Apache Tomcat 10 Installation (Ubuntu 20.04)
In this guide, we will install and basic configure Apache Tomcat 10 on Ubuntu 20.04.
The goal is to run Java (Jakarta EE) applications in a secure and maintainable manner.
What Will You Learn in This Guide?
- Creating separate and secure users for Tomcat 10
- Java Development Kit (JDK) installation
- Tomcat 10 download and configuration
- Management interface (Manager / Host Manager) access
- Running Tomcat as systemd service
Prerequisites
- Ubuntu 20.04 server
- Non-root user with sudo authority
- UFW firewall active
Tomcat User and JDK Installation
Tomcat must be run with a separate, unauthorized user for security.
sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat
This command creates a system user that cannot log in.
- Update the package list:
sudo apt update
- Install the JDK:
sudo apt install default-jdk
- Check the installation:
java -version
Apache Tomcat 10 Installation
- Change to the temporary directory:
cd /tmp
- Download the Tomcat archive:
wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.27/bin/apache-tomcat-10.0.27.tar.gz
- Extract the archive:
sudo tar xzvf apache-tomcat-10*.tar.gz -C /opt/tomcat --strip-components=1
- Set file ownership:
sudo chown -R tomcat:tomcat /opt/tomcat
- Grant run permissions
sudo chmod -R u+x /opt/tomcat/bin
Defining Administrative Users
We need to define a user to access the Tomcat management interface.
sudo nano /opt/tomcat/conf/tomcat-users.xml
Add the following lines before the line </tomcat-users>:
<role rolename="manager-gui" />
<role rolename="admin-gui" />
<user username="manager" password="GUVENLI_SIFRE" roles="manager-gui" />
<user username="admin" password="GUVENLI_SIFRE" roles="manager-gui,admin-gui" />
Removing Management Interface Access Blocks
By default, Tomcat only allows access to the administration panel via localhost.
For Manager application:
sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
Make the following line yorum satırı:
<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve" /> -->
For Host Manager:
sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
Comment the same line here.
Creating systemd Service
- Learn the Java way:
sudo update-java-alternatives -l
- Create the service file:
sudo nano /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
- Start the service:
sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat
- Check service status:
sudo systemctl status tomcat
Access to Web Interface
Open port 8080:
sudo ufw allow 8080
Access from browser:
http://SUNUCU_IP:8080
You can manage your applications via Manager App and Host Manager.
Frequently Asked Questions (FAQ)
Why does Tomcat 10 use Jakarta EE?
The Java EE project is now developed under the name Jakarta EE.
Why can't Tomcat be run with root?
To prevent possible security vulnerabilities from affecting the entire system.
Why is there no HTTPS?
Production environments are typically provided with HTTPS using Apache or Nginx + Let's Encrypt.
Should port 8080 remain open?
If a reverse proxy is used, it is recommended to close it to the outside world.
Result
Apache Tomcat 10 now runs stably and securely on Ubuntu 20.04.
You can deploy your Java applications and control them via the administration panel.
For the production environment, it is recommended to complete the HTTPS configuration with Apache or Nginx + Let's Encrypt.
You can deploy this infrastructure on your GenixNode servers in minutes