Vultr DocsLatest Articles

How to Install Apache Tomcat on Ubuntu 24.04

Apache TomcatUbuntu
HJ
Updated on December 20, 2024
How to Install Apache Tomcat on Ubuntu 24.04 header image

Introduction

Apache Tomcat is an open-source web server application that allows developers to run Java applications in a secure and efficient environment. Tomcat implements Java Servlet and JavaServer Pages (JSP) specifications to deploy and manage Java-based web applications on a server.

Apache Tomcat supports load balancing, clustering, and high availability features to run applications with different workloads.

This article explains how to install Apache Tomcat on Ubuntu 24.04 to run dynamic web applications on a server.

Prerequisites

Before you begin:

Install Java OpenJDK

Apache Tomcat requires the Java Development Kit (JDK) version 17 or later. Follow the steps below to install the required OpenJDK version and create a new dedicated user to run Tomcat on your server.

  1. Install OpenJDK 17 on your server.

    console 
    $ sudo apt install openjdk-17-jdk -y

  2. View the installed Java version.

    console 
    $ java -version

    Output:

    openjdk version "17.0.13" 2024-10-15
OpenJDK Runtime Environment (build 17.0.13+11-Ubuntu-2ubuntu124.04)
OpenJDK 64-Bit Server VM (build 17.0.13+11-Ubuntu-2ubuntu124.04, mixed mode, sharing)

  3. Create a new tomcat group to use with the Apache Tomcat service.

    console 
    $ sudo groupadd tomcat

  4. Create a new tomcat user with /opt/tomcat as the home directory and a member of the tomcat group.

    console 
    $ sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

Install Apache Tomcat

Apache Tomcat is not available in the default package repositories on Ubuntu. Follow the steps below to download the latest Apache Tomcat release file and install the application on your server.

  1. Visit the Apache Tomcat releases page and download the latest Apache Tomcat 11 release file.

    console 
    $ wget -O tomcat.tar.gz https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.1/bin/apache-tomcat-11.0.1.tar.gz

    The above command downloads the Tomcat release version 11.0.1 on your server. Ensure to download the latest version to install the latest application features and configurations.

  2. Create a new tomcat directory in a system-wide location such as /opt to extract the Tomcat package contents.

    console 
    $ sudo mkdir /opt/tomcat

  3. Extract files from the downloaded Tomcat archive to the /opt/tomcat directory.

    console 
    $ sudo tar -xvzf tomcat.tar.gz -C /opt/tomcat --strip-components=1

    The --strip-components=1 option in the above command removes the top-level directory in the archive and extracts all Tomcat package contents to the /opt/tomcat directory.

  4. Remove the downloaded archive file to free up the server's disk space.

    console 
    $ sudo rm -rf tomcat.tar.gz

  5. Grant the tomcat user and group ownership privileges to the /opt/tomcat directory.

    console 
    $ sudo chown -R tomcat:tomcat /opt/tomcat

  6. Grant the tomcat group read privileges to the conf directory.

    console 
    $ sudo chmod -R g+r /opt/tomcat/conf

  7. Grant the tomcat group execute permissions to the /opt/tomcat/conf directory.

    console 
    $ sudo chmod g+x /opt/tomcat/conf

Create Apache Tomcat Users

Apache Tomcat requires specific user accounts with administrative privileges to access the manager and host-manager applications in the web management dashboard. Follow the steps below to create privileged users and remove IP address restrictions to enable access to the manager and host-manager applications.

  1. Open the tomcat-users.xml user configuration file using a text editor such as nano.

    console 
    $ sudo nano /opt/tomcat/conf/tomcat-users.xml

  2. Add the following configurations above the </tomcat-users> directive. Replace manager_password and admin_password with your desired administrative user passwords.

    ini 
    <role rolename="manager-gui" />
<user username="manager" password="manager_password" roles="manager-gui" />

<role rolename="admin-gui" />
<user username="admin" password="admin_password" roles="manager-gui,admin-gui" />

    Save and close the file.

    The above configuration creates a new manager and admin user with manager, and administrator privileges respectively to access the Tomcat web management dashboard.

  3. Open the manager context.xml file to remove restrictions to the manager application.

    console 
    $ sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

  4. Find and disable the following Valve directive using a <!-- --> comment.

    ini 
    <!--  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

    Save and close the file.

  5. Open the host manager context.xml file to remove restrictions to the host manager application.

    console 
    $ sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

  6. Find and disable the following Valve directive.

    ini 
    <!--  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />  -->

    Save and close the file.

Set Up Apache Tomcat as a System Service

Follow the steps below to create a new system service to run and manage the Apache Tomcat application processes on your server.

