How to Install Apache Tomcat on Debian 10

Install Apache Tomcat on Debian 10

In this article, we will have explained the necessary steps to install and configure Apache Tomcat on Debian 10. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.

Install Apache Tomcat on Debian

Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.

sudo apt update
sudo apt upgrade

Step 2. Install Java.

Apache Tomcat requires Java to be installed. We’ll install OpenJDK, which is the default Java development and runtime in Debian:

sudo apt install default-jdk

Check Java is already installed on your system running following command:

java -version

Step 3. Create Tomcat User.

Becuase of security reason Tomcat should not run as root user. So now you should create a non-root user for Tomcat typing following command:

sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat

Step 4. Install Tomcat.

First, download latest binaries from Tomcat Download Page. At the time creating this tutorial latest version is 9.0.14:

wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.14/bin/apache-tomcat-9.0.14.tar.gz -P

Once the download is completed, extract the Tomcat archive and move it to the /opt/tomcat directory:

sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat

To have more control over Tomcat versions and updates, we will create a symbolic link latest which will point to the Tomcat installation directory:

sudo ln -s /opt/tomcat/apache-tomcat-9.0.14 /opt/tomcat/latest

Run following command to give installation directory ownership to tomcat user and tomcat group:

sudo chown -RH tomcat: /opt/tomcat/latest
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

Step 5. Create Systemd Unit File.

Run following command to create tomcat.service unit file inside /etc/systemd/system/ directory:

sudo nano /etc/systemd/system/tomcat.service

Add following line:

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Notify systemd that we created a new unit file and start the Tomcat service by executing:

sudo systemctl daemon-reload
sudo systemctl start tomcat

Step 6. Update The Firewall Settings.

If your firewall running on your Debian system and you want to access the tomcat interface from the outside of your local network you’ll need to open the port 8080:

sudo ufw allow 8080/tcp

Step 7. Configure Tomcat Web Management Interface.

Tomcat users and roles are defined in the tomcat-users.xml file. This file is a template with comments and examples describing how to configure the create a user or role:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml

Now add username and password for admin-gui and manager-gui. Make it sure you are setting strong username and password:

<tomcat-users>
   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>
</tomcat-users>

By default, Apache Tomcat restrict access to Manager and Host Manager apps to connections coming from the server also. You should remove these restrictions.

To change IP address restriction open following files. Open Manager app context file using below command:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml

Open Host Manager app context file using below command:

sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml

Add commnets as given in following file:

<Context antiResourceLocking="false" privileged="true" >
<!--
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

Remember to restart the Tomcat service each time you edit Tomcat configuration files for changes to take effect:

sudo systemctl restart tomcat

Step 8. Test the Tomcat Installation.

Open your browser and type: http://<your-domain_or_IP-address>:8080

You should get following output for successful installation:

Install Apache Tomcat on Debian 10

Now use Manager App visiting http://YOUR-DOMAIN_NAME_OR_IP-ADDRESS:8080/manager/html.

Install Apache Tomcat on Debian 10

Congratulation, you have learned how to install and configure Tomcat on Debian 10 Buster. If you have any question, please leave a comment below.