In this article, we will guide you through the steps of installing Tomcat 9 on CentOS 7. Apache Tomcat is the most popular and widely used Java application server. It is an open source web server and servlet container developed by the Apache Software Foundation. It executes Java servlets and renders Web pages that include Java Server Page coding. Tomcat has been downloaded more than 10 millions times and it powers mission-critical sites like Wal-Mart, The Weather Channel and much more. Installing Apache Tomcat 9 on CentOS 7 is a fairly easy task, and it shouldn’t take more than 10 minutes for Tomcat 9 to be installed on your CentOS 7 based virtual server.
Apache Tomcat 9 is built on top of the latest Java EE 8 specifications such as Servlet 4.0, EL 3.1, JSP 2.4 and WebSocket 1.2. Also, it has a lot of bug and security fixed and major improvements such as the following:
- Implements HTTP/2 (requires the APR/native library)
- Supports TLS virtual hosting
- Allows OpenSSL performance with NIO/NIO2 APIs
- Using OpenSSL for TLS with the JSSE connectors
- SNI and multiple certificates supported by all connectors
- OpenSSL engine option for NIO and NIO2
- and much more…
Table of Contents
1. Login and update the system
Login to your CentOS 7 VPS via SSH as user root
ssh root@IP_Address -p7022
and make sure that all installed packages are up to date
yum -y update
2. Install Java 8
Apache Tomcat 9 requires Java 8 or newer to be installed on the server. Java 8 packages are available in the default CentOS 7 repositories. Run the following command to install Java 8
yum install java-1.8.0-openjdk.x86_64 java-1.8.0-openjdk-devel.x86_64
This will install Java 8 and all its dependencies. Once the installation is completed, you can check the installed version using the following command
You should get the following output:
openjdk version "1.8.0_161" OpenJDK Runtime Environment (build 1.8.0_161-b14) OpenJDK 64-Bit Server VM (build 25.161-b14, mixed mode)
3. Install Tomcat 9
Go to the official Apache Tomcat website and download the most recent version of the software to your server. At the moment the most recent release is version 9.0.7.
Download the sha512 checksum of the apache-tomcat-9.0.7.zip file
Run the following command to generate the sha512 checksum of the apache-tomcat-9.0.7.zip file
sha512sum apache-tomcat-9.0.7.zip 72e042d28e4ac43310047bdb07a2b761656d4216b8702904e2878dcd6e1b659f92e322420f844f5e76109df9c70ac87ca6f4762cdf3a11100680cc2f9db9fdb5 apache-tomcat-9.0.7.zip
And compare if the sha512 checksum is the same as the checksum the file apache-tomcat-9.0.7.zip.sha512 contains
cat apache-tomcat-9.0.7.zip.sha512 72e042d28e4ac43310047bdb07a2b761656d4216b8702904e2878dcd6e1b659f92e322420f844f5e76109df9c70ac87ca6f4762cdf3a11100680cc2f9db9fdb5 *apache-tomcat-9.0.7.zip
If the checksums are the same like in the output above, unpack the downloaded zip archive
unzip apache-tomcat-9.0.7.zip -d /opt
This will create a new directory named ‘apache-tomcat-9.0.7’. We will rename it to something simpler
cd /opt mv apache-tomcat-9.0.7/ tomcat
Run the following commands to set the CATALINA_HOME environment variable
echo "export CATALINA_HOME='/opt/tomcat/'" >> ~/.bashrc source ~/.bashrc
It is not recommended to run Apache Tomcat as user root, so we will create a new system user which will run the Tomcat server
useradd -r tomcat --shell /bin/false
and change the ownership of all Tomcat files
chown -R tomcat:tomcat /opt/tomcat/
Create the a systemd file with the following content
nano /etc/systemd/system/tomcat.service [Unit] Description=Apache Tomcat 9 After=syslog.target network.target [Service] User=tomcat Group=tomcat Type=forking Environment=CATALINA_PID=/opt/tomcat/tomcat.pid Environment=CATALINA_HOME=/opt/tomcat Environment=CATALINA_BASE=/opt/tomcat ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh Restart=on-failure [Install] WantedBy=multi-user.target
Save the file and run the following command to reload the systemd manager configuration
4. Configure Tomcat 9
Now you can start the Apache Tomcat 9 server and enable it to start on boot time
systemctl start tomcat systemctl enable tomcat
You can check the status of the Tomcat 9 server and confirm that it is properly installed by executing the following command
systemctl status tomcat
● tomcat.service - Apache Tomcat 9 Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: disabled) Active: active (exited) since Wed 2018-04-11 05:59:13 CDT; 2min 31s ago Process: 1091 ExecStart=/opt/tomcat/bin/startup.sh (code=exited, status=0/SUCCESS) Main PID: 1091 (code=exited, status=0/SUCCESS) CGroup: /system.slice/tomcat.service └─1106 /usr/bin/java -Djava.util.logging.config.file=/opt/tomcat/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djdk.tls.ephemeralDHKeySize=2048
You should now be able to access the Tomcat server in your favorite web browser. Apache Tomcat by default is listening on port 8080, so open the browser and navigate to
http://IP_address:8080 and you will see the home page of Apache Tomcat.
