How to Install Apache Tomcat on Rocky Linux 10: A Step-by-Step Guide
Apache Tomcat is a powerful, open-source implementation of the Java Servlet, JavaServer Pages, and WebSocket technologies. It’s a popular choice for developers and system administrators looking to deploy Java-based web applications. This guide will walk you through a secure and professional installation of Apache Tomcat on a Rocky Linux 10 server.
Following these steps will ensure your Tomcat instance is not only running correctly but is also configured for security and easy management.
Prerequisites
Before you begin, ensure you have the following:
- A server running a fresh installation of Rocky Linux 10.
- A non-root user with
sudoprivileges. - Your system is up-to-date. You can achieve this by running
sudo dnf update -y.
Step 1: Install Java Development Kit (JDK)
Apache Tomcat is a Java application, so its primary requirement is a working Java Development Kit (JDK). We will install OpenJDK 11, a widely compatible and stable version.
Open your terminal and execute the following command:
sudo dnf install java-11-openjdk-devel -y
Once the installation is complete, you can verify that Java was installed correctly by checking its version:
java -version
You should see output confirming that OpenJDK version 11 is installed on your system.
Step 2: Create a Dedicated Tomcat User
For security purposes, it is a critical best practice to run services like Tomcat under a dedicated, unprivileged user account. Running Tomcat as the root user poses a significant security risk. This dedicated user will own the Tomcat files and processes, limiting potential damage if the service is ever compromised.
Create a new user and group named tomcat with the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Here’s what these options do:
-m: Creates a home directory for the user.-U: Creates a group with the same name as the user.-d /opt/tomcat: Sets/opt/tomcatas the home directory.-s /bin/false: Prevents this user from being used for a shell login.
Step 3: Download and Install Apache Tomcat
Next, download the latest stable version of Tomcat 10 from the official Apache Tomcat website. It’s best to check the official downloads page for the most recent version number.
First, navigate to the /tmp directory, a temporary location perfect for downloads.
cd /tmp
Use the wget command to download the Tomcat 10 archive. Be sure to copy the link for the “tar.gz” file from the Tomcat 10 download page.
wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.24/bin/apache-tomcat-10.1.24.tar.gz
Once downloaded, extract the archive and move the files into the dedicated /opt/tomcat directory you created earlier.
sudo tar xzvf apache-tomcat-*.tar.gz -C /opt/tomcat --strip-components=1
The --strip-components=1 flag is important as it ensures the files are placed directly in /opt/tomcat instead of a subdirectory.
Finally, update the ownership of the installation directory to the tomcat user and group. This gives your dedicated user the necessary permissions to manage the application.
sudo chown -R tomcat: /opt/tomcat
Step 4: Create a systemd Service File for Tomcat
To manage Tomcat as a system service (allowing you to start, stop, and enable it on boot), you need to create a systemd service file.
Create and open a new file named tomcat.service in the /etc/systemd/system/ directory using your preferred text editor, such as nano.
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration into the file. This configuration tells systemd how to run and manage the Tomcat service.
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/jre"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Save the file and exit the editor.
Step 5: Start and Enable the Tomcat Service
Now that the service file is in place, you need to reload the systemd daemon to make it aware of the new configuration.
sudo systemctl daemon-reload
You can now start the Tomcat service with the following command:
sudo systemctl start tomcat
To ensure Tomcat automatically starts whenever the server reboots, enable the service:
sudo systemctl enable tomcat
Finally, check the status to confirm it’s running without errors:
sudo systemctl status tomcat
You should see an “active (running)” status in the output.
Step 6: Configure the Firewall
By default, Rocky Linux’s firewall will block access to Tomcat’s default port, which is 8080. You need to explicitly allow traffic on this port.
Use the firewall-cmd utility to permanently add a rule for port 8080:
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
For the changes to take effect, reload the firewall:
sudo firewall-cmd --reload
Verifying Your Tomcat Installation
Your Tomcat server should now be fully installed and accessible. To test it, open a web browser and navigate to your server’s IP address followed by the port number:
http://your_server_ip:8080
If the installation was successful, you will be greeted by the official Apache Tomcat splash page.
Security Tip: Configure the Web Application Manager
For production environments, you should secure the Tomcat Web Application Manager by setting up a user with a strong password. This is done by editing the tomcat-users.xml file.
sudo nano /opt/tomcat/conf/tomcat-users.xml
Inside the <tomcat-users> tags, add a user with the manager-gui and admin-gui roles. Be sure to replace “STRONG_PASSWORD” with a secure, unique password.
<tomcat-users>
<!-- Add this user configuration -->
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin" password="STRONG_PASSWORD" roles="manager-gui,admin-gui"/>
</tomcat-users>
After saving the file, you must restart the Tomcat service for the changes to apply:
sudo systemctl restart tomcat
You can now access the Manager App and Host Manager sections using the credentials you just configured.
With this setup complete, you have a secure, robust, and manageable Apache Tomcat server on Rocky Linux 10, ready to host your Java web applications.
Source: https://centlinux.com/install-apache-tomcat-on-rocky-linux-10/
