INSTALL TOMCAT 8 ON CENTOS 7

INSTALL TOMCAT 8

create tomcat group and user

$ sudo groupadd tomcat
$ sudo useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

go to home directory

$ cd ~

download tomcat

$ sudo wget http://mirror.symnds.com/software/Apache/tomcat/tomcat-8/v8.5.5/bin/apache-tomcat-8.5.5.tar.gz

create tomcat folder under /opt/

$ sudo mkdir /opt/tomcat

extract the archive to the new tomcat folder

$ sudo tar xvf apache-tomcat-8.5.5.tar.gz -C /opt/tomcat –strip-components=1

PERMISSIONS

update permissions by giving tomcat user and tomcat group to the entire tomcat directory. Give also write access to the conf directory and read access to the files in that conf directory.

Run the steps by changing to admin

change to root

$ sudo su

make all folders and files tomcat user and group

$ chown -Rf tomcat.tomcat /opt/tomcat/

go to tomcat folder

$ cd /opt/tomcat/

give write access to conf folder and read access to its files

$ sudo chmod g+rwx conf
$ sudo chmod g+r conf/*

let’s go back from root to our previous user

$ exit

RUN TOMCAT AS A SERVICE

Let’s setup a Tomcat Systemd unit file

create and open tomcat as a service

$ sudo vi /etc/systemd/system/tomcat.service

I changed Xms512M -Xmx1024M to Xms1024M -Xmx2048M

# Systemd unit file for tomcat
[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/opt/jdk1.8.0_101/
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms1024M -Xmx2048M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat

[Install]
WantedBy=multi-user.target

Now reload Systemd to load the Tomcat unit file

$ sudo systemctl daemon-reload

Open 8080, 80 ports for Firewall

$ sudo firewall-cmd –zone=public –add-port=8080/tcp –permanent
$ sudo firewall-cmd –zone=public –add-port=80/tcp –permanent
$ sudo firewall-cmd –reload
$ sudo systemctl restart firewalld.service
$ sudo iptables -L

If you need to remove let’s say http and you just want to use 8080

$ firewall-cmd –zone=public –remove-service=http

let’s start, enable and check tomcat, stop if needed

$ sudo systemctl start tomcat
$ sudo systemctl enable tomcat
$ sudo systemctl status

if you see error then for more details

$ journalctl -xe

to stop tomcat

$ sudo systemctl stop tomcat

Finally you should see it’s working. Go to the server’s url
http://server-ipaddress:8080/

CONFIGURE TOMCAT USERS

change to root

$ sudo su

there are different roles to be assigned, let’s see what they are
———————————————————————————————————–

manager-gui - allows access to the HTML GUI and the status pages
manager-script - allows access to the text interface and the status pages
manager-jmx - allows access to the JMX proxy and the status pages
manager-status - allows access to the status pages only

$ vi /opt/tomcat/conf/tomcat-users.xml

let’s add the following

<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-status"/>
<user username="blabla" password="blabla" roles="manager-gui,manager-script,manager-status"/>

$ vi /opt/tomcat/webapps/manager/META-INF/context.xml

comment the valve to access manager app link from all machines

<Context antiResourceLocking="false" privileged="true" >
<!--  
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
-->
</Context>

Now go again to the server address and click Manager App. Enter username password you have provided in tomcat-users.xml file

http://server-ipaddress:8080/

CHANGE PORT TO 80

stop tomcat

$ systemctl stop tomcat

change port 8080 to 80

$ sudo vi /opt/tomcat/conf/server.xml

<Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />

NEVER EVER START TOMCAT WITH SYSTEMCTL, RUN START.SH FROM COMMAND LINE

$ cd /opt/tomcat/bin

start

$ ./startup.sh

shutdown

$ ./shutdown.sh

Now go again to the server address and click Manager App. Enter username password you have provided in tomcat-users.xml file

http://server-ipaddress/

INSTALL AUTHBIND ON CENTOS 7

If you still having port 80 issues on your Centos 7 then try authbind

go to opt directory

$ cd /opt/

download rpm

$ wget https://s3.amazonaws.com/aaronsilber/public/authbind-2.1.1-0.1.x86_64.rpm

run rpm

$ sudo rpm -Uvh authbind-2.1.1-0.1.x86_64.rpm

now configure port 80 for tomcat

$ sudo touch /etc/authbind/byport/80
$ sudo chmod 500 /etc/authbind/byport/80
$ sudo chown tomcat /etc/authbind/byport/80

You can do the same steps for port 443 if needed

$ sudo touch /etc/authbind/byport/443
$ sudo chmod 500 /etc/authbind/byport/443
$ sudo chown tomcat /etc/authbind/byport/443

Port 80 is very tricky,  many have issues to run Tomcat 8 on Centos 7 with port 80

Normally, it’s not suggested to run Tomcat from command line as a root. Some people choose to preroute port 80 to 8080

 iptables -t nat -A PREROUTING -p tcp -m tcp –dport 80 -j REDIRECT –to-ports 8080

But prerouting is a work around and not a complete solution. Mine worked when I stopped Tomcat as a service and restarted it from command line.

Advertisements

One thought on “INSTALL TOMCAT 8 ON CENTOS 7

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s