Tomcat Installation - Ubuntu

-

 



Post shows steps to install Tomcat. I am using Apache Tomcat for deploying Java WAR files.

Java need to be installed as a pre request.

For security purposes, Tomcat should run under a separate, unprivileged user. 

root@tomcat:~# useradd -m -d /opt/tomcat -U -s /bin/false tomcat
root@tomcat:~#

By supplying /bin/false as the user’s default shell, you ensure that it’s not possible to log in as tomcat.

Installing Java:

root@tomcat:~# apt install default-jdk

root@tomcat:~# java -version
openjdk version "11.0.16" 2022-07-19
OpenJDK Runtime Environment (build 11.0.16+8-post-Ubuntu-0ubuntu120.04)
OpenJDK 64-Bit Server VM (build 11.0.16+8-post-Ubuntu-0ubuntu120.04, mixed mode, sharing)
root@tomcat:~# 

Downloading Tomcat 10.

root@tomcat:~# cd /tmp

root@tomcat:/tmp# wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.0.23/bin/apache-tomcat-10.0.23.tar.gz

Then, extract the archive you downloaded by running:

root@tomcat:/tmp# tar xzvf apache-tomcat-10*tar.gz -C /opt/tomcat --strip-components=1

root@tomcat:/tmp# chown -R tomcat:tomcat /opt/tomcat/
root@tomcat:/tmp# chmod -R u+x /opt/tomcat/bin
root@tomcat:/tmp#

To gain access to the Manager and Host Manager pages, you’ll define privileged users in Tomcat’s configuration.

You will need to remove the IP address restrictions, which disallows all external IP addresses from accessing those pages.

Tomcat users are defined in /opt/tomcat/conf/tomcat-users.xml.

<role rolename="manager-gui" />
<user username="manager" password="password" roles="manager-gui" />

<role rolename="admin-gui" />
<user username="admin" password="password" roles="manager-gui,admin-gui" />
Here you define two user roles, manager-gui and admin-gui, which allow access to Manager and Host Manager pages, respectively. 

Built-in Tomcat manager roles:
    - manager-gui    - allows access to the HTML GUI and the status pages
    - manager-script - allows access to the HTTP API and the status pages
    - manager-jmx    - allows access to the JMX proxy and the status pages
    - manager-status - allows access to the status pages only

By default, Tomcat is configured to restrict access to the admin pages, unless the connection comes from the server itself. 

To access those pages with the users you just defined, you will need to edit config files for those pages.

To remove the restriction for the Manager page - /opt/tomcat/webapps/manager/META-INF/context.xml

Comment out the Valve definition.

<!--  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

Save and close the file, then repeat for Host Manager:

<!--  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> -->

You have now defined two users, manager and admin, which you will later use to access restricted parts of the management interface. 

Lets create systemd for TOMCAT.

The systemd service that you will now create will keep Tomcat quietly running in the background. 

The systemd service will also restart Tomcat automatically in case of an error or failure.

Create a file /etc/systemd/system/tomcat.service.

root@tomcat:/tmp# cat /etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat

Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target
root@tomcat:/tmp#

root@tomcat:/tmp# systemctl daemon-reload

root@tomcat:/tmp# systemctl start tomcat
root@tomcat:/tmp# systemctl status tomcat
● tomcat.service - Tomcat
     Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
     Active: active (running) since Sat 2022-08-06 18:56:26 MST; 5s ago
    Process: 2875 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS)
   Main PID: 2882 (java)
      Tasks: 29 (limit: 2171)
     Memory: 126.0M
     CGroup: /system.slice/tomcat.service
             └─2882 /usr/lib/jvm/java-11-openjdk-amd64/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderL>

Aug 06 18:56:26 tomcat systemd[1]: Starting Tomcat...
Aug 06 18:56:26 tomcat startup.sh[2875]: Tomcat started.
Aug 06 18:56:26 tomcat systemd[1]: Started Tomcat.
root@tomcat:/tmp#

root@tomcat:/tmp# systemctl enable tomcat

Allow port 8080 on firewall.

root@tomcat:/tmp# ufw allow 8080
Rules updated
Rules updated (v6)
root@tomcat:/tmp#

Access the Tomcat page on https://localhost:8080




Comments

Post a Comment

Popular posts from this blog

SRE/DevOps Syllabus

-
Image
  DEVOPS/SRE Principles. Git What is Git? Architecture of Git. Working principle of Git. Create and cloning a repo. Version control branching. Version control commit. Version control managing workflows. Git hooks. Git Reflog. Git Stash. Git Cherry Picking. Undoing changes in different states of Git. Git based terraform template management. AWS CI/CD SDLC Automation. Code Commit. Code Build. Code Deployment. Code Pipeline. Elastic Beankstalk. Code Artifact. CodeGuru. Terraform Terraform Basics. Terraform State. Working with Terraform. Terraform with AWS. Remote State. Terraform Provisioners. Terraform Import, Tainting and Debugging. Terraform Modules. Terraform Functions and Conditional Expressions. Automation using Python - AWS AWS lambda. Automating EC2 with Lambda. Automating S3 with Lambda. Automating VPC with Lambda. Cost optimization with Lambda. SNS,SQS and SES with Python. Managing and Automating AWS Security with Python. Kubernetes - CKAD Application Developer. Kubernetes A...
Read more

AWS Code Commit - CI/CD Series Part 1

-
Image
  This is a multi-part series to show how to implement a CI/CD pipeline in AWS. In this post, We will see how to use AWS Code Commit. AWS CodeCommit is a fully managed source control service that allows you to store and manage your code securely in the cloud.  It provides a private Git repository for your code and supports all Git commands and workflows. CodeCommit also integrates with other AWS services like AWS CodePipeline and AWS CodeBuild, allowing you to automate your entire software release process. This can help you streamline your development workflows and improve the overall efficiency of your team. I created a repo from AWS CodeCommit -> Create Repository. And I begin with cloning the repo locally. So that I can make changes and push it. To clone the repo click on "HTTPS" under Clone URL. I make changes to index.html file. Now push it to AWS CodeCommit. Let’s verify the changes in AWS Code commit. Changes are reflected in AWS CodeCommit. We are done with Part ...
Read more

Docker - Preventing IP overlapping

-
Image
  What is IP address overlapping? When the container IP address overlaps with another IP external, then the application running on the container is not accessible from outside due to the IP address overlapping.  NOTE: This IP address overlapping can happen on the bridge interface IP or docker container IP. Let's see how to address this IP overlapping issue on the bridge interface. I already have a running container.  root@demo:~# docker run -d --name web --network mynet1 nginx:alpine 268647e11011d513d2357ce1c81e0f48787038a83d01d028d31a5b29dbdb885b root@demo:~# docker container ls CONTAINER ID   IMAGE          COMMAND                  CREATED         STATUS         PORTS     NAMES 268647e11011   nginx:alpine   "/docker-entrypoint.…"   4 seconds ago   Up 3 seconds   80/tcp  ...
Read more