Tag: tomcat

Let’s assume you are running Ubuntu 24.04 in a virtual machine, with a user different from root but in the sudo group. First, update and upgrade the system with:

$ sudo apt update
$ sudo apt upgrade

Installing the JRE

For the purpose of this post, we are going to use Tomcat 11, which requires at least a JRE version 17 to run. You are free to install any implementation of the JRE just make sure that the Tomcat version you are planning to use is supported by that version of Java. For the sake of this post we are going with OpenJDK 21. Install the next dependency:

$ sudo apt install openjdk-21-jdk

Make sure that it was installed successfully by running:

$ java -version

which should print the current installed version. Also take note of the installation path JAVA_HOME. By default, the JRE is installed in the path /usr/lib/jvm/java-21-openjdk-amd64 or similar, depending on your VM. If it is not there then you can locate it by following its path, try running the command:

$ which java

which should print the location of that binary. But this location might be a symlink, so you should continue following it until you reach the folder containing the java binary.

Installing Tomcat

Let’s first create a user that will run the service:

$ sudo user add -r -m -U -d /opt/tomcat -s /bin/false tomcat

In summary: the useradd command will create a new system user tomcat with home directory /opt/tomcat and with no privileges to open bash. For more information you can read the man page of useradd.

Then download the tomcat binaries from the Tomcat official page, remembering that we are using Tomcat 11:

$ wget https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.18/bin/apache-tomcat-11.0.18.tar.gz

and extract it to the tomcat user home folder, create a symlink and change the ownership:

$ sudo tar -xzf apache-tomcat-11.0.18.tar.gz -C /opt/tomcat
$ sudo ln -s /opt/tomcat/apache-tomcat-11.0.18 /opt/tomcat/current
$ sudo chown -R tomcat:tomcat /opt/tomcat

The reason behind the current symlink is to make upgrading transparent to the system, once we download a new tomcat binary we just need to change where the symlink is pointing to.

A useful mnemonic for the tar command is mentioning the phrase ‘extract the file’ with a German accent: ‘e(x)tract (z)e (f)ile’.

Setting up Tomcat as a service

Now let’s install Tomcat as a service using systemd. Create the next configuration file:

$ sudo vim /etc/systemd/system/tomcat.service

with the content:

[Unit]
Description=Apache Tomcat Web Server
After=network.target

[Service]
Type=forking

Environment="JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64"
Environment="CATALINA_PID=/opt/tomcat/current/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat/current/"
Environment="CATALINA_BASE=/opt/tomcat/current/"

ExecStart=/opt/tomcat/current/bin/startup.sh
ExecStop=/opt/tomcat/current/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

Remember to press i to enter the (i)insert mode in vim, and press esc to exit it. To save the file press esc, write :wq and press Enter. The enable and start the service:

$ sudo systemctl enable tomcat
$ sudo systemctl start tomcat

Enabling the service means to let it start automatically when the system reboots. You can check its status at any time without sudo permission:

$ systemctl status tomcat

If you see a green active message, it means that the service is most probably healthy. Up until now Tomcat is running in localhost in port 8080. Let’s open it to the Internet.

Installing Nginx

The nginx package already includes the binaries and service configuration for Ubuntu, to install and enable it just run:

$ sudo apt install nginx

And same as with Tomcat, you can check the current status of the service by running:

$ systemctl status nginx

Now let’s configure nginx as reverse proxy to tomcat. First, let’s define an upstream block in the main nginx configuration file:

$ sudo vim /etc/nginx/nginx.conf

and add the next content inside the http block:

http {
    ...
    upstream tomcat {
        server 127.0.0.1:8080;
    }
    ...
}

Save this file and let’s add a new server in the folder /etc/nginx/sites-available:

$ sudo vim /etc/nginx/sites-available/example.com

Let’s assume that there is a A DNS record that points example.com to this VM IP:

server {
    listen 80;
    server_name example.com;
    location / {
        proxy_pass http://tomcat/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

and to enable it just create a symlink to the sites-enabled folder:

$ sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Before restarting nginx and open it to the Internet, let’s confirm that our configuration has no mistakes:

$ sudo nginx -t

If it returns an ok then that means that there is no mistake in any nginx configuration file and that we can safely restart the service:

$sudeo systemctl restart nginx

Managing the firewall

If you try to access the site from the outside it might get blocked because of the firewall. Ubuntu ships by default with ufw (Uncomplicated Firewall) and needs to be configured for HTTP and HTTPS. You can list all possible options for ufw with:

$ sudo ufw app list

It should list at lest the next options: Nginx Full, Nginx HTTP and Nginx HTTPS. The first option will cover for both HTTP and HTTPS, so you can select it:

$ sudo ufw allow 'Nginx Full'

Now nginx will receive the request from the outside and should return the Tomcat home page. The system is ready to accept deployments.

References

• A Complete Guide to Install Tomcat on Linux
• how to configure nginx reverse proxy for tomcat servers?
• How to Install and Configure Nginx on Ubuntu