Guide on how to install Tomcat 9 on Ubuntu 18.04 – Apache Tomcat is an open-source implementation of Java Servlet, JavaServer Pages, Java Expression Language, and Java WebSocket technology. It is one of the most widely adopted applications and web servers in the world today. Tomcat is easy to use and has a strong additional ecosystem.
In the previous article I have also provided a list 5 of the best and popular web servers in the world, where Apache Tomcat is in third position after Apache and Nginx server.
This tutorial explains how to install and configure a Tomcat 9 web server on Ubuntu 18.04. The same instructions apply for Ubuntu 16.04 and linux distro based on Ubuntu, including Linux Mint and Elementary OS.
In order to start installing the tomcat package on your Ubuntu operating system, you must be logged in as a user with sudo privileges. Read → How to Create a Sudo User and a Sudo Group on Ubuntu.
Step 1: Install OpenJDK
Tomcat requires Java to be installed. I’m going to install OpenJDK, which is the default Java development and runtime on Ubuntu 18.04.
The Java installation is quite simple. Start by updating the package index:
$ sudo apt update
Install the OpenJDK package by running the following command:
$ sudo apt install default-jdk
Step 2: Create User in Tomcat
For security purposes, Tomcat should not be run under the root user. I will create a new user on the system and group it with the home directory
/opt/tomcat which will run the Tomcat service by typing the following command:
$ sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat
Step 3: How to Install Tomcat
I will download the latest binary release of Tomcat 9 from the Tomcat 9 download page.
At the time of writing, the latest version is
9.0.27. Before continuing with the next step, you should check the download page for the new version. If there is a new version, copy the link to the Core
tar.gz, which is under the Binary Distributions section.
Start by downloading the Tomcat archive in the directory
/tmp using commands
$ wget http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.27/bin/apache-tomcat-9.0.27.tar.gz -P /tmp
After the download is complete, extract the Tomcat archive and move it to the directory
$ sudo tar xf /tmp/apache-tomcat-9*.tar.gz -C /opt/tomcat
To have more control over Tomcat versions and updates, create a symbolic link called
latest which points to the Tomcat installation directory:
$ sudo ln -s /opt/tomcat/apache-tomcat-9.0.27 /opt/tomcat/latest
Later if you want to upgrade your Tomcat instance simply open a newer version package and change the symlink to point to the latest version.
As I mentioned in the previous section Tomcat will run under the tomcat user. This user needs to have access to the Tomcat installation directory.
The following command changes the directory ownership to Tomcat user and group:
$ sudo chown -RH tomcat: /opt/tomcat/latest
Script in the directory
bin must have an executable flag:
$ sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Step 4: Create the Systemd Unit File
To run Tomcat as a service you need to create a new unit file.
Open text editor You and create a file called
$ sudo nano /etc/systemd/system/tomcat.service
Then Paste the following configuration:
[Unit] Description=Tomcat 9 servlet container After=network.target [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/default-java" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true" Environment="CATALINA_BASE=/opt/tomcat/latest" Environment="CATALINA_HOME=/opt/tomcat/latest" Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/latest/bin/startup.sh ExecStop=/opt/tomcat/latest/bin/shutdown.sh [Install] WantedBy=multi-user.target
JAVA_HOME if the path to your Java installation is different.
Save and close the file and notify
systemd that you create a new unit file:
$ sudo systemctl daemon-reload
Start the Tomcat service by running:
$ sudo systemctl start tomcat
Check the service status with the following command:
$ sudo systemctl status tomcat
Output * tomcat.service - Tomcat 9 servlet container Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled) Active: active (running) since Wed 2018-09-05 15:45:28 PDT; 20s ago Process: 1582 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 1604 (java) Tasks: 47 (limit: 2319) CGroup: /system.slice/tomcat.service
If there are no errors allow the Tomcat service to start automatically on boot:
$ sudo systemctl enable tomcat
Step 5: Customize the Firewall
If your server is protected by firewall and you want to access Tomcat from outside your local network, you need to open the port
To allow traffic on the port
8080 type the following command:
$ sudo ufw allow 8080/tcp
Usually when running Tomcat applications in a production environment you will have load balancing or reverse proxy. It is a best practice for restricting access to ports
8080 only to your internal network.
Step 6: Configure the Tomcat Web Management Interface
Now that Tomcat is installed and running, the next step is to create a user by accessing the web management interface.
Tomcat users and roles are defined in the
tomcat-users.xml. This file is a template with comments and examples that explain how to configure creating a user or user role.
To add a new user with access to the Tomcat web interface (
admin-gui) we need to define a user in a file
tomcat-users.xml, as shown below. Make sure you change your username and password to a more secure one:
<tomcat-users> <!-- Comments --> <role rolename="admin-gui"/> <role rolename="manager-gui"/> <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/> </tomcat-users>
By default, the Tomcat web management interface is configured to restrict access to the Manager and Host Manager applications from localhost only.
If you want to be able to access the web interface from a remote IP, you’ll need to remove this restriction. This may have various security implications, and is not recommended for production systems.
To enable access to the web interface from anywhere open the following two files and comment or delete lines enclosed in bunches
<!-- below this.
For the Manager application, open the following files:
$ sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml
For the Host Manager application, open the following files:
$ sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" > <!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1" /> --> </Context>
Another option is to allow access to the Manager and Host Manager applications only from certain IPs. Instead of commenting on blocks, you can simply add your IP address to the list.
For example if your public IP is
220.127.116.11 You will make the following changes:
<Context antiResourceLocking="false" privileged="true" > <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1|18.104.22.168" /> </Context>
The list of allowed IP addresses is a vertical bar separated list
|. You can add a single IP address or use a regular expression.
Remember to restart the Tomcat service again every time you edit the Tomcat configuration file for the changes to take effect:
$ sudo systemctl restart tomcat
Step 7: Test Tomcat Installation
Open your browser and type:
If the installation was successful, a page similar to the following will appear:
The Tomcat web application manager dashboard is available at
http://<your_domain_or_IP_address>:8080/manager/html. From here, you can deploy, undeploy, start, stop, and reload your application.
You can log in with the user you created on Step 6.
Tomcat virtual host manager dashboard is available at
http://<your_domain_or_IP_address>:8080/host-manager/html. From here, you can create, delete and manage Tomcat virtual hosts.
You have successfully installed Tomcat 9 on your Ubuntu 18.04 operating system. You can now visit the official Apache Tomcat 8 Documentation and learn more about Apache Tomcat features.