Today we’ll look at how you can install Apache Tomcat 9 on CentOS 7 / Fedora 38/37/36/35/34/33. Tomcat Server is an open-source Java Servlet Container developed by the Apache Software Foundation (ASF) and released under the Apache License version 2. This tool enables you to host web applications written in Java. Tomcat executes Java servlets and renders Web pages that include Java Server Page coding.
Tomcat 9 is built on top of the latest Java EE 8 specifications such as Servlet 4.0, EL 3.1, JSP 2.4 and WebSocket 1.2. Below are the steps to install Apache Tomcat 9 on CentOS 7 / Fedora.
Step 1: Disable SELinux and Install curl
Since we will be running tomcat service as tomcat user, disable or set SELinux in permissive mode:
sudo yum -y install curl vim wget
sudo setenforce 0
sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/configTo completely disable it, run:
sudo sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
sudo rebootStep 2: Install OpenJDK 11
The first step is to install OpenJDK 11 on CentOS 7 / Fedora as it is a Tomcat dependency. I had earlier written an article on how to install JDK on CentOS 7 / Fedora. The link to the article is:
Step 3: Install Apache Tomcat 9
After installing OpenJDK 11, proceed to download and install Tomcat 9 on CentOS 7 / Fedora. Check for the latest release of Tomcat 9 from Apache website before downloading.
export VER="9.0.74"
wget https://archive.apache.org/dist/tomcat/tomcat-9/v${VER}/bin/apache-tomcat-${VER}.tar.gzExtract downloaded file:
tar xvf apache-tomcat-$VER.tar.gzMove the resulting folder to /usr/libexec/tomcat9
sudo mv apache-tomcat-${VER} /usr/libexec/tomcat9Step 4: Add Tomcat user and group
We need to add a user to manage Tomcat. This user will be named tomcat
sudo groupadd --system tomcat
sudo useradd -M -d /usr/libexec/tomcat9 -g tomcat tomcatChange the ownership of the /usr/libexec/tomcat9directory to the tomcat user and group.
sudo chown -R tomcat:tomcat /usr/libexec/tomcat9Step 5: Create Tomcat Systemd service
The last step is to create a service unit file for tomcat. Create a new file under:
sudo tee /etc/systemd/system/tomcat9.service<<EOF
[Unit]
Description=Apache Tomcat 9
Documentation=http://tomcat.apache.org/tomcat-9.0-doc/
After=network.target syslog.target
[Service]
User=tomcat
Group=tomcat
Type=oneshot
ExecStart=/usr/libexec/tomcat9/bin/startup.sh
ExecStop=/usr/libexec/tomcat9/bin/shutdown.sh
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
Reload systemd and start tomcat9 service:
sudo systemctl daemon-reload
sudo systemctl restart tomcat9.serviceYou can check service status using:
$ sudo systemctl status tomcat9.service
● tomcat9.service - Apache Tomcat 9
Loaded: loaded (/etc/systemd/system/tomcat9.service; disabled; vendor preset: disabled)
Active: active (running) since Sat 2018-11-10 06:34:50 UTC; 4min 15s ago
Docs: http://tomcat.apache.org/tomcat-9.0-doc/
Process: 3226 ExecStart=/usr/libexec/tomcat9/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 3226 (code=exited, status=0/SUCCESS)
Tasks: 43 (limit: 1149)
Memory: 81.5M
CGroup: /system.slice/tomcat9.service
└─3241 /usr/bin/java -Djava.util.logging.config.file=/usr/libexec/tomcat9/conf/logging.properties -Djava.util.logging.manager=org.apache.j>
Nov 10 06:34:50 fed29 systemd[1]: Starting Apache Tomcat 9...
Nov 10 06:34:50 fed29 startup.sh[3226]: Tomcat started.
Nov 10 06:34:50 fed29 systemd[1]: Started Apache Tomcat 9.The service should be listening on port 8080
$ sudo ss -tunelp | grep 8080
tcp LISTEN 0 100 *:8080 *:* users:(("java",pid=3241,fd=37)) uid:1001 ino:29845 sk:a v6only:0 <->If you have an active firewall service, allow port 8080
sudo firewall-cmd --add-port=8080/tcp
sudo firewall-cmd --reloadTomcat default website is available on [http://(server's hostname or IP address):8080/]
Administration guide is available on http://<IP>:8080/docs/index.html.
Step 6: Proxy Pass Access to Tomcat with Apache HTTP server ( Optional)
You can configure Apache http server to access Tomcat interface without specifying port 8080
Install and start Apache web server.
sudo yum -y install httpd
sudo systemctl start httpd && sudo systemctl enable httpd
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reloadCreate tomcat configuration file
sudo vim /etc/httpd/conf.d/proxy_tomcat.confAdd:
ProxyPass /tomcat9/ ajp://localhost:8009/Access to [http://(server's hostname or IP address)/tomcat9/] and confirm that the change is working as expected.
Step 7: Configure Authentication
Create a Tomcat user to access Tomcat manager
sudo vim /usr/libexec/tomcat9/conf/tomcat-users.xmlAdd the following lines to the file:
<role rolename="admin-gui" />
<user username="admin" password="StrongPassword" roles="manager-gui,admin-gui"
</tomcat-users>Replace StrongPassword with your strong actual admin password.
Other Articles:
