How to Install Tomcat 9 on CentOS 7

June 14, 2019

Introduction

Tomcat is an open source Java implementation package developed by the Apache Software Foundation. Learn how to install Tomcat 9 on CentOS 7 in this tutorial.

How To Install Tomcat 9 On CentOS 7

Prerequisites

  • A user account with sudo privileges
  • Access to a terminal window / command line (Ctrl-Alt-F2)

Check if Java is Installed

Tomcat relies on an existing Java installation. Check to see if your system has Java installed. Enter the following into a terminal window:

java -version
java -version terminal output jdk 1.8.0

You should be running at least JDK 1.8.0. If the system reports an older version or no Java installed, install Java by entering:

sudo yum install java-1.8.0-openjdk-devel

Note: This guide uses OpenJDK SE (Standard Edition) 8. OpenJDK is fully open source. If your software uses Oracle Java, you can use it instead.

Create Tomcat User and Group

Tomcat should not be run as root. Create a new user and group by entering:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Download Tomcat 9

Tomcat 9.0.20 is the latest version at the time this was written. A later release may be available on the official download page. Alternately, enter the following:

cd /tmp
wget https://dlcdn.apache.org/tomcat/tomcat-9/v9.0.56/bin/apache-tomcat-9.0.56.tar.gz
wget apache tomcat 9 download terminal

Extract the .tar.gz File

To extract the Tomcat tar.gz file to /opt/tomcat, enter the following:

sudo tar xzvf apache-tomcat-9*tar.gz -C /opt/tomcat --strip-components=1
tar xzvf apache tomcat extract terminal

Modify Tomcat User Permissions

The new tomcat user needs execute privileges over the directory.

Enter the following:

sudo chown -R tomcat:tomcat /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'

Create a System Unit File

Creating a systems unit file allows Tomcat to run as a service.

1. Find the Java location with the following command:

readlink -f $(which java)
readlink which java terminal output

Copy the parent folder of /jre/bin/java for the following step.

1. To create a tomcat.service file, use the command:

sudo nano /etc/systemd/system/tomcat.service

2. In the file, enter the following:

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=oneshot
RemainAfterExit=yes

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.312.b07-1.el7_9.x86_64/"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

[Install]
WantedBy=multi-user.target
tomcat.service file centos

Paste the path from the previous step in the Environment="JAVA_HOME=<path>" line.

3. Save and close the file.

4. Refresh the system:

sudo systemctl daemon-reload

5. Set the Tomcat service to start on boot:

sudo systemctl enable tomcat

6. Start the Tomcat service:

sudo systemctl start tomcat

7. Verify that the Tomcat service is installed and running:

sudo systemctl status tomcat
sudo systemctl status tomcat active terminal

Adjust the Firewall

The Tomcat service needs access to Port 8080.

Allow traffic by entering the commands:

firewall-cmd --zone=public --permanent --add-port=8080/tcp
firewall enable port 8080

The message success prints to the terminal. Reload the firewall to apply the option:

firewall-cmd --reload
firewall-cmd --reload terminal output

You should be able to see the Tomcat server in a web browser.

Input this web address into a browser window:

http://server_ip:8080

For example, if you're running Tomcat on a local server, use:

http://localhost:8080
tomcat 9 server browser localhost

Set Up Web Management Interface

1. To create a user to access the Web Management Interface, edit the user file by entering:

sudo nano /opt/tomcat/conf/tomcat-users.xml

2. Delete everything from the file and add the following:

<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="good_password" roles="admin-gui,manager-gui"/>
</tomcat-users>

Replace good_password with a secure password of your choosing.

Save the file and exit. You should now be able to access the Web Management Interface in a web browser. Visit http://server_ip:8080/manager/html to use the interface.

tomcat 9 web application manager page

Configure Remote Access (Optional)

By default, Tomcat is only accessible from the local machine it’s installed on. This step allows you to grant access to a specific IP address.

1. Edit the following file:

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

2. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

3. Save the file and exit.

4. Repeat the process for the second file:

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

5. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

6. Save and exit.

This will grant access to any system in the 192.168.0.* range of IP addresses.

You can change the IP address to a specific range for your intranet. Alternately, you can use the IP address of a single system.

The asterisk acts as a wildcard to allow multiple IP addresses. Granting full access can leave security vulnerabilities. Instead, enable only systems with a business need to access Tomcat.

Note: Browse our Knowledge Base for other Apache Tomcat installation tutorials such as How to Install Tomcat on Windows and How to Install Tomcat on Ubuntu.

Conclusion

You should have a working installation of Apache Tomcat 9 on your CentOS server. Furthermore, you should be able to access your Tomcat server from a specific IP range or address in your intranet.

Was this article helpful?
YesNo
Dejan Tucakov
Dejan is the Head of Content at phoenixNAP with over 8 years of experience in Web publishing and technical writing. Prior to joining PNAP, he was Chief Editor of several websites striving to advocate for emerging technologies. He is dedicated to simplifying complex notions and providing meaningful insight into data center and cloud technology.
Next you should read
How to Implement Validation for RESTful Services with Spring
November 13, 2018

Data validation is not a new topic in web application development and here we take a brief look at data...
Read more
How to Enable SSH on Ubuntu
April 23, 2019

When establishing a remote connection between a client and a server, a primary concern is ensuring a secure...
Read more
How to Install VirtualBox on Ubuntu
June 2, 2019

VirtualBox is a powerful tool for running a virtual operating system on your computer. In this tutorial learn...
Read more
How to Install Apache Tomcat 9 on Ubuntu 18.04
July 2, 2019

Apache Tomcat is a free, open-source, lightweight application server used for Java-based web applications...
Read more