Step 1 – Install Java

You must have JRE (Java runtime environment) installed on your system. Tomcat 10 is required to have JRE 8 or higher version installed on your system. Use the following command to install OpenJDK to fulfil the requirements.

sudo apt update
sudo apt install default-jdk -y

java -version

Step 2 – Create Tomcat User

We recommended running a Tomcat server with a dedicated user account. Create a new user, which is recommended for security purposes mainly for production deployments.

sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat

The above command will create a user and group with the name “tomcat” in your system.

Step 3 – Install Tomcat 10

Use the below command to download Tomcat 10.


Once the download is completed, extracted the downloaded archive and copy all content to the tomcat home directory.

sudo tar xzvf apache-tomcat-10*tar.gz -C /opt/tomcat –strip-components=1 Next, set the proper file permissions.

sudo chown -R tomcat:tomcat /opt/tomcat/ sudo chmod -R u+x /opt/tomcat/bin

Step 4 – Create Tomcat User

Now, configure your tomcat with user accounts to secure access of admin/manager pages. To do this, edit conf/tomcat-users.xml file in your editor and paste the following code inside <tomcat-users> </tomcat-users> tags. We recommend changing the password in the below configuration with high secured password.

sudo nano /opt/tomcat/conf/tomcat-users.xml

Add the following values. Make sure to change the password for admin and manager access.


<!– user manager can access only manager section –>

<role rolename=”manager-gui” />

<user username=”manager” password=”_SECRET_PASSWORD_” roles=”manager-gui” />

<!– user admin can access manager and admin section both –>

<role rolename=”admin-gui” />

<user username=”admin” password=”_SECRET_PASSWORD_”

roles=”manager-gui,admin-gui” />


Save file and close.

Step 5 – Enable Remote Tomcat Access

The default Tomcat manager and host-manager applications are accessible for localhost only. To allow access to these pages from the remote system, you need to modify the following configuration files.

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

Comment out the section added for IP address restriction to allow connections from anywhere.


<Context antiResourceLocking=”false” privileged=”true” >
<CookieProcessor className=”org.apache.tomcat.util.http.Rfc6265CookieProcessor”

sameSiteCookies=”strict” />
<!– <Valve className=”org.apache.catalina.valves.RemoteAddrValve”

allow=”127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1″ /> –> </Context>


Similarly edit context.xml for host manager application in text editor: sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

Comment out the same section to allow connections from anywhere.

—————————————————————————————— |

<Context antiResourceLocking=”false” privileged=”true” >
<CookieProcessor className=”org.apache.tomcat.util.http.Rfc6265CookieProcessor”


</Context> ——————————————————————————————-| Save all files and close it.

Step 6 – Create a Tomcat Systemd Unit File

Tomcat provides bash scripts to start, stop service. But, to make it simple, create a startup script to manage Tomcat as systemd service. Let’s create a tomcat.service file with the following content:

sudo nano /etc/systemd/system/tomcat.service —————————————————————————————

[Unit] Description=Tomcat

sameSiteCookies=”strict” />
<!–<Valve className=”org.apache.catalina.valves.RemoteAddrValve”

allow=”127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1″ /> –>
… |

Type=forking AmbientCapabilities=CAP_NET_BIND_SERVICE

User=tomcat Group=tomcat

Environment=”JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64″ Environment=”” Environment=”CATALINA_BASE=/opt/tomcat” Environment=”CATALINA_HOME=/opt/tomcat” Environment=”CATALINA_PID=/opt/tomcat/temp/” Environment=”CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC”

ExecStart=/opt/tomcat/bin/ ExecStop=/opt/tomcat/bin/



*Note : AmbientCapabilities=CAP_NET_BIND_SERVICE helps to bind to port 80. Also change /opt/tomcat/conf/server.xml connector port from 8080 to 80 .

sudo systemctl daemon-reload

sudo systemctl start tomcat.service sudo systemctl enable tomcat.service sudo systemctl status tomcat.service

Step 7 – Access the Tomcat Web Interface

The default Tomcat server runs on port 8080. As you have configured Tomcat on your system, you can access web interface from your system. You can access tomcat interfaces by entering your server’s IP address or a domain name pointed to that server, followed by port 8080 in your browser:

Change flexicloud.local with your server ip or domain or localhost.

http://flexicloud.local:8080/ http://flexicloud.local:8080/manager/ http://flexicloud.local:8080/host-manager/

Reference :