How to Install Apache Tomcat on Rocky Linux 8

Apache Tomcat is an open-source web server that allows you to run web applications written in Java. Just like the popular Apache web server, Tomcat is also developed and maintained by a free community of developers.

Like Apache, Apache Tomcat is an HTTP server that serves HTTP and is also a servlet container. Apache is a general-purpose HTTP server that supports several advanced options that Tomcat does not. The Tomcat functions primarily as a servlet and JSP server for Java technologies for development purposes. Thus can be used to provide your Java servlets and JSPs. So, you can create your WAR file ( Web Application Archive) in your Java project and simply save it in the Tomcat deployment directory.

Here we learn how to install and configure Apache Tomcat on Rocky Linux 8… However, the given steps in this tutorial are also applicable for CentOS 8, RHEL, and AlmaLinux 8… 


  • 64-bit RHEL Linux Server or the one based on it such as Rocky, CentOS or AlmaLinux
  • 2GB of Memory or more as per your requirements
  • Access to a user with sudo rights
  • SSH access for CLI server, so that you can easily copy-paste the commands.


Update your Rocky Linux system

Run system update command to get the latest stable state for all the installed packages on your Rocky Linux system. Here is the command-

sudo dnf update


Install OpenJDK Runtime Environment

Opensource Java JRE and JDK both are available in the repository of Rocky Linux and the same is true for other similar Linux server distros. Here we will install OpenJDK 11, you can also go for version 8 if you want.

Command for OpenJDK 11

sudo dnf install java-11-openjdk.x86_64

Developers can also install OpenJDK 11 Development Environment

sudo dnf install java-11-openjdk-devel.x86_64


For OpenJDK 8

sudo dnf install java-1.8.0-openjdk.x86_64

For OpenJDK 11 Development Environment

sudo dnf install java-1.8.0-openjdk-devel.x86_64


Check Java Version

Once the installation of any of the above-given versions is completed, check it using the below command to confirm the installation.

java --version

The output will be like this-

openjdk 11.0.11 2021-04-20 LTS
OpenJDK Runtime Environment 18.9 (build 11.0.11+9-LTS)
OpenJDK 64-Bit Server VM 18.9 (build 11.0.11+9-LTS, mixed mode, sharing)


Create a non-root user for Tomcat

Let’s create a group and user that will have access to Tomcat only and cannot be used for other purposes such as login to the system to install or delete anything.

Add Tomcat group-

sudo groupadd tomcat

Create a directory to save Apache Tomcat files

sudo mkdir /opt/tomcat

Add user and set the above-created directory its home folder and also disable its login rights using the below command-

sudo useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat


Download latest Apache Tomcat 10 on Rocky Linux

Multiple versions of Tomcat are available such as Tomcat 8, 9, and 10.  All these three support Java 8 and later versions. Thus, you can download the one as per your choice. However, here we are downloading the latest Apache Tomcat 10 version, which was available while writing this article. Get the one from the official website.

Download latest Apache Tomcat version on rocky Linux

Select the version of Tomcat you want to download then right-click on the Tar.gz file and copy its link. After that paste that with wget command to download it directly using the terminal.

wget paste-link

For example- here we are downloading Tomcat 10, thus we copy the link available for that.



Extract and move files

Once the downloading is completed, extract the Tar file and copy it to /opt/tomcat directory, we have created earlier.

sudo tar -zxvf apache-tomcat-*.tar.gz -C /opt/tomcat --strip-components=1

To check whether it has been extracted and copied successfully type-

ls /opt/tomcat


Extract Tomcat tar ball file


Set Permission

As we already have created a dedicated user for Tomcat, thus we permit it to read the files available in it.

sudo chown -R tomcat: /opt/tomcat

Also, allow the script available inside the folder to execute.

sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'


Create Apache Tomcat service file

By default, we won’t have a Systemd unit file for Tomcat like the Apache server to stop, start and enable its services. Thus, we create one, so that we could easily manage it.

sudo dnf install nano -y
sudo nano /etc/systemd/system/tomcat.service

Paste the following code in it-

Description=Tomcat webs servlet container




Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"



To save the press Ctrl+X, type –Y and hit the Enter Key.


