{"id":17,"date":"2026-03-22T01:01:07","date_gmt":"2026-03-22T01:01:07","guid":{"rendered":"https:\/\/nextialab.com\/?p=17"},"modified":"2026-03-22T01:51:14","modified_gmt":"2026-03-22T01:51:14","slug":"installing-tomcat-and-nginx-in-ubuntu-24-04","status":"publish","type":"post","link":"https:\/\/nextialab.com\/index.php\/2026\/03\/22\/installing-tomcat-and-nginx-in-ubuntu-24-04\/","title":{"rendered":"Installing Tomcat and Nginx in Ubuntu 24.04"},"content":{"rendered":"\n

Let’s assume you are running Ubuntu 24.04 in a virtual machine, with a user different from root<\/code> but in the sudo<\/code> group. First, update and upgrade the system with:<\/p>\n\n\n\n

$ sudo apt update\n$ sudo apt upgrade<\/code><\/pre>\n\n\n\n
Installing the JRE<\/h2>\n\n\n\n
For the purpose of this post, we are going to use Tomcat 11, which requires at least a JRE version 17 to run. You are free to install any implementation of the JRE just make sure that the Tomcat version  you are planning to use is supported by that version of Java. For the sake of this post we are going with OpenJDK 21. Install the next dependency:<\/p>\n\n\n\n
$ sudo apt install openjdk-21-jdk<\/code><\/pre>\n\n\n\n
Make sure that it was installed successfully by running:<\/p>\n\n\n\n
$ java -version<\/code><\/pre>\n\n\n\n
which should print the current installed version. Also take note of the installation path JAVA_HOME<\/code>. By default, the JRE is installed in the path \/usr\/lib\/jvm\/java-21-openjdk-amd64<\/code> or similar, depending on your VM. If it is not there then you can locate it by following its path, try running the command:<\/p>\n\n\n\n
$ which java<\/code><\/pre>\n\n\n\n
which should print the location of that binary. But this location might be a symlink, so you should continue following it until you reach the folder containing the java<\/code> binary.<\/p>\n\n\n\n
Installing Tomcat<\/h2>\n\n\n\n
Let’s first create a user that will run the service:<\/p>\n\n\n\n
$ sudo user add -r -m -U -d \/opt\/tomcat -s \/bin\/false tomcat<\/code><\/pre>\n\n\n\n
In summary: the useradd<\/code> command will create a new system user tomcat<\/code> with home directory \/opt\/tomcat<\/code> and with no privileges to open bash<\/code>. For more information you can read the man<\/code> page of useradd<\/code>.<\/p>\n\n\n\n
Then download the tomcat binaries from the Tomcat official page<\/a>, remembering that we are using Tomcat 11:<\/p>\n\n\n\n
$ wget https:\/\/dlcdn.apache.org\/tomcat\/tomcat-11\/v11.0.18\/bin\/apache-tomcat-11.0.18.tar.gz<\/code><\/pre>\n\n\n\n
and extract it to the tomcat<\/code> user home folder, create a symlink and change the ownership:<\/p>\n\n\n\n
$ sudo tar -xzf apache-tomcat-11.0.18.tar.gz -C \/opt\/tomcat\n$ sudo ln -s \/opt\/tomcat\/apache-tomcat-11.0.18 \/opt\/tomcat\/current\n$ sudo chown -R tomcat:tomcat \/opt\/tomcat<\/code><\/pre>\n\n\n\n
The reason behind the current<\/code> symlink is to make upgrading transparent to the system, once we download a new tomcat binary we just need to change where the symlink is pointing to.<\/p>\n\n\n\n
A useful mnemonic for the tar<\/code> command is mentioning the phrase ‘extract the file’ with a German accent: ‘e(x)tract (z)e (f)ile’.<\/p>\n\n\n\n
Setting up Tomcat as a service<\/h2>\n\n\n\n
Now let’s install Tomcat as a service using systemd<\/code>. Create the next configuration file:<\/p>\n\n\n\n
$ sudo vim \/etc\/systemd\/system\/tomcat.service<\/code><\/pre>\n\n\n\n
with the content:<\/p>\n\n\n\n
