How to Setup Apache Tomcat on Linux in Azure/AWS/GCP

To install Tomcat in any of the cloud platforms, the best way is to use the available images in the marketplace that run Apache Tomcat on Ubuntu, Debian or CentOS server with the recommended configuration and the Java JDK. Production ready. Click on the links below to deploy to your preferred cloud platform.

Table of Contents

Apache Tomcat Server features

Apache Tomcat or Tomcat Server is a Java Server Page container that assist web developers building and maintaining dynamic websites and applications based on the Java software platform.

 

  • Java Servlets container of the Java platform are:  JavaServer Pages (JSP), Java Expression Language (Java EL) and WebSocket.
  • The software enables a web server to handle dynamic Java-based web content using the HTTP protocol.
  • It can handle both static pages and dynamic pages. The static pages are generated using HTML.
  • Essentially a web server  designed to serve files from the local system, like Apache.
  • A Java enterprise application server is a full-blown implementation of the Java EE (now Jakarta EE)  specification.

Getting Started with Apache Tomcat

SSH into new server

Once your Tomcat server has been deployed, the following links explain how to connect to a Linux VM:

 

 

Once connected and logged in, the following section explains how to start using Apache Tomcat

Using Tomcat Server on Linux

Installation of Tomcat is in the following directory:

 

/opt/tomcat/9_37

 

You can access the Tomcat Web Admin Manager via the following URL:

 

http://ip-address:8080

 

In order to use Tomcat’s web management interface, you will need to create a user and also allow access to your remote IP (Instructions further down). Open the tomcat-users.xml file with the command:

 

				
					sudo nano /opt/tomcat/9_37/conf/tomcat-users.xml
				
			

If nano editor isn’t found/installed, you can run the vim editor command instead:

				
					sudo vim /opt/tomcat/9_37/conf/tomcat-users.xml
				
			

Scroll down and you will want to remove the following comments

Update the rolenames with the following:

 

manager-gui

admin-gui

 

Add a username and password and add the manager-gui,admin-gui roles to your user as the following screenshot:

user-roles

Save the file and return to the command line and restart the tomcat service with the following command:

				
					sudo systemctl restart tomcat
				
			

If you now access the Tomcat web admin manager (http://ip-address:8080) and click on ‘Manager App‘ or ‘Host Manager‘ add in your new username and password and you should see the following:

If you click on Manager App or Host Manager a login box should appear. If not scroll down to instructions on ‘Allow access to Tomcat from remote IP

Allow access to Tomcat from remote IP

By default Tomcat web management interface is configured to allow access only from the localhost. If you want to be able to access the web interface from a remote IP or from anywhere which is not recommended because it is a security risk you can open the following files and make the following changes.

If you need to access the web interface from anywhere open the following files and comment or remove the lines highlighted in yellow:

 
				
					/opt/tomcat/9_37/webapps/manager/META-INF/context.xml
				
			
				
					/opt/tomcat/9_37/webapps/host-manager/META-INF/context.xml
				
			

If you need to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list. Let’s say your public IP is 41.41.41.41 and you want to allow access only from that IP:

				
					/opt/tomcat/9_37/webapps/manager/META-INF/context.xml
				
			
				
					<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
				
			
				
					/opt/tomcat/9_37/webapps/host-manager/META-INF/context.xml
				
			
				
					<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
				
			

The list of allowed IP addresses is a list separated with vertical bar |. You can add single IP addresses or use a regular expressions.

Once done, restart the Tomcat service for changes to take effect:

				
					sudo systemctl restart tomcat
				
			

Tomcat Firewall Ports

Tomcat listens on port 8080 for HTTP, port 8443 for https and port 8009 for AJP

 

If you are using any firewalls, network security groups on any of the cloud platforms you will need to open these ports.

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

Tomcat Documentation

Tomcat Support

Any issues with installing this solution into any of the cloud platforms, please leave a message below or contact us directly

 

For any Tomcat support, take a look at the support section on their website:

https://tomcat.apache.org/findhelp.html

 

Disclaimer: Apache Tomcat® is a registered trademark of Apache Software Foundation and is licensed under Apache License version 2. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user. The author is not responsible for any damage that its use could cause.

Avatar for Andrew Fitzgerald
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud.

0 0 votes
Article Rating
Subscribe
Notify of
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x