Tomcat content, we don't need this:
cd /tmp
Use curl
to download, the link you copied from the Tomcat website:
curl -O http://apache.mirrors.ionfish.org/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz
We install Tomcat into the /opt/tomcat
directory. Create a directory, then use the following command to extract the archive to it:
sudo mkdir /opt/tomcat
sudo tar xzvf apache-tomcat-8*tar.gz -C /opt/tomcat --strip-components=1
Next, we can set the appropriate user permissions for our installation.
The user tomcat
we set up needs to be able to access the Tomcat installation. We will get it done now.
Switch to the directory where we unzipped the Tomcat installation:
cd /opt/tomcat
Grant the tomcat
group permissions in the entire installation directory:
sudo chgrp -R tomcat /opt/tomcat
Next, provide the tomcat
group with read access to the conf
directory and all its contents, and execute access to the directory itself:
sudo chmod -R g+r conf
sudo chmod g+x conf
Set the tomcat
user as the owner of the webapps
, work
, temp
, and logs
directories:
sudo chown -R tomcat webapps/ work/ temp/ logs/
Now that the appropriate permissions have been set, we can create a systemd service file to manage the Tomcat process.
We want to be able to run Tomcat as a service, so we will set up a systemd service file.
Tomcat needs to know where Java is installed. This path is usually called "JAVA_HOME". The easiest way to find the location is to run this command:
sudo update-java-alternatives -l
java-1.8.0-openjdk-amd64 1081/usr/lib/jvm/java-1.8.0-openjdk-amd64
The correct variable JAVA_HOME
can be constructed by taking the output of the last column and appending /jre
to the end. Given the above example, the correct JAVA_HOME
for this server would be:
JAVA_HOME
/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
Your JAVA_HOME
may be different.
With this information, we can create a systemd service file. Open a file named tomcat.service
in the /etc/systemd/system
directory by typing the following:
sudo nano /etc/systemd/system/tomcat.service
Paste the following content into your service file. If necessary, modify the value JAVA_HOME
to match the value you find on the system. You may also want to modify the memory allocation settings specified in CATALINA_OPTS
:
[ Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[ Service]
Type=forking
Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[ Install]
WantedBy=multi-user.target
When finished, save and close the file.
Next, reload the systemd daemon so that it knows about our service files:
sudo systemctl daemon-reload
Type the following command to start the Tomcat service:
sudo systemctl start tomcat
Type the following to double check whether it starts normally:
sudo systemctl status tomcat
Now that the Tomcat service is started, we can test to make sure the default page is available.
Before we do this, we need to adjust the firewall to allow our requests to reach the service. If you prepared according to prepare, the firewall ufw
will now be enabled.
Tomcat uses port 8080
to accept traditional requests. Enter the following to allow traffic to this port:
sudo ufw allow 8080
After modifying the firewall, you can access the default startup page in the web browser by accessing the domain or the IP address followed by :8080
:
Open in web browser
http://server_domain_or_IP:8080
In addition to other information, you will also see the default Tomcat startup page. However, if you click the link of the Manager App, you will be denied access. We can configure the access next.
If you can successfully access Tomcat, now is a good time to enable the service file so that Tomcat will start automatically when it starts:
sudo systemctl enable tomcat
In order to use the manager web application that comes with Tomcat, we must add a login to the Tomcat server. We will do this by editing the tomcat-users.xml
file:
sudo nano /opt/tomcat/conf/tomcat-users.xml
You will need to add users who can access manager-gui
and admin-gui
(the web application that comes with Tomcat). You can achieve this by defining users (similar to the example below) between the tomcat-users
tags. Be sure to change the username and password to something safe:
< tomcat-users ...><user username="admin" password="password" roles="manager-gui,admin-gui"/></tomcat-users>
Save and close the file when you are done.
By default, newer versions of Tomcat restrict access to the Manager and Host Manager applications to connections from the server itself. Since we are installing on a remote computer, you may wish to remove or change this restriction. To change the IP address restrictions on these, open the corresponding context.xml
file.
For the Manager application, type:
sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
For the Host Manager application, type:
sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
Internally, comment out the IP address restrictions to allow connections from anywhere. Or, if you only allow access to connections from your own IP address, you can add your public IP address to the list:
< Context antiResourceLocking="false" privileged="true"><!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>--></Context>
Save and close the file when you are done.
To make our changes take effect, please restart the Tomcat service:
sudo systemctl restart tomcat
Now that we have created a user, we can access the web management interface again in a web browser. Once again, you can access the correct interface by entering the server domain name or IP address behind port 8080 in your browser:
Open in web browserhttp://server_domain_or_IP:8080
The page you see should be the same as the one you gave in the previous test:
Let's take a look at the Manager App, which can be accessed via a link or http://server_domain_or_IP:8080/manager/html
. You need to enter the account credentials added to the tomcat-users.xml
file. After that, you should see a page like the following:
The Web Application Manager is used to manage Java applications. You can start, stop, reload, deploy and undeploy here. You can also run some diagnostics on the application (that is, look for memory leaks). Finally, the bottom of this page provides information about your server.
Now let us look at the host manager, which can be accessed via the link or http://server_domain_or_IP:8080/host-manager/html/
:
In the Virtual Host Manager page, you can add virtual hosts to provide services for your applications.
Your Tomcat installation is complete! You can now freely deploy your own Java web applications!
Currently, your Tomcat installation functions normally, but it is not encrypted at all. This means that all data (including sensitive items such as passwords) is sent in plain text, which can be intercepted and read by other parties on the Internet. To prevent this from happening, it is strongly recommended that you use SSL to encrypt the connection.
To learn more about the installation of Apache Tomcat 8, please go to [Tencent Cloud + Community] (https://cloud.tencent.com/developer?from=10680) to learn more.
Reference: "How To Install Apache Tomcat 8 on Ubuntu 16.04"
Recommended Posts