Install Apache Tomcat 10 on Debian 11 Linux

Learn the steps and commands to install the latest version of Apache Tomcat on Debian 11 Bullseye Linux to test various Java-based applications…

Apache Tomcat is an open-source web server that allows you to run web applications written in Java. Tomcat is developed and maintained by a free community of developers and our Apache license is published as open-source software.

Well, Tomcat is significantly different from the Apache web server, it was developed to primarily focus on Web applications. Tomcat does not understand URLs as a file specification, but as a notification of a user action. This is comparable to event-driven programming in classic GUI programming: a click on a button generates an event that the window manager reports to the program. Calling up a URL is analogous, be it in the form of a link or a form called.

We can set up Tomcat on almost all popular operating systems because the key requirements of it is Java 8 or higher depending upon which version you are planning to use. It is available in both 32-bit and 64-bit.

Apache Tomcat 10 installation on Debian 11 Linux

1. Install OpenJDK- Java

As we know the key requirement to install Tomcat is Java, thus first we set up an open-source Java Development kit on Debian 11 using the terminal.

Before moving further, run the system update command once.

sudo apt update

The OpenJDK packages are available in the default base repository of Debian 11, thus use the given command to install it.  The java version supported is 8 or above. Here we are installing Java 11.

sudo apt install openjdk-11-jdk

To check and confirm, the Java has been installed successfully, see its version…

java -version

Output:

[email protected]:~$ java -version
openjdk version "11.0.11" 2021-04-20
OpenJDK Runtime Environment (build 11.0.11+9-post-Debian-1)
OpenJDK 64-Bit Server VM (build 11.0.11+9-post-Debian-1, mixed mode, sharing)

 

2. Download and Install Apache Tomcat on Debian 11

You can get the latest version directly from the official webpage of the Tomcat, or use the wget command given below to get the 10.03 version.

wget https://downloads.apache.org/tomcat/tomcat-10/v10.0.8/bin/apache-tomcat-10.0.8.tar.gz

Extract the downloaded file to /opt directory so that we won’t delete it accidentally.

1. Create a directory under /opt to extract files.

sudo mkdir /opt/tomcat

2. Now, extract the downloaded Tomcat Tar file into the created directory.

sudo tar xzvf apache-tomcat-10*tar.gz -C /opt/tomcat --strip-components=1

Create a dedicated user

To ensure the security of the system while testing various web applications, let’s create a non-root user that has only access to the created /opt/tomcat folder.

sudo groupadd tomcat
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

 

3. Assigning Tomcat user permissions

Well, we already have set up the files that require using this open-source web application server, now let’s assign the permission of the folder to the user we have created above for it.

sudo chown -R tomcat: /opt/tomcat
sudo sh -c 'chmod +x /opt/tomcat/bin/*.sh'

 

4. Create a Systemd service file

By default, we won’t have a Systemd unit file for Tomcat to run it in the background and to easily stop, start and enable its services. Thus, we create one, so that we could manage it without any issue.

Create Systemd unit file

sudo nano /etc/systemd/system/tomcat.service

Paste the following block of code in it-

[Unit]
Description=Tomcat webs servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat
RestartSec=10
Restart=always 
Environment="JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"

Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

Create Systemd service file for Apache tomcat 10 on Debian 11

To save the press Ctrl+X, type –Y and hit the Enter Key.

Note: In the above-given code for creating a systemd file, we have to mention the path of Java. However, the given one in the above code is the default path, still, to confirm the same you can run the below command:

sudo update-java-alternatives -l

Check installed Java Path

 

5. Enable and start Tomcat service on Debian 11

Finally, we have plugged in all the necessary things to start Tomcat service in the background on Debian 11 Bulleye. Let’s enable and run the same.

sudo systemctl daemon-reload
sudo systemctl start tomcat
sudo systemctl enable tomcat

To confirm everything is working normally, check the status of service:

systemctl status tomcat

Tomcat service status on Debian 11 Bullseye

6. Add Roles and Admin username and password

This step is important, without performing it we will get an error: “403 Access Denied on Tomcat 10/9/8 error” as we click on “Server Status“, “Manager App” and “Host Manager” links on the Apache Tomcat Web interface.

Edit user configuration file.

sudo nano /opt/tomcat/conf/tomcat-users.xml

At the end just before </tomcat-users> tag copy and paste the following lines.
Note– Change the username and password values with whatever you want to set for your Tomcat.

<role rolename="admin"/>
<role rolename="admin-gui"/>
<role rolename="manager"/>
<role rolename="manager-gui"/>

<user username="h2s" password="pwd" roles="admin,admin-gui,manager,manager-gui"/>

Save the file and exit- Ctrl+X, type- Y, and hit the Enter key.

Add Admin username and password for Tomcat

 

7. Enable Tomcat and Host Manager Remote access

By default, you won’t be able to access your installed Tomcat Manager sections (web interface) outside the local system. For that, we have to enable it by editing individually the context.xml file available for Tomcat Manager and Host Manager.

For Tomcat Manager’s remote access:

Edit the Context file  

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

In the file, scroll and go to the end and comment out the following block of text-

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Just add <!-- at the beginning and --> in the end, after that, this will look like something this-

<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Save the file and exit- Ctrl+X, type- Y, and hit the Enter key.

To get an idea see the below-given screenshot:

Enable remote access to Host Manager

 

For Host manager remote access:

sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

Just like above, also add <!-- at the beginning and --> at the end of the text given below in the file, after that, this will look like something this-

<!-- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Save the file and exit.

Note-: By commenting out, the Tomcat will not be able to read this and let the user access the Manager backend using a remote PC.

Restart Tomcat service-

sudo systemctl restart tomcat

 

8. Open port 8080 in Debian 11 Firewall

The service to access the web interface via browser is available on port 8080 and to access the same remotely using any other system, we have to allow its outgoing connection in firewall.

sudo ufw allow 8080

 

9.  Access Tomcat Web interface

Open any browser on the local or remote system and point it to the IP address or domain of the server where you have installed the Apache Tomcat.

For example:

http://server-ip-addres:8080
or 
http://youdomain.com:8080

Apache Tomcat installation on Debian 11 Bulleye Linux server status

Web Application Manager

Web Application Manager

Virtual Host Manager

Virtual Host Manager

In this way, we can deploy the Apache Tomcat on Debian 11 Bulleye without any error. In case you are facing any problems while performing the above tutorial, the comment section is all yours!!

 

 

Comments (3)

  1. Frédéric Duhin September 16, 2021
    • Antoine Soupirot September 16, 2021
      • Frédéric Duhin September 20, 2021

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.