How to install Apache Tomcat 8 on Ubuntu 16.04

Introduction

Apache Tomcat is a web server and servlet container used to provide services for Java applications. Tomcat is an open source implementation of Java Servlet and JavaServer Pages technology released by Apache Software Foundation. This tutorial introduces the basic installation and some configuration of the latest version of Tomcat 8 on Ubuntu 16.04 server.

Preparation

Before starting this tutorial, you should have a non-root user with sudo permissions set on your server.

Students who don’t have a server can buy it from here, but I personally recommend you to use the free Tencent Cloud Developer Lab for experimentation, and then buy server.

Step 1: Install Java

Tomcat requires Java to be installed on the server so that any Java web application code can be executed. We can install OpenJDK through apt-get to meet this requirement.

First, update the apt-get package index:

sudo apt-get update

Then use apt-get to install the Java Development Kit package:

sudo apt-get install default-jdk

Now that Java is installed, we can create a tomcat user to run the Tomcat service.

Step 2: Create Tomcat user

For security reasons, Tomcat should be run as an unprivileged user (that is, not a root user). We will create a new user and group that will run the Tomcat service.

First, create a new tomcat group:

sudo groupadd tomcat

Next, create a new tomcat user. We will make this user a member of the tomcat group, its home directory is /opt/tomcat (we will install Tomcat here), and the shell is /bin/false (so no one can log in to the account) :

sudo useradd -s /bin/false-g tomcat -d /opt/tomcat tomcat

Now that our tomcat user has been set up, let's download and install Tomcat.

Step 3: Install Tomcat

The best way to install Tomcat 8 is to download the latest binary version and then configure it manually.

Find the latest version of Tomcat 8 on Tomcat 8 download page. Under the Binary Distributions section, and under the Core list, copy the link to "tar.gz".

Next, switch to the directory /tmp on the server. This is a good directory for downloading short-lived projects, such as the Tomcat tarball. After extracting the Tomcat content, we don't need this:

cd /tmp

Use curl to download, the link you copied from the Tomcat website:

curl -O http://apache.mirrors.ionfish.org/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz

We install Tomcat into the /opt/tomcat directory. Create a directory, then use the following command to extract the archive to it:

sudo mkdir /opt/tomcat
sudo tar xzvf apache-tomcat-8*tar.gz -C /opt/tomcat --strip-components=1

Next, we can set the appropriate user permissions for our installation.

Step 4: Update permissions

The user tomcat we set up needs to be able to access the Tomcat installation. We will get it done now.

Switch to the directory where we unzipped the Tomcat installation:

cd /opt/tomcat

Grant the tomcat group permissions in the entire installation directory:

sudo chgrp -R tomcat /opt/tomcat

Next, provide the tomcat group with read access to the conf directory and all its contents, and execute access to the directory itself:

sudo chmod -R g+r conf
sudo chmod g+x conf

Set the tomcat user as the owner of the webapps, work, temp, and logs directories:

sudo chown -R tomcat webapps/ work/ temp/ logs/

Now that the appropriate permissions have been set, we can create a systemd service file to manage the Tomcat process.

Step 5: Create systemd service file

We want to be able to run Tomcat as a service, so we will set up a systemd service file.

Tomcat needs to know where Java is installed. This path is usually called "JAVA_HOME". The easiest way to find the location is to run this command:

sudo update-java-alternatives -l

java-1.8.0-openjdk-amd64       1081/usr/lib/jvm/java-1.8.0-openjdk-amd64

The correct variable JAVA_HOME can be constructed by taking the output of the last column and appending /jre to the end. Given the above example, the correct JAVA_HOME for this server would be:

JAVA_HOME
/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre

Your JAVA_HOME may be different.

With this information, we can create a systemd service file. Open a file named tomcat.service in the /etc/systemd/system directory by typing the following:

sudo nano /etc/systemd/system/tomcat.service

Paste the following content into your service file. If necessary, modify the value JAVA_HOME to match the value you find on the system. You may also want to modify the memory allocation settings specified in CATALINA_OPTS:

[ Unit]
Description=Apache Tomcat Web Application Container
After=network.target
​
[ Service]
Type=forking
​
Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
​
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
​
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
​
[ Install]
WantedBy=multi-user.target

When finished, save and close the file.

