Installing Tomcat on CentOS 8

By | 2019-11-24

I couldn’t find a Tomcat package in the standard repositories or EPEL, so I will walk you through installing Tomcat on CentOS 8. It is a relatively straightforward process. The latest version available at the time of writing (2019 November 23) is 9.0.29, so that is the version I will use in the examples.

All commands should be run as the root.

Install Requisite Packages

There are a few packages that must be installed before installing Tomcat. Install them with the following command:

# dnf install java-11-openjdk-headless tar

Download Tomcat

# cd
# curl http://ftp.wayne.edu/apache/tomcat/tomcat-9/v9.0.29/bin/apache-tomcat-9.0.29.tar.gz > \
apache-tomcat-9.0.29.tar.gz

Since you are downloading from a source using plain HTTP, check the hash of the archive file:

# sha1sum apache-tomcat-9.0.29.tar.gz 
98fc1b3624d4504a490430de2ada83dd797b0656  apache-tomcat-9.0.29.tar.gz

If you are using version 9.0.29, the hash should be identical to the highlighted section above. For more information about cryptographic hashes, check out my introduction to cryptography.

If you are using a different version of Tomcat, you can get a SHA512 hash from the Tomcat download page. They use SHA-512, so use the command sha512sum instead.

Create a Non-privileged User and Group

Create a non-privileged user and group to run Tomcat as. This will help limit how far an attacker will get if they manage to compromise Tomcat or your application(s).

# groupadd -r tomcat
# useradd -r -m -s /bin/bash -g tomcat -d /opt/apache-tomcat-9.0.29 tomcat

Extract the Archive

Extract the Tomcat archive into a directory in /opt

# cd /opt
# tar xf /root/apache-tomcat-9.0.29.tar.gz

Create Tomcat Environment File

Tomcat requires some environment variables to be set in order to function. The control script, catalina.sh, will automatically source the file setenv.sh every time it is run. As you will notice, Tomcat doesn’t have a default.

Create the file /opt/apache-tomcat-9.0.29/bin/setenv.sh with the following contents:

# See the top of /opt/apache-tomcat-9.0.29/catalina.sh 
# for an explanation of what these variables do
#

CATALINA_HOME=/opt/apache-tomcat-9.0.29
#CATALINA_BASE=$CATALINA_HOME
#CATALINA_OUT=$CATALINA_BASE/logs/catalina.out
#CATALINA_OPTS=""
#CATALINA_TMPDIR=$CATALINA_BASE/temp
JAVA_HOME=/etc/alternatives/jre_11_openjdk
#JRE_HOME=$JAVA_HOME
#JAVA_OPTS=""
#JAVA_ENDORSED_DIRS=$CATALINA_HOME/endorsed
#JPDA_TRANSPORT=dt_socket
#JPDA_ADDRESS=localhost:8000
#JPDA_SUSPEND=n
#JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"
#JSSE_OPTS="-Djdk.tls.ephemeralDHKeySize=2048"
#CATALINA_PID=""
#LOGGING_CONFIG=""
#LOGGING_MANAGER=""
#UMASK=0027
#USE_NOHUP=true

The variables CATALINA_HOME and JAVA_HOME are required. The rest are optional or have default values, hence they are commented out. Values assigned to the commented out variables are defaults.

Create a SystemD Unit File

Create a SystemD Unit File so the server can be started and stopped automatically on boot and shutdown. Create the file /etc/systemd/system/tomcat-9.0.29.service with the following contents:

[Unit]
Description=Tomcat 9.0.29
After=network.target

[Service]
Type=forking
ExecStart=/opt/apache-tomcat-9.0.29/bin/catalina.sh start
ExecStop=/opt/apache-tomcat-9.0.29/bin/catalina.sh stop
User=tomcat

[Install]
WantedBy=multi-user.target

Load the unit file:

# systemctl daemon-reload

Set Permissions On Installation Directory

Give ownership of the installation directory to the tomcat user and group:

# chown -R tomcat:tomcat /opt/apache-tomcat-9.0.29

Start and Test Tomcat

The following command will start the server:

# systemctl start tomcat-9.0.29

Test the server with curl:

# curl -I http://localhost:8080 
HTTP/1.1 200 
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 23 Nov 2019 23:53:59 GMT

If you wish for Tomcat to start at boot, run the following command:

# systemctl enable tomcat-9.0.29

References