Install Apache Tomcat 10 on Ubuntu 22.04 with Nginx. Apache Tomcat is an open source web server and a servlet container which is mainly used to server Java based applications.
In this guide, you are going to learn how to install Apache Tomcat 10 on Ubuntu 22.04 and secure the setup with Nginx and Let’s Encrypt SSL.
Prerequisites
- A server with Ubuntu 22.04 OS
- A user with sudo privileges.
Initial Setup
Start by updating the server packages to the latest version available.
sudo apt update sudo apt dist-upgrade -y
Create New User for Tomcat
It would be better if Tomcat runs as it’s own unprivileged user. Execute the following command to create a new user with required privileges for Tomcat. This user wont be allowed to be logged in to SSH.
sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat
Install Java
Install default JDK using the below command. Check here for more detailed guide to install Java.
sudo apt install default-jdk
Once the installation is completed, check the version using the following command.
java -version
Your output should be similar to the one below.
openjdk version "11.0.15" 2022-04-19 OpenJDK Runtime Environment (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1) OpenJDK 64-Bit Server VM (build 11.0.15+10-Ubuntu-0ubuntu0.22.04.1, mixed mode, sharing)
Install Apache Tomcat
Download the latest version of Tomcat from their official downloads page. Choose the tar.gz under the core section.
Download the archive using wget.
cd ~/ wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.21/bin/apache-tomcat-10.0.21.tar.gz
Extract the contents to /opt/tomcat directory.
sudo tar xzvf apache-tomcat-10*tar.gz -C /opt/tomcat --strip-components=1
Configure correct permissions for Tomcat files.
sudo chown -R tomcat:tomcat /opt/tomcat/ sudo chmod -R u+x /opt/tomcat/bin
Configure Admin Users
Now we need to setup users who can access the Host manager and the Manager pages in Tomcat.
Add the users with passwords in /opt/tomcat/conf/tomcat-users.xml
sudo nano /opt/tomcat/conf/tomcat-users.xml
Add the following lines before the end tag.
<role rolename="manager-gui" /> <user username="manager" password="secure_password" roles="manager-gui" /> <role rolename="admin-gui" /> <user username="admin" password="secure_password" roles="manager-gui,admin-gui" />
Now we have 2 users who can access the Manager and the Host manager pages.
Configure Tomcat as a Service
Here we will configure a systemd service to manage Tomcat to start, stop and restart automatically.
Note the Java location.
sudo update-java-alternatives -l
Output java-1.11.0-openjdk-amd64 1111 /usr/lib/jvm/java-1.11.0-openjdk-amd64
Create a systemd file.
sudo nano /etc/systemd/system/tomcat.service
Add the following contents to the file.
[Unit] Description=Tomcat After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom" Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh RestartSec=10 Restart=always [Install] WantedBy=multi-user.target
Replace JAVA_HOME variable with the one you noted before.
Reload systemd daemon for the changes to take effect.
sudo systemctl daemon-reload
Start Tomcat.
sudo systemctl start tomcat
Enable Tomcat to start at system boot.
sudo systemctl enable tomcat
Check Tomcat status.
sudo systemctl status tomcat
Output
● tomcat.service - Tomcat
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2022-05-25 06:41:36 UTC; 6s ago
Process: 5155 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5302 (java)
Tasks: 29 (limit: 1151)
Memory: 132.7M
CGroup: /system.slice/tomcat.service
Install Nginx
Install Nginx using the following command.
sudo apt install nginx
Remove default configurations
sudo rm /etc/nginx/sites-available/default sudo rm /etc/nginx/sites-enabled/default
Configure Nginx Proxy for Tomcat
Create new Nginx configuration
sudo nano /etc/nginx/sites-available/yourdomainname.conf
Paste the following
server {
listen [::]:80;
listen 80;
server_name yourdomainname.com www.yourdomainname.com;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Save and exit the file.
Enable your configuration by creating a symbolic link.
sudo ln -s /etc/nginx/sites-available/yourdomainname.conf /etc/nginx/sites-enabled/yourdomainname.conf
Install Let’s Encrypt SSL with Certbot
Install Certbot package.
sudo apt install python3-certbot-nginx
Install SSL certificate using the below command.
sudo certbot --nginx --redirect --no-eff-email --agree-tos -m youremail@mail.com -d yourdomainname.com -d www.yourdomainname.com
If your domain is pointed to the server the free SSL certificate will get installed and HTTP to HTTPS redirection will get configured automatically and Nginx will get restarted by itself for the changes to take effect.
If you want to restart you can check your Nginx configuration and restart it.
sudo nginx -t sudo service nginx restart
Verify Tomcat Installation
Now check your domain in your browser.
Click Manager App, you will be prompted to enter username and password. Use the one we have configured in the Tomcat users section.
You can also take a look on the Host Manager page.
You can also view the server status.
Conclusion
Now you have learned how to install Apache Tomcat on Ubuntu 22.04 and secure with Nginx and Let’s Encrypt SSL.
Thanks for your time. If you face any problem or any feedback, please leave a comment below.
Leave a Reply Cancel reply