How to setup Apache Tomcat on Linux in Azure/AWS/GCP

To install Tomcat in any of the cloud platforms, the best way is to use the available images in the marketplace that run Apache Tomcat on Ubuntu or CentOS server with the recommended configuration and the Java JDK. Production ready. Click on the links below to deploy to your preferred cloud platform.

Getting Started

 

Once your Tomcat server has been deployed, the following links explain how to connect to a Linux VM:

 

 

Once connected and logged in, the following section explains how to start using Apache Tomcat

Using Tomcat

 

Installation of Tomcat is in the following directory:

 

/opt/tomcat/9_37

 

You can access the Tomcat Web Admin Manager via the following URL:

 

http://ip-address:8080

 

In order to use Tomcat’s web management interface, you will need to create a user and also allow access to your remote IP (Instructions further down). Open the tomcat-users.xml file with the command:

 

sudo nano /opt/tomcat/9_37/conf/tomcat-users.xml

 

tomcat-users

 

Scroll down and you will want to remove the following comments

 

tomcat users

 

Update the rolenames with the following:

 

manager-gui

admin-gui

 

Add a username and password and add the manager-gui,admin-gui roles to your user as the following screenshot

user-roles

 

Save the file and return to the command line and restart the tomcat service with the following command:

 

sudo systemctl restart tomcat

 

If you now access the Tomcat web admin manager (http://ip-address:8080) and click on ‘Manager App‘ or ‘Host Manager‘ add in your new username and password and you should see the following:

Tomcat_Screenshot

 

If you click on Manager App or Host Manager a login box should appear. If not scroll down to instructions on ‘Allow access to Tomcat from remote IP

 

tomcat-web-application-manager

Host Manager

virtual-host-manager

Allow access to Tomcat from remote IP

 

By default Tomcat web management interface is configured to allow access only from the localhost. If you want to be able to access the web interface from a remote IP or from anywhere which is not recommended because it is a security risk you can open the following files and make the following changes.

 

If you need to access the web interface from anywhere open the following files and comment or remove the lines highlighted in yellow:

/opt/tomcat/9_37/webapps/manager/META-INF/context.xml
Copy
/opt/tomcat/9_37/webapps/host-manager/META-INF/context.xml
Copy

If you need to access the web interface only from a specific IP, instead of commenting the blocks add your public IP to the list. Let’s say your public IP is 41.41.41.41 and you want to allow access only from that IP:

 

/opt/tomcat/9_37/webapps/manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>
Copy
/opt/tomcat/9_37/webapps/host-manager/META-INF/context.xml
<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|41.41.41.41" />
</Context>
Copy

The list of allowed IP addresses is a list separated with vertical bar |. You can add single IP addresses or use a regular expressions.

Once done, restart the Tomcat service for changes to take effect:

sudo systemctl restart tomcat

Tomcat Documentation

 

Documentation on using Tomcat can be found on their website on the following URL: 

https://tomcat.apache.org/tomcat-9.0-doc/index.html

 

Tomcat Support

 

Any issues with installing this solution into any of the cloud platforms, please leave a message below or contact us directly

 

For any Tomcat support, take a look at the support section on their website:

https://tomcat.apache.org/findhelp.html

 

Tomcat Firewall Ports

 

Tomcat listens on port 8080 for HTTP, port 8443 for https and port 8009 for AJP

 

If you are using any firewalls, network security groups on any of the cloud platforms you will need to open these ports.

 

To setup AWS firewall rules refer to – AWS Security Groups

To setup Azure firewall rules refer to – Azure Network Security Groups

To setup Google GCP firewall rules refer to – Creating GCP Firewalls

 
Disclaimer: Apache Tomcat® is a registered trademark of Apache Software Foundation and is licensed under Apache License version 2. No warrantee of any kind, express or implied, is included with this software. Use at your risk, responsibility for damages (if any) to anyone resulting from the use of this software rest entirely with the user. The author is not responsible for any damage that its use could cause.
Andrew Fitzgerald

Cloud Solution Architect. Helping customers transform their business to the cloud. 20 years experience working in complex infrastructure environments and a Microsoft Certified Solutions Expert on everything Cloud

No Comments

Post a Comment

Comment
Name
Email
Website