Start, Enable and Check Service status

After successfully creating systemd unit file for tomcat, start its service using the below-given commands-


sudo systemctl start tomcat


sudo systemctl enable --now tomcat

Check Status

sudo systemctl status tomcat


 tomcat.service - Tomcat webs servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset:>
Active: active (running) since Fri 2021-05-07 20:44:20 IST; 8s ago
Process: 17781 ExecStart=/opt/tomcat/bin/ (code=exited, status=0/SU>
Main PID: 17788 (java)
Tasks: 29 (limit: 20249)
Memory: 155.6M
CGroup: /system.slice/tomcat.service
└─17788 /usr/lib/jvm/jre/bin/java -Djava.util.logging.config.file=/o>

May 07 20:44:20 demo.how2shout.local systemd[1]: Starting Tomcat webs servlet c>
May 07 20:44:20 demo.how2shout.local systemd[1]: Started Tomcat webs servlet co>


Open port 8080 in Rocky Linux Firewall

To access the Apache Tomcat web interface outside the localhost, we need to open port 8080 in the firewall of Rocky Linux, CentOS, or Almalinux you are using.

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --reload


Access web interface

Open browser, if you are using the browser on the same system where you have installed the Tomcat then simply use-


However, the browser on any other system that can access the Ip-address of your server where you have installed the Apache Tomcat and type the address with port number 8080.

Example- Our server IP address is with port number 8080, it will be like this-

Note– A 403 error will appear while using it on any other PC to access the management interface.

Apache Tomcat installed on Rocky Linux

403 Access Denied on Tomcat 10/9/8 error

As we click on “Server Status“, “Manager App” and “Host Manager” you will see a 403 Access Denied error. Something like given below will appear.


403 Access Denied
You are not authorized to view this page.
By default the Host Manager is only accessible from a browser running on the same machine as Tomcat. If you wish to modify this restriction, you'll need to edit the Host Manager's context.xml file.

Tomcat 403 Access denied error solution

To solve this error perform the following given steps…

1. Add Username and password to Tomcat User XML file.

sudo nano /opt/tomcat/conf/tomcat-users.xml

At the end just before </tomcat-users> tag copy and paste the following lines.
Note– Change the username and password, with whatever you want to set for your Tomcat.

<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>

<user username="h2s" password="pwd" roles="admin,admin-gui,manager,manager-gui"/>

Save the file and exit- Ctrl+X, type- Y, and hit the Enter key.


2.  Edit Manager Conext XML file

Edit the Context file  

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

In the file, scroll and go to the end and comment out the following block of text-

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Just add <!-- at the beginning and --> in the end, after that, this will look like something this-

<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Save the file and exit- Ctrl+X, type- Y, and hit the Enter key.

It should look like the way it has shown, in the below screenshot…

Edit Manager Context file in Tomcat 10

3. Edit Host-Manager Context.XML file

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

Just like above, also add <!-- at the beginning and --> in the end of the text given below in the file, after that, this will look like something this-

<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Save the file and exit.

Note-: By commenting out, the Tomcat will not be able to read this and let the user access the Manager backend using a remote PC.

4.  Restart Tomcat service-

sudo systemctl restart tomcat

Access Tomcat web management interface

Finally, refresh your browser and when you click on the Manager App button to access the backend, the browser will ask for the username and password that you have set in the Tomcat User XML file. Just furnish that and login to access it.

Add username and password
Add username and password
Server Status
Server Status


Web Application Manager
Web Application Manager
Tomcat Virtual Host Manager
Tomcat Virtual Host Manager

So, this was a complete tutorial to install and access Apache Tomcat on RHEL based Linux Rocky, AlmaLinux, and CentOS.



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.