How to Install Tomcat 9 on CentOS 7

Introduction

Tomcat is an open source Java implementation package developed by the Apache Software Foundation. In this tutorial learn how to install Tomcat 9 on CentOS 7.

Prerequisites

• A user account with sudo privileges
• Access to a terminal window / command line (Ctrl-Alt-F2)

Check if Java is Installed

Tomcat relies on an existing Java installation. Check to see if your system has Java installed. Enter the following into a terminal window:

java –version

You should be running at least Java SE 8. If the system reports an older version or no Java installed, install Java by entering:

sudo yum install java-1.8.0-openjdk-devel

Create Tomcat User and Group

Tomcat should not be run as root. Create a new user and group by entering:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Download Tomcat 9

Tomcat 9.0.20 is the latest version at the time this was written. A later release may be available on the official download page. Alternately, enter the following:

cd /tmp

wget http://apache.cs.utah.edu/tomcat/tomcat-9/v9.0.20/bin/apache-tomcat-9.0.20.tar.gz

Extract the .tar.gz File

To extract the Tomcat tar.gz file, enter the following:

tar -xf apache-tomcat-9.0.20.tar.gz

Move the files to the /opt/tomcat directory:

sudo mv apache-tomcat-9.0.20 /opt/tomcat/

(Optional) Create a symbolic link for updates:

sudo ln -s /opt/tomcat/apache-tomcat-9.0.20 /opt/tomcat/latest

Modify Tomcat User Permissions

The new users needs to execute privileges over the directory.

Enter the following:

sudo chown -R tomcat:tomcat /opt/tomcat

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Create a System Unit File

Creating a systems unit file allows Tomcat to run as a service.

1. To create a tomcat.service file, use the command:

sudo nano /etc/systemd/system/tomcat.service

2. In the file, enter the following:

[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target

3. Save and close the file.

4. Refresh the system:

sudo systemctl daemon-reload

5. Set the Tomcat service to start on boot:

sudo systemctl enable tomcat

6. Start the Tomcat service:

sudo systemctl start tomcat

7. Verify that the Tomcat service is installed and running:

sudo systemctl status tomcat

Adjust the Firewall

The Tomcat service needs access to Port 8080.

Allow traffic by entering the commands:

firewall-cmd --zone=public --permanent --add-port=8080/tcp

firewall-cmd -reload

You should be able to see the Tomcat server in a web browser.

Input this web address into a browser window:

http://server_ip:8080

Set Up Web Management Interface

1. To create a user to access the Web Management Interface, edit the user file by entering:

sudo nano /opt/tomcat/conf/tomcat-users.xml

2. Adjust the file to appear as follows:

<tomcat-users>
<!--
Comments
-->
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="admin" password="good_password " roles="admin-gui,manager-gui"/>
</tomcat-users>

Replace good_password with a secure password of your choosing. Save the file and exit. You should now be able to access the Web Management Interface in a web browser. Visit http://server_ip:8080/manager/html to use the interface.

Configure Remote Access (Optional)

By default, Tomcat is only accessible from the local machine it’s installed on. This step allows you to grant access to a specific IP address.

1. Edit the following file:

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

2. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127/./d+/./d+/./d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

3. Save the file and exit.

4. Repeat the process for the second file:

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

5. Add the following:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127/./d+/./d+/./d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />

6. Save and exit.

This will grant access to any system in the 192.168.0.* range of IP addresses.

You can change the IP address to a specific range for your intranet. Alternately, you can use the IP address of a single system.

The asterisk acts as a wildcard to allow multiple IP addresses. Granting full access can leave security vulnerabilities. Instead, enable only systems with a business need to access Tomcat.

Conclusion

You should have a working installation of Apache Tomcat 9 on your CentOS server. Furthermore, you should be able to access your Tomcat server from a specific IP range or address in your intranet.