I couldn’t find a Tomcat package in the standard repositories or EPEL, so I will walk you through installing Tomcat on CentOS 8. It is a relatively straightforward process. The latest version available at the time of writing (2019 November 23) is 9.0.29, so that is the version I will use in the examples.
All commands should be run as the root.
Install Requisite Packages
There are a few packages that must be installed before installing Tomcat. Install them with the following command:
# dnf install java-11-openjdk-headless tarDownload Tomcat
# cd
# curl http://ftp.wayne.edu/apache/tomcat/tomcat-9/v9.0.29/bin/apache-tomcat-9.0.29.tar.gz > \
apache-tomcat-9.0.29.tar.gzSince you are downloading from a source using plain HTTP, check the hash of the archive file:
# sha1sum apache-tomcat-9.0.29.tar.gz
98fc1b3624d4504a490430de2ada83dd797b0656 apache-tomcat-9.0.29.tar.gzIf you are using version 9.0.29, the hash should be identical to the highlighted section above. For more information about cryptographic hashes, check out my introduction to cryptography.
If you are using a different version of Tomcat, you can get a SHA512 hash from the Tomcat download page. They use SHA-512, so use the command sha512sum instead.
Create a Non-privileged User and Group
Create a non-privileged user and group to run Tomcat as. This will help limit how far an attacker will get if they manage to compromise Tomcat or your application(s).
# groupadd -r tomcat
# useradd -r -m -s /bin/bash -g tomcat -d /opt/apache-tomcat-9.0.29 tomcatExtract the Archive
Extract the Tomcat archive into a directory in /opt
# cd /opt
# tar xf /root/apache-tomcat-9.0.29.tar.gzCreate Tomcat Environment File
Tomcat requires some environment variables to be set in order to function. The control script, catalina.sh, will automatically source the file setenv.sh every time it is run. As you will notice, Tomcat doesn’t have a default.
Create the file /opt/apache-tomcat-9.0.29/bin/setenv.sh with the following contents:
# See the top of /opt/apache-tomcat-9.0.29/catalina.sh
# for an explanation of what these variables do
#
CATALINA_HOME=/opt/apache-tomcat-9.0.29
#CATALINA_BASE=$CATALINA_HOME
#CATALINA_OUT=$CATALINA_BASE/logs/catalina.out
#CATALINA_OPTS=""
#CATALINA_TMPDIR=$CATALINA_BASE/temp
JAVA_HOME=/etc/alternatives/jre_11_openjdk
#JRE_HOME=$JAVA_HOME
#JAVA_OPTS=""
#JAVA_ENDORSED_DIRS=$CATALINA_HOME/endorsed
#JPDA_TRANSPORT=dt_socket
#JPDA_ADDRESS=localhost:8000
#JPDA_SUSPEND=n
#JPDA_OPTS="-agentlib:jdwp=transport=$JPDA_TRANSPORT,address=$JPDA_ADDRESS,server=y,suspend=$JPDA_SUSPEND"
#JSSE_OPTS="-Djdk.tls.ephemeralDHKeySize=2048"
#CATALINA_PID=""
#LOGGING_CONFIG=""
#LOGGING_MANAGER=""
#UMASK=0027
#USE_NOHUP=trueThe variables CATALINA_HOME and JAVA_HOME are required. The rest are optional or have default values, hence they are commented out. Values assigned to the commented out variables are defaults.
Create a SystemD Unit File
Create a SystemD Unit File so the server can be started and stopped automatically on boot and shutdown. Create the file /etc/systemd/system/tomcat-9.0.29.service with the following contents:
[Unit]
Description=Tomcat 9.0.29
After=network.target
[Service]
Type=forking
ExecStart=/opt/apache-tomcat-9.0.29/bin/catalina.sh start
ExecStop=/opt/apache-tomcat-9.0.29/bin/catalina.sh stop
User=tomcat
[Install]
WantedBy=multi-user.targetLoad the unit file:
# systemctl daemon-reloadSet Permissions On Installation Directory
Give ownership of the installation directory to the tomcat user and group:
# chown -R tomcat:tomcat /opt/apache-tomcat-9.0.29Start and Test Tomcat
The following command will start the server:
# systemctl start tomcat-9.0.29Test the server with curl:
# curl -I http://localhost:8080
HTTP/1.1 200
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Date: Sat, 23 Nov 2019 23:53:59 GMTIf you wish for Tomcat to start at boot, run the following command:
# systemctl enable tomcat-9.0.29