How to setup Apache Tomcat on Linux in Azure/AWS/GCP
To install Tomcat in any of the cloud platforms, the best way is to use the available images in the marketplace that run Apache Tomcat on Ubuntu or CentOS server with the recommended configuration and the Java JDK. Production ready. Click on the links below to deploy to your preferred cloud platform.
Getting Started
Once your Tomcat server has been deployed, the following links explain how to connect to a Linux VM:
- How to connect to a Linux VM on Azure
- How to connect to a Linux VM on AWS
- How to connect to a Linux VM on GCP
Once connected and logged in, the following section explains how to start using Apache Tomcat
Using Tomcat
Installation of Tomcat is in the following directory:
/opt/tomcat/9_37
You can access the Tomcat Web Admin Manager via the following URL:
http://ip-address:8080
In order to use Tomcat’s web management interface, you will need to create a user and also allow access to your remote IP (Instructions further down). Open the tomcat-users.xml file with the command:
sudo nano /opt/tomcat/9_37/conf/tomcat-users.xml
Scroll down and you will want to remove the following comments
Update the rolenames with the following:
manager-gui
admin-gui
Add a username and password and add the manager-gui,admin-gui roles to your user as the following screenshot
Save the file and return to the command line and restart the tomcat service with the following command:
sudo systemctl restart tomcat
If you now access the Tomcat web admin manager (http://ip-address:8080) and click on ‘Manager App‘ or ‘Host Manager‘ add in your new username and password and you should see the following:
If you click on Manager App or Host Manager a login box should appear. If not scroll down to instructions on ‘Allow access to Tomcat from remote IP‘
Host Manager
Allow access to Tomcat from remote IP
By default Tomcat web management interface is configured to allow access only from the localhost. If you want to be able to access the web interface from a remote IP or from anywhere which is not recommended because it is a security risk you can open the following files and make the following changes.
If you need to access the web interface from anywhere open the following files and comment or remove the lines highlighted in yellow:
If you need to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list. Let’s say your public IP is 41.41.41.41 and you want to allow access only from that IP:
<Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context><Context antiResourceLocking="false" privileged="true" >
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>The list of allowed IP addresses is a list separated with vertical bar |. You can add single IP addresses or use a regular expressions.
Once done, restart the Tomcat service for changes to take effect:
sudo systemctl restart tomcatTomcat Documentation
Documentation on using Tomcat can be found on their website on the following URL:
https://tomcat.apache.org/tomcat-9.0-doc/index.html
Tomcat Support
Any issues with installing this solution into any of the cloud platforms, please leave a message below or contact us directly
For any Tomcat support, take a look at the support section on their website:
https://tomcat.apache.org/findhelp.html
Tomcat Firewall Ports
Tomcat listens on port 8080 for HTTP, port 8443 for https and port 8009 for AJP
If you are using any firewalls, network security groups on any of the cloud platforms you will need to open these ports.
To setup AWS firewall rules refer to – AWS Security Groups
To setup Azure firewall rules refer to – Azure Network Security Groups
To setup Google GCP firewall rules refer to – Creating GCP Firewalls