[Unit]\nDescription=Apache Tomcat Web Server\nAfter=network.target\n\n[Service]\nType=forking\n\nEnvironment=\"JAVA_HOME=\/usr\/lib\/jvm\/java-21-openjdk-amd64\"\nEnvironment=\"CATALINA_PID=\/opt\/tomcat\/current\/temp\/tomcat.pid\"\nEnvironment=\"CATALINA_HOME=\/opt\/tomcat\/current\/\"\nEnvironment=\"CATALINA_BASE=\/opt\/tomcat\/current\/\"\n\nExecStart=\/opt\/tomcat\/current\/bin\/startup.sh\nExecStop=\/opt\/tomcat\/current\/bin\/shutdown.sh\n\nUser=tomcat\nGroup=tomcat\nUMask=0007\nRestartSec=10\nRestart=always\n\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n
Remember to press i<\/code> to enter the (i)insert mode in vim, and press esc<\/code> to exit it. To save the file press esc<\/code>, write :wq<\/code> and press Enter<\/code>. The enable and start the service:<\/p>\n\n\n\n
$ sudo systemctl enable tomcat\n$ sudo systemctl start tomcat<\/code><\/pre>\n\n\n\n
Enabling the service means to let it start automatically when the system reboots. You can check its status at any time without sudo<\/code> permission:<\/p>\n\n\n\n
$ systemctl status tomcat<\/code><\/pre>\n\n\n\n
If you see a green active<\/strong> message, it means that the service is most probably healthy. Up until now Tomcat is running in localhost in port 8080. Let’s open it to the Internet.<\/p>\n\n\n\n
Installing Nginx<\/h2>\n\n\n\n
The nginx<\/code> package already includes the binaries and service configuration for Ubuntu, to install and enable it just run:<\/p>\n\n\n\n
$ sudo apt install nginx<\/code><\/pre>\n\n\n\n
And same as with Tomcat, you can check the current status of the service by running:<\/p>\n\n\n\n
$ systemctl status nginx<\/code><\/pre>\n\n\n\n
Now let’s configure nginx as reverse proxy to tomcat. First, let’s define an upstream block in the main nginx configuration file:<\/p>\n\n\n\n
$ sudo vim \/etc\/nginx\/nginx.conf<\/code><\/pre>\n\n\n\n
and add the next content inside the http<\/code> block:<\/p>\n\n\n\n
http {\n    ...\n    upstream tomcat {\n        server 127.0.0.1:8080;\n    }\n    ...\n}<\/code><\/pre>\n\n\n\n
Save this file and let’s add a new server in the folder \/etc\/nginx\/sites-available<\/code>:<\/p>\n\n\n\n
$ sudo vim \/etc\/nginx\/sites-available\/example.com<\/code><\/pre>\n\n\n\n
Let’s assume that there is a A<\/code> DNS record that points example.com<\/code> to this VM IP:<\/p>\n\n\n\n
server {\n    listen 80;\n    server_name example.com;\n    location \/ {\n        proxy_pass http:\/\/tomcat\/;\n        proxy_set_header Host $host;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header X-Forwarded-Proto $scheme;\n    }\n}<\/code><\/pre>\n\n\n\n
and to enable it just create a symlink to the sites-enabled<\/code> folder:<\/p>\n\n\n\n
$ sudo ln -s \/etc\/nginx\/sites-available\/example.com \/etc\/nginx\/sites-enabled\/<\/code><\/pre>\n\n\n\n
Before restarting nginx and open it to the Internet, let’s confirm that our configuration has no mistakes:<\/p>\n\n\n\n
$ sudo nginx -t<\/code><\/pre>\n\n\n\n
If it returns an ok<\/code> then that means that there is no mistake in any nginx configuration file and that we can safely restart the service:<\/p>\n\n\n\n
$sudeo systemctl restart nginx<\/code><\/pre>\n\n\n\n
Managing the firewall<\/h2>\n\n\n\n
If you try to access the site from the outside it might get blocked because of the firewall. Ubuntu ships by default with ufw<\/code> (Uncomplicated Firewall) and needs to be configured for HTTP and HTTPS. You can list all possible options for ufw<\/code> with:<\/p>\n\n\n\n
$ sudo ufw app list<\/code><\/pre>\n\n\n\n
It should list at lest the next options: Nginx Full<\/code>, Nginx HTTP<\/code> and Nginx HTTPS<\/code>. The first option will cover for both HTTP and HTTPS, so you can select it:<\/p>\n\n\n\n
$ sudo ufw allow 'Nginx Full'<\/code><\/pre>\n\n\n\n
Now nginx will receive the request from the outside and should return the Tomcat home page. The system is ready to accept deployments.<\/p>\n\n\n\n
References<\/h2>\n\n\n\n