How to Install Tomcat 9 on Ubuntu 20.04

How to Install Tomcat 9 on Ubuntu 20.04

This tutorial explains how to install and configure Tomcat 9 on Ubuntu 20.04.

Apache Tomcat is an open-source web server and Java servlet container. This is one of the most popular choices for building websites and Java-based applications. Tomcat is lightweight, easy to use, and has a strong add-on ecosystem.

Java Installation

Tomcat 9 requires Java SE 8 or newer to be installed on the system. We will install OpenJDK 11, the open-source implementation of the Java Platform.

Run the following command as root or a user with sudo or root privileges to update the package index and install the JJK OpenJDK 11 package:
sudo apt update
sudo apt install openjdk-11-jdk

After the installation is complete, verify by checking the Java version:

java -version

The output will look like this:

Output :

openjdk version "11.0.7" 2020-04-14
OpenJDK Runtime Environment (build 11.0.7+10-post-Ubuntu-3ubuntu1)
OpenJDK 64-Bit Server VM (build 11.0.7+10-post-Ubuntu-3ubuntu1, mixed mode, sharing)

Creating System Users

Running Tomcat under the root user is a security risk. We will create a new system user and group with the home / opt / tomcat directory which will run the Tomcat service. To do this, enter the following command:

sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat

Downloading Tomcat

The Tomcat binary distribution is available for download from the Tomcat download page.

At the time of writing, the latest Tomcat version is 9.0.35. Before proceeding with the next step, check the Tomcat 9 download page to see if a newer version is available.

Use wget to download the Tomcat zip file to the / tmp directory:
wget${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp

After the download is complete, extract the tar file to the / opt / tomcat directory :

sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/

Tomcat is updated regularly with security patches and new features. To have more control over versions and updates, we will create a symbolic link called the latest, which points to the Tomcat installation directory:

sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest

Then, when updating Tomcat, unpack the newer version and change the symlink to direct it.

System users who were previously created must have access to the Tomcat installation directory. Change directory ownership to Tomcat users and groups:

sudo chown -R tomcat: /opt/tomcat

The shell script in the Tomcat bin directory must be executable:

sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'

This script is used to start, stop and, if not, manage Tomcat instances.

Creating a SystemD Unit File

Instead of using shell scripts to start and stop the Tomcat server, we will set it to run as a service.

Open your text editor and create the tomcat.service unit file in the / etc / systemd / system / directory:

sudo nano /etc/systemd/system/tomcat.service

Paste the following configuration:

Description=Tomcat 9 servlet container



Environment=" -Djava.awt.headless=true"

Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"



Modify the JAVA_HOME variable if the path to your Java installation is different.

Save and close the file and notify the system that there is a new unit file:

sudo systemctl daemon-reload

Activate and start the Tomcat service:

sudo systemctl enable --now tomcat

Check service status:

sudo systemctl status tomcat

The output will indicate that the Tomcat server is activated and running:

Output :

tomcat.service - Tomcat 9 servlet container
     Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago
    Process: 5342 ExecStart=/opt/tomcat/latest/bin/ (code=exited, status=0/SUCCESS)
   Main PID: 5362 (java)

You can start, stop and restart Tomcat just like any other system service:
sudo systemctl start tomcat
sudo systemctl stop tomcat
sudo systemctl restart tomcat

Configure the Firewall

If your server is protected by a firewall and you want to access Tomcat from outside your local network, you need to open port 8080.

Use the following command to open the required port:

sudo ufw allow 8080/tcp

Generally, when running Tomcat in a production environment, you should use a load balancer or reverse proxy. It’s a best practice to allow access to port 8080 only from your internal network.

Configure the Tomcat Web Management Interface

At this point, you should be able to access Tomcat with a web browser on port 8080. The web management interface cannot be accessed because we have not created a user.

Tomcat users and roles are defined in the tomcat-users.xml file. This file is a template with comments and examples showing how to create users or roles.

In this example, we will create users with the roles “admin-gui” and “manager-gui”. The role of “admin-gui” allows users to access the URL / host-manager / html and create, delete, and manage virtual hosts. The role of “manager-gui” allows users to deploy and idle web applications without having to restart the entire container via the / host-manager / html interface.

Open the tomcat-users.xml file and create a new user, as shown below:

sudo nano /opt/tomcat/latest/conf/tomcat-users.xml


   <role rolename="admin-gui"/>
   <role rolename="manager-gui"/>
   <user username="admin" password="admin_password" roles="admin-gui,manager-gui"/>

Make sure you change your username and password into something safer.

By default, the Tomcat web management interface is configured to allow access to the Manager and Host Manager applications only from local hosts. To access the web interface from a remote IP, you must remove this restriction. This may have various security implications, and is not recommended for production systems.

To enable access to the web interface from anywhere, open the following two files and comment or delete the highlighted line in yellow.

For the Manager application:

sudo nano /opt/tomcat/latest/webapps/manager/META-INF/context.xml

For the Host Manager app:

sudo nano /opt/tomcat/latest/webapps/host-manager/META-INF/context.xml


<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

If you want to access the web interface only from certain IPs, instead of commenting, add your public IP to the list.

Let’s say your public IP is and you only want to allow access from that IP:

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|" />

The list of permitted IP addresses is a separate list with a vertical bar |. You can add a single IP address or use regular expressions.

When finished, restart the Tomcat service so that the changes take effect:

sudo systemctl restart tomcat

Test the Tomcat Installation

Open your browser and type: http: // : 8080

Assuming a successful installation, a screen similar to the following will appear:


The Tomcat web application manager is available at: http: // <your_domain_or_IP_address>: 8080 / manager / html.


The Tomcat virtual host manager is available at: http: // <your_domain_or_IP_address>: 8080 / host-manager / html.



We have shown you how to install Tomcat 9.0 on CentOS 8 and how to access the Tomcat management interface.

For more information about Apache Tomcat, visit the official documentation page.

If you experience problems or get feedback, leave a comment below.

Related posts

How to Install Spotify on Ubuntu 20.04


How to Install the ElkArte Forum Software on Ubuntu 20.04


How to Play PS2 Games on Ubuntu Using PCSX2


How to Find Active SSH Connections on Linux


How to delete a Terminal on Ubuntu and other Linux distributions


How to run Linux on an Android device


How to compile the ONLYOFFICE Document Server from source code on Ubuntu


How to Destroy / Erase Data Safely on Hard Drive with Damaged on Linux


How to Install MySQL on Ubuntu 20.04