Next, reload the systemd daemon so that it knows about our service files:

sudo systemctl daemon-reload

Type the following command to start the Tomcat service:

sudo systemctl start tomcat

Type the following to double check whether it starts normally:

sudo systemctl status tomcat

Step 6: Adjust the firewall and test the Tomcat server

Now that the Tomcat service is started, we can test to make sure the default page is available.

Before we do this, we need to adjust the firewall to allow our requests to reach the service. If you prepared according to prepare, the firewall ufw will now be enabled.

Tomcat uses port 8080 to accept traditional requests. Enter the following to allow traffic to this port:

sudo ufw allow 8080

After modifying the firewall, you can access the default startup page in the web browser by accessing the domain or the IP address followed by :8080:

Open in web browser
http://server_domain_or_IP:8080

In addition to other information, you will also see the default Tomcat startup page. However, if you click the link of the Manager App, you will be denied access. We can configure the access next.

If you can successfully access Tomcat, now is a good time to enable the service file so that Tomcat will start automatically when it starts:

sudo systemctl enable tomcat

Step 7: Configure Tomcat Web Management Interface

In order to use the manager web application that comes with Tomcat, we must add a login to the Tomcat server. We will do this by editing the tomcat-users.xml file:

sudo nano /opt/tomcat/conf/tomcat-users.xml

You will need to add users who can access manager-gui and admin-gui (the web application that comes with Tomcat). You can achieve this by defining users (similar to the example below) between the tomcat-users tags. Be sure to change the username and password to something safe:

< tomcat-users ...><user username="admin" password="password" roles="manager-gui,admin-gui"/></tomcat-users>

Save and close the file when you are done.

By default, newer versions of Tomcat restrict access to the Manager and Host Manager applications to connections from the server itself. Since we are installing on a remote computer, you may wish to remove or change this restriction. To change the IP address restrictions on these, open the corresponding context.xml file.

For the Manager application, type:

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

For the Host Manager application, type:

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

Internally, comment out the IP address restrictions to allow connections from anywhere. Or, if you only allow access to connections from your own IP address, you can add your public IP address to the list:

< Context antiResourceLocking="false" privileged="true"><!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
   allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"/>--></Context>

Save and close the file when you are done.

To make our changes take effect, please restart the Tomcat service:

sudo systemctl restart tomcat

Step 8: Access the web interface

Now that we have created a user, we can access the web management interface again in a web browser. Once again, you can access the correct interface by entering the server domain name or IP address behind port 8080 in your browser:

Open in web browserhttp://server_domain_or_IP:8080

The page you see should be the same as the one you gave in the previous test:

Let's take a look at the Manager App, which can be accessed via a link or http://server_domain_or_IP:8080/manager/html. You need to enter the account credentials added to the tomcat-users.xml file. After that, you should see a page like the following:

The Web Application Manager is used to manage Java applications. You can start, stop, reload, deploy and undeploy here. You can also run some diagnostics on the application (that is, look for memory leaks). Finally, the bottom of this page provides information about your server.

Now let us look at the host manager, which can be accessed via the link or http://server_domain_or_IP:8080/host-manager/html/:

In the Virtual Host Manager page, you can add virtual hosts to provide services for your applications.

in conclusion

Your Tomcat installation is complete! You can now freely deploy your own Java web applications!

Currently, your Tomcat installation functions normally, but it is not encrypted at all. This means that all data (including sensitive items such as passwords) is sent in plain text, which can be intercepted and read by other parties on the Internet. To prevent this from happening, it is strongly recommended that you use SSL to encrypt the connection.

To learn more about the installation of Apache Tomcat 8, please go to [Tencent Cloud + Community] (https://cloud.tencent.com/developer?from=10680) to learn more.

Reference: "How To Install Apache Tomcat 8 on Ubuntu 16.04"