Introduction
Tomcat is an open source Java implementation package developed by the Apache Software Foundation. Learn how to install Tomcat 9 on CentOS 7 in this tutorial.
Prerequisites
- A user account with sudo privileges
- Access to a terminal window / command line (Ctrl-Alt-F2)
Check if Java is Installed
Tomcat relies on an existing Java installation. Check to see if your system has Java installed. Enter the following into a terminal window:
java -version
You should be running at least JDK 1.8.0. If the system reports an older version or no Java installed, install Java by entering:
sudo yum install java-1.8.0-openjdk-devel
Note: This guide uses OpenJDK SE (Standard Edition) 8. OpenJDK is fully open source. If your software uses Oracle Java, you can use it instead.
Create Tomcat User and Group
Tomcat should not be run as root. Create a new user and group by entering:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Download Tomcat 9
Tomcat 9.0.20 is the latest version at the time this was written. A later release may be available on the official download page. Alternately, enter the following:
cd /tmp
wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.56/bin/apache-tomcat-9.0.56.tar.gz
Extract the .tar.gz File
To extract the Tomcat tar.gz file to /opt/tomcat, enter the following:
sudo tar xzvf apache-tomcat-9*tar.gz -C /opt/tomcat --strip-components=1
Modify Tomcat User Permissions
The new tomcat user needs execute privileges over the directory.
Enter the following:
sudo chown -R tomcat:tomcat /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'
Create a System Unit File
Creating a systems unit file allows Tomcat to run as a service.
1. Find the Java location with the following command:
readlink -f $(which java)
Copy the parent folder of /jre/bin/java for the following step.
1. To create a tomcat.service file, use the command:
sudo nano /etc/systemd/system/tomcat.service
2. In the file, enter the following:
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=oneshot
RemainAfterExit=yes
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Paste the path from the previous step in the Environment="JAVA_HOME=<path>"
line.
3. Save and close the file.
4. Refresh the system:
sudo systemctl daemon-reload
5. Set the Tomcat service to start on boot:
sudo systemctl enable tomcat
6. Start the Tomcat service:
sudo systemctl start tomcat
7. Verify that the Tomcat service is installed and running:
sudo systemctl status tomcat
Adjust the Firewall
The Tomcat service needs access to Port 8080.
Allow traffic by entering the commands:
firewall-cmd --zone=public --permanent --add-port=8080/tcp
The message success
prints to the terminal. Reload the firewall to apply the option:
firewall-cmd --reload
You should be able to see the Tomcat server in a web browser.
Input this web address into a browser window:
http://server_ip:8080
For example, if you're running Tomcat on a local server, use:
http://localhost:8080
Set Up Web Management Interface
1. To create a user to access the Web Management Interface, edit the user file by entering:
sudo nano /opt/tomcat/conf/tomcat-users.xml
2. Delete everything from the file and add the following:
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="good_password" roles="admin-gui,manager-gui"/>
</tomcat-users>
Replace good_password with a secure password of your choosing.
Save the file and exit. You should now be able to access the Web Management Interface in a web browser. Visit http://server_ip:8080/manager/html to use the interface.
Configure Remote Access (Optional)
By default, Tomcat is only accessible from the local machine it’s installed on. This step allows you to grant access to a specific IP address.
1. Edit the following file:
sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
2. Add the following:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
3. Save the file and exit.
4. Repeat the process for the second file:
sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
5. Add the following:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
6. Save and exit.
This will grant access to any system in the 192.168.0.* range of IP addresses.
You can change the IP address to a specific range for your intranet. Alternately, you can use the IP address of a single system.
The asterisk acts as a wildcard to allow multiple IP addresses. Granting full access can leave security vulnerabilities. Instead, enable only systems with a business need to access Tomcat.
Note: Browse our Knowledge Base for other Apache Tomcat installation tutorials such as How to Install Tomcat on Windows and How to Install Tomcat on Ubuntu.
Conclusion
You should have a working installation of Apache Tomcat 9 on your CentOS server. Furthermore, you should be able to access your Tomcat server from a specific IP range or address in your intranet.