  1. Run the following command to view and note the Java installation path in your output.

    console 
    $ sudo update-java-alternatives -l

    Output:

    java-1.17.0-openjdk-amd64      1711       /usr/lib/jvm/java-1.17.0-openjdk-amd64

  2. Create a new tomcat.service system service file.

    console 
    $ sudo nano /etc/systemd/system/tomcat.service

  3. Add the following configurations to the file. Modify the JAVA_HOME value to include your actual Java installation path if different.

    ini 
    [Unit]
Description=Tomcat
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/java-1.17.0-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

    Save and close the file.

    The above system service configuration creates a new tomcat service that runs the startup.sh and shutdown.sh scripts in the Apache Tomcat project directory to manage the application's processes.

  4. Reload the systemd daemon to apply the new service configuration.

    console 
    $ sudo systemctl daemon-reload

  5. Enable the Apache Tomcat service to start at boot.

    console 
    $ sudo systemctl enable tomcat

  6. Start the Apache Tomcat service.

    console 
    $ sudo systemctl start tomcat

  7. View the Apache Tomcat service status and verify that it's running.

    console 
    $ sudo systemctl status tomcat

    Output:

    ● tomcat.service - Tomcat
     Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; preset: enabled)
     Active: active (running) since Thu 2024-12-05 12:12:25 UTC; 6s ago
    Process: 12213 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
   Main PID: 12220 (java)
      Tasks: 31 (limit: 2269)
     Memory: 112.5M (peak: 115.7M)
        CPU: 2.430s
     CGroup: /system.slice/tomcat.service
             └─12220 /usr/lib/jvm/java-1.17.0-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.proper>

Secure Apache Tomcat with Trusted SSL Certificates

Apache Tomcat listens for incoming connections using the insecure HTTP port 8080 and the HTTPS port 8443 for secure connections. Follow the steps below to generate trusted Let's Encrypt SSL certificates using the tomcat.example.com domain to enable secure HTTPS connections to the Apache Tomcat service.

  1. View the UFW status and verify that the firewall is active.

    console 
    $ sudo ufw status

    If the status is inactive, allow the SSH port 22 and enable UFW using the command below.

    console 
    $ sudo ufw allow 22 && sudo ufw enable

  2. Allow HTTP connections through the firewall.

    console 
    $ sudo ufw allow http

  3. Reload UFW to apply the firewall configuration changes.

    console 
    $ sudo ufw reload

  4. Install the Snapd package.

    console 
    $ sudo apt install snapd -y

  5. Install the Certbot Let's Encrypt client using Snap.

    console 
    $ sudo snap install --classic certbot

  6. Generate a new SSL certificate to use with Apache Tomcat. Replace tomcat.example.com and admin@example.com with your actual details.

    console 
    $ sudo certbot certonly --standalone -d tomcat.example.com -m admin@example.com --agree-tos

    Your output should be similar to the one below when successful.

    Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for tomcat.example.com

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/tomcat.example.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/tomcat.example.com/privkey.pem
This certificate expires on 2025-02-27.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  7. Copy your domain's Let's Encrypt SSL certificate files to the /opt/tomcat/conf/ Tomcat configurations directory. Replace tomcat.example.com with your actual domain.

    console 
    $ sudo bash -c 'cp /etc/letsencrypt/live/tomcat.example.com/*.pem /opt/tomcat/conf/'

  8. Grant the Apache Tomcat user and group full privileges to all .pem certificate files in the /opt/tomcat/conf/ directory.

    console 
    $ sudo bash -c 'chown -R tomcat:tomcat /opt/tomcat/conf/*.pem'

  9. Allow network connections to the Apache Tomcat HTTP port 8080 and HTTPS port 8443 through the firewall.

    console 
    $ sudo ufw allow 8080,8443/tcp

  10. Reload UFW to apply the firewall configuration changes.

    console 
    $ sudo ufw reload

  11. View the UFW status and verify all available firewall rules.

    console 
    $ sudo ufw status

    Output:

    Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
8080/tcp                   ALLOW       Anywhere                  
8443/tcp                   ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
8080/tcp                   ALLOW       Anywhere (v6)                  
8443/tcp (v6)              ALLOW       Anywhere (v6)

  12. Open the server.xml file to enable the SSL files in the Apache Tomcat configuration.

    console 
    $ sudo nano /opt/tomcat/conf/server.xml

  13. Add the following configuration before the <Connector section to load your SSL certificate files.

    ini 
    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
               maxThreads="150" SSLEnabled="true">
        <SSLHostConfig>
            <Certificate certificateFile="conf/cert.pem"
                 certificateKeyFile="conf/privkey.pem"
                 certificateChainFile="conf/chain.pem" />
        </SSLHostConfig>
    </Connector>

    Save and close the file.

    The above configuration enables Apache Tomcat to accept HTTPS network connections on port 8443 using the .pem certificate files in the /opt/tomcat/conf directory.