Now just $43 .99
5. Create Tomcat 9 user account
You can create a new Tomcat user in order to be able to acess the Tomcat manager. Open the tomcat-users.xml file and add the following lines:
nano /opt/tomcat/conf/tomcat-users.xml <role rolename="admin-gui" /> <user username="admin" password="PASSWORD" roles="manager-gui,admin-gui" </tomcat-users>
Don’t forget to replace PASSWORD with an actual strong password.
By default the Tomcat Manager is only accessible from a browser running on the same machine as Tomcat. If you want to remove this restriction, you’ll need to edit the Manager’s context.xml file, and comment out or remove the following line:
nano /opt/tomcat/webapps/manager/META-INF/content.xml <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
6. Restart Apache Tomcat 9
restart the Apache Tomcat server for the changes to take effect.
systemctl restart tomcat
7. Tomcat 9 Web Access
Now, you will be able to access the Apache Tomcat Manager by clicking the ‘Manager App’ button on the homepage, or directly at
http://IP_address:8080/manager/html using user ‘admin’ and password ‘PASSWORD’
Of course you don’t have to install Tomcat 9 on CentOS 7 if you use one of our optimized Tomcat 9 Web Hosting Solution, which case you can simply ask our expert Linux admins to install Tomcat 9 on CentOS 7 for you. They are available 24×7 and will take care of your request immediately.
PS. If you liked this post, on how to install Tomcat 9 on CentOS 7, please share it with your friends on the social networks using the buttons on the left or simply leave a reply below. Thanks.
11 thoughts on “Install Tomcat 9 on CentOS 7”
Also, you should at least download the sha512 from a different mirror and check that the downloaded .zip didn’t get corrupted o worst :)
Thanks, we have included this in the blog post.
Great article, thanks for the effort
At step 4, when I am starting tomcat by using “systemctl start tomcat”, it is simply starting the service however, when I checking the status it is saying
Process: 32732 ExecStop=/opt/tomcat/bin/shutdown.sh (code=exited, status=1/FAILURE)
On execution: journalctl -xe
It is saying that:
PID file found but either no matching process was found or the current user does not have permission to stop
Unit tomcat.service entered failed state.
Any suggestions on this?
Assuming this comes way too late to benefit @Binay Sharma, but two shell scripts are missing the executable bit. Fix this by issuing the following commands:
chmod a+x /opt/tomcat/bin/startup.sh
chmod a+x /opt/tomcat/bin/catalina.sh
After this Tomcat starts fine.
There is a typo in the user entry in the /opt/tomcat/conf/tomcat-users.xml:
<user username="admin" password="PASSWORD" roles="manager-gui,admin-gui"
Lacks "closing" and should read:
This was missing
sudo firewall-cmd –zone=public –permanent –add-port=8080/tcp
sudo firewall-cmd –reload
before I was able to access apaches port from other machine.
Now however I only get a blank page, no idea what I might be missing.
The commands should actually be as follows, this is close but did not take on my machine.
firewall-cmd –permanent –zone=public –add-port=8080/tcp
Please add the sections below to fix the missing PID file when starting tomcat manually for example with
sudo -u tomcat /opt/tomcat/bin/startup.sh
add the line below
chown tomcat:tomcat /opt/tomcat/bin/setenv.sh
chmod 750 /opt/tomcat/bin/setenv.sh
I tried running the command – “systemctl start tomcat”. I got an error that – “Job for tomcat.service failed because the control process exited with error code. See “systemctl status tomcat.service” and “journalctl -xe” for details.”
Then I ran the command- “journalctl -xe” and got the following error –
“Unit tomcat.service entered failed state.
tomcat.service holdoff time over, scheduling restart.
Cannot add dependency job for unit systemd-vconsole-setup.service, ignoring: Unit is masked.
Stopped Apache Tomcat 9.”