In this article, we will have explained the necessary steps to install and configure Apache Tomcat on Debian 10. Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges. All the commands in this tutorial should be run as a non-root user.
Install Apache Tomcat on Debian
Step 1. The first command will update the package lists to ensure you get the latest version and dependencies.
sudo apt update sudo apt upgrade
Step 2. Install Java.
Apache Tomcat requires Java to be installed. We’ll install OpenJDK, which is the default Java development and runtime in Debian:
sudo apt install default-jdk
Check Java is already installed on your system running following command:
java -version
Step 3. Create Tomcat User.
Becuase of security reason Tomcat should not run as root user. So now you should create a non-root user for Tomcat typing following command:
sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat
Step 4. Install Tomcat.
First, download latest binaries from Tomcat Download Page. At the time creating this tutorial latest version is 9.0.14:
wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.14/bin/apache-tomcat-9.0.14.tar.gz -P
Once the download is completed, extract the Tomcat archive and move it to the /opt/tomcat directory:
sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
To have more control over Tomcat versions and updates, we will create a symbolic link latest which will point to the Tomcat installation directory:
sudo ln -s /opt/tomcat/apache-tomcat-9.0.14 /opt/tomcat/latest
Run following command to give installation directory ownership to tomcat user and tomcat group:
sudo chown -RH tomcat: /opt/tomcat/latest sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 5. Create Systemd Unit File.
Run following command to create tomcat.service unit file inside /etc/systemd/system/ directory:
sudo nano /etc/systemd/system/tomcat.service
Add following line:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/default-java" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
Notify systemd that we created a new unit file and start the Tomcat service by executing:
sudo systemctl daemon-reload sudo systemctl start tomcat
Step 6. Update The Firewall Settings.
If your firewall running on your Debian system and you want to access the tomcat interface from the outside of your local network you’ll need to open the port 8080:
sudo ufw allow 8080/tcp
Step 7. Configure Tomcat Web Management Interface.
Tomcat users and roles are defined in the tomcat-users.xml file. This file is a template with comments and examples describing how to configure the create a user or role:
sudo nano /opt/tomcat/latest/conf/tomcat-users.xml
Now add username and password for admin-gui and manager-gui. Make it sure you are setting strong username and password:
<tomcat-users> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
By default, Apache Tomcat restrict access to Manager and Host Manager apps to connections coming from the server also. You should remove these restrictions.
To change IP address restriction open following files. Open Manager app context file using below command:
sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
Open Host Manager app context file using below command:
sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
Add commnets as given in following file:
<Context antiResourceLocking="false" privileged="true" >
<!--
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>Remember to restart the Tomcat service each time you edit Tomcat configuration files for changes to take effect:
sudo systemctl restart tomcat
Step 8. Test the Tomcat Installation.
Open your browser and type: http://<your-domain_or_IP-address>:8080
You should get following output for successful installation:
Now use Manager App visiting http://YOUR-DOMAIN_NAME_OR_IP-ADDRESS:8080/manager/html.
Congratulation, you have learned how to install and configure Tomcat on Debian 10 Buster. If you have any question, please leave a comment below.