  14. Restart the Apache Tomcat service to apply the configuration changes.

    console 
    $ sudo systemctl restart tomcat

Access the Apache Tomcat Web Management Dashboard

Follow the steps below to access the Apache Tomcat web management dashboard to view and manage web applications on your server.

  1. Visit your Apache Tomcat domain on port 8443 using a web browser such as Chrome.

    https://tomcat.example.com:8443

    Verify that the default Apache Tomcat page displays in your web browser.

    Tomcat Dashboard

  2. Click Manager App to access the Apache Tomcat manager application, and enter your manager username and password when prompted to Sign In.

    Tomcat Login

  3. Verify that the Apache Tomcat manager application loads correctly.

    Tomcat Manager App

  4. Click Host Manager from the list of applications to access the host manager interface. Enter your administrator user credentials when prompted to log in.

    Tomcat Host Manager

Create a Java Web Application to Run on Apache Tomcat

Follow the steps below to create a sample Java web application with the following structure and run it using Apache Tomcat on your server.

/home/linuxuser/example-app/
    ├── WEB-INF/
    │   ├── web.xml                  
    │   └── classes/
    │       └── GreetingsServlet.class

  1. Create a new example-app project directory.

    console 
    $ mkdir example-app

  2. Switch to the example-app directory.

    console 
    $ cd example-app

  3. Create a WEB-INF subdirectory in the example-app project directory.

    console 
    $ mkdir WEB-INF

  4. Create a classes subdirectory inside the WEB-INF directory.

    console 
    $ mkdir WEB-INF/classes

  5. Create a new GreetingsServlet.java Java web application file.

    console 
    $ nano GreetingsServlet.java

  6. Add the following contents to the GreetingsServlet.java file.

    java 
    import jakarta.servlet.*;
import jakarta.servlet.http.*;
import java.io.IOException;

public class GreetingsServlet extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException {
        response.setContentType("text/html");
        response.getWriter().println("<h1 align='center'>Hello, World! Greetings from Vultr</h1>");
    }
}

    Save and close the file.

    The above configuration creates a new GreetingsServlet that extends the HttpServlet and displays Hello, World! Greetings from Vultr message when it runs.

  7. Create a new web.xml file in the WEB-INF directory.

    console 
    $ nano WEB-INF/web.xml

  8. Add the following contents to the web.xml file.

    xml 
    <web-app xmlns="https://jakarta.ee/xml/ns/jakartaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="https://jakarta.ee/xml/ns/jakartaee https://jakarta.ee/xml/ns/jakartaee/web-app_5_0.xsd"
         version="5.0">

    <servlet>
        <servlet-name>GreetingsServlet</servlet-name>
        <servlet-class>GreetingsServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>GreetingsServlet</servlet-name>
        <url-pattern>/helloworld</url-pattern>
    </servlet-mapping>
</web-app>

    Save and close the file.

    The above XML configuration maps the GreetingsServlet to the /helloworld URL pattern to enable Apache Tomcat to run the example-app Java web application using the /helloworld path.

  9. Compile the GreetingsServlet.java application file using the servlet-api.jar Apache Tomcat library to create a GreetingsServlet.class file.

    console 
    $ sudo javac -cp /opt/tomcat/lib/servlet-api.jar -d . GreetingsServlet.java

  10. Move the GreetingsServlet.class file to the WEB-INF/classes directory.

    console 
    $ mv GreetingsServlet.class WEB-INF/classes/

  11. List files in the classes subdirectory and verify that a new GreetingsServerlet.class file is available.

    console 
    $ ls WEB-INF/classes

    Output:

    GreetingsServerlet.class

  12. Switch to your parent directory.

    console 
    $ cd ..

  13. Move the example-app project to the /opt/tomcat/webapps directory to enable the new web application.

    console 
    $ sudo mv example-app /opt/tomcat/webapps/example-app

  14. Restart Apache Tomcat to apply the configuration changes.

    console 
    $ sudo systemctl restart tomcat

  15. Open the Apache Tomcat web management interface and click Manager App to view all available web applications.

    https://tomcat.example.com:8443

    Open the Manager App in Apache Tomcat

  16. Verify that the example-app web application is available on the list of applications.

    View active web applications in the Apache Tomcat interface

  17. Modify your Apache Tomcat URL and include the /example-app/helloworld path to verify that the example-app web application runs correctly.

    https://tomcat.example.com:8443/example-app/helloworld

    Access the Example-App Java Web Application using Apache Tomcat

Conclusion

You have installed Apache Tomcat on Ubuntu 24.04 and secured the server with trusted Let's Encrypt SSL certificates to run Java-based web applications. You can use Apache Tomcat to deploy multiple web applications and run specific services to match your development needs. For more information and configuration options, visit the Tomcat documentation.