How to install and configure Apache Tomcat on CentOS 7

Apache Tomcat is an open source implementation of Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technologies. Tomcat is one of the most widely adopted applications and web servers in the world today. Tomcat is easy to use and has a robust ecosystem.

This tutorial covers how to install Tomcat 8.5 on CentOS 7.

It is recommended to open the command line / terminal on Linux to follow and apply the guides on this page.

We also recommend that you test any tutorial or guide found online on a virtual machine (vmware or virtualbox) before deploying to a production server, so you don’t mess up an actively running system when something goes wrong.

precondition

Before proceeding with this tutorial, make sure that you are logged in as a user with sudo privileges.

Install OpenJDK

Tomcat 8.5 requires Java SE 7 or later. In this tutorial we will install OpenJDK 8, an open source implementation of the Java platform that is the default Java development and runtime on CentOS 7.

Installing the OpenJDK package is very easy:

sudo yum install java-1.8.0-openjdk-devel

Create a Tomcat user

We will create a new system user and group with the home directory /opt/tomcat which will run the tomcat service:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Download TomCat

Download the latest Tomcat 8.5.x from the Tomcat download page. At the time of this writing, the latest version is 8.5.37. Before proceeding to the next step, we recommend that you check the download page to see if there is a newer version.

Change to directory /tmp And download the zip file using the command wget next:

cd /tmp

wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.37/bin/apache-tomcat-8.5.37.zip

Once the download is complete, unzip the file and move it to a directory /opt/tomcat:

unzip apache-tomcat-*.zip
sudo mkdir -p /opt/tomcat
sudo mv apache-tomcat-8.5.37 /opt/tomcat/

For more control over versions and updates, we will create a symbolic link pointing to the Tomcat installation directory:

sudo ln -s /opt/tomcat/apache-tomcat-8.5.37 /opt/tomcat/latest

Later, if you want to upgrade your Tomcat installation, you can simply extract the latest version and change the symlink to point to the latest version.

See also  How to secure Nginx with Let's Encrypt on CentOS 7

The tomcat user we set up earlier needs to access the tomcat directory, so we will change the ownership of the directory to user and group ownership. tomcat :

sudo chown -R tomcat: /opt/tomcat

Make the script inside the directory bin To make it actionable:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Create system unit files

To run Tomcat as a service, we will create a module file tomcat.service New in the directory /etc/systemd/system/ with the following contents:

/etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 8.5 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Tell systemd that we’ve created a new unit file and start the Tomcat service by running:

sudo systemctl daemon-reload
sudo systemctl start tomcat

You can check the status of the service with the following command:

sudo systemctl status tomcat
● tomcat.service - Tomcat 8.5 servlet container
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
   Active: active (running) since Sat 2018-05-05 11:04:40 UTC; 5s ago
  Process: 13478 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 13499 (java)
    Tasks: 45 (limit: 507)
   CGroup: /system.slice/tomcat.service
           └─13499 /usr/lib/jvm/default-java/bin/java -Djava.util.logging.config.file=/opt/tomcat/latest/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.security.

And if there are no errors, you can enable the tomcat service to start automatically at boot:

sudo systemctl enable tomcat

Adjust firewall settings

If your server is under a firewall and you want to access the tomcat interface from outside your local network, you will need to open a port 8080.

To allow port traffic 8080 Type the following command:

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

When running a Tomcat application in a production environment, you will most likely have a load balancer or reverse proxy, and it is best to restrict access to ports. 8080 Only for your internal network.

See also  Find out the user's login history to the server

Configure the Tomcat web management interface

Now that you have Tomcat installed on the Ubuntu server, the next step is to create a user that can access the web admin interface.

The Tomcat user and role are specified in the file tomcat-users.xml.

If you open the file, you will see that it is full of comments and examples explaining how to configure the file.

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml

To add a new user that can access the tomcat web interface (manager-gui and admin-gui) we need to define the user in the file tomcat-users.xml As shown below. Make sure to change to a stronger username and password to make them more secure:

<tomcat-users>
<!--
    Comments
-->
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>

By default, the Tomcat web administration interface is configured to allow access only from localhost. If you want to be able to access the web interface from a remote IP address or from any location that is not recommended, since it is a security risk, you can open the following files and make the following changes.

If you need to access the web interface from anywhere, open the following file and comment out or remove the yellow highlighted lines:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0000:1" />
-->
</Context>
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0000:1" />
-->
</Context>

If you only need to access the web interface from a specific IP address, instead of annotating the IP ban, add your public IP address to the list. Say your public IP address is 32.32.32.32 And you just want to allow access from this IP address:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0000:1|32.32.32.32" />
</Context>
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0000:1|32.32.32.32" />
</Context>

The list of allowed IP addresses is a list separated by a vertical bar |. You can add a single IP address or use regular expressions.

See also  How to resolve cannot set max_connections through my.cnf

Restart the Tomcat service for the changes to take effect:

sudo systemctl restart tomcat

Installation test

To test if Tomcat is installed correctly, open a browser and type: http://<domain_anda_atau_IP_address> 8080

Assuming the installation is successful, a screen similar to the following will appear:

Tomcat installation
Apache Tomcat dashboard

The Tomcat Web Application Manager dashboard is available at http://<domain_atau_alamat_IP>:8080/manager/html. From here you can publish, unpublish, start, stop, and re-upload your app.

cat manager
cat manager

The Tomcat Virtual Host Manager dashboard is available on the site http://<domain_atau_alamat_ip>:8080/host-manager/html. From here you can create, delete and manage Tomcat virtual hosts.

Cat hosts manager
Cat hosts manager

conclusion

You have successfully installed Tomcat 8.5 on a CentOS 7 system. Now you can visit the official Apache Tomcat 8 documentation and learn more about Apache Tomcat features.

Source link

About wahyuway

Check Also

How to install and configure Anaconda on CentOS 7

How to install and configure Anaconda on CentOS 7

Anaconda is the most popular machine learning and data science tool used in large scale …

Leave a Reply