Introduction
Tomcat is an open source Java implementation package developed by the Apache Software Foundation. In this tutorial learn how to install Tomcat 9 on CentOS 7.
Prerequisites
- A user account with sudo privileges
- Access to a terminal window / command line (Ctrl-Alt-F2)
Check if Java is Installed
Tomcat relies on an existing Java installation. Check to see if your system has Java installed. Enter the following into a terminal window:
java –version
You should be running at least Java SE 8. If the system reports an older version or no Java installed, install Java by entering:
sudo yum install java-1.8.0-openjdk-devel
Note: This guide uses OpenJDK SE (Standard Edition) 8. OpenJDK is fully open source. If your software uses Oracle Java, you can use it instead.
Create Tomcat User and Group
Tomcat should not be run as root. Create a new user and group by entering:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Download Tomcat 9
Tomcat 9.0.20 is the latest version at the time this was written. A later release may be available on the official download page. Alternately, enter the following:
cd /tmp
wget http://apache.cs.utah.edu/tomcat/tomcat-9/v9.0.20/bin/apache-tomcat-9.0.20.tar.gz
Extract the .tar.gz File
To extract the Tomcat tar.gz file, enter the following:
tar -xf apache-tomcat-9.0.20.tar.gz
Move the files to the /opt/tomcat directory:
sudo mv apache-tomcat-9.0.20 /opt/tomcat/
(Optional) Create a symbolic link for updates:
sudo ln -s /opt/tomcat/apache-tomcat-9.0.20 /opt/tomcat/latest
Modify Tomcat User Permissions
The new users needs to execute privileges over the directory.
Enter the following:
sudo chown -R tomcat:tomcat /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Create a System Unit File
Creating a systems unit file allows Tomcat to run as a service.
1. To create a tomcat.service file, use the command:
sudo nano /etc/systemd/system/tomcat.service
2. In the file, enter the following:
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
3. Save and close the file.
4. Refresh the system:
sudo systemctl daemon-reload
5. Set the Tomcat service to start on boot:
sudo systemctl enable tomcat
6. Start the Tomcat service:
sudo systemctl start tomcat
7. Verify that the Tomcat service is installed and running:
sudo systemctl status tomcat
Adjust the Firewall
The Tomcat service needs access to Port 8080.
Allow traffic by entering the commands:
firewall-cmd --zone=public --permanent --add-port=8080/tcp
firewall-cmd -reload
You should be able to see the Tomcat server in a web browser.
Input this web address into a browser window:
http://server_ip:8080
Set Up Web Management Interface
1. To create a user to access the Web Management Interface, edit the user file by entering:
sudo nano /opt/tomcat/conf/tomcat-users.xml
2. Adjust the file to appear as follows:
<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="good_password " roles="admin-gui,manager-gui"/>
</tomcat-users>
Replace good_password with a secure password of your choosing. Save the file and exit. You should now be able to access the Web Management Interface in a web browser. Visit http://server_ip:8080/manager/html to use the interface.
Configure Remote Access (Optional)
By default, Tomcat is only accessible from the local machine it’s installed on. This step allows you to grant access to a specific IP address.
1. Edit the following file:
sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
2. Add the following:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127/./d+/./d+/./d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
3. Save the file and exit.
4. Repeat the process for the second file:
sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
5. Add the following:
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127/./d+/./d+/./d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />
6. Save and exit.
This will grant access to any system in the 192.168.0.* range of IP addresses.
You can change the IP address to a specific range for your intranet. Alternately, you can use the IP address of a single system.
The asterisk acts as a wildcard to allow multiple IP addresses. Granting full access can leave security vulnerabilities. Instead, enable only systems with a business need to access Tomcat.
Conclusion
You should have a working installation of Apache Tomcat 9 on your CentOS server. Furthermore, you should be able to access your Tomcat server from a specific IP range or address in your intranet.
原创文章,作者:745907710,如若转载,请注明出处:https://blog.ytso.com/222853.html