Tomcat 9 GITLab Configuration - daniel-hong-sicis/streaming GitHub Wiki
Install Tomcat9
Creating a System User
Running Tomcat under the root user is a security risk. We’ll create a new system user and group with home directory /opt/tomcat that will run the Tomcat service. To do so, enter the following command:
sudo useradd -m -U -d /opt/tomcat -s /bin/false tomcat
Downloading Tomcat9
Tomcat binary distribution is available for download from the Tomcat downloads page .
At the time of writing, the latest Tomcat version is 9.0.35. Before continuing with the next step, check the Tomcat 9 download page to see if a newer version is available.
Use wget to download the Tomcat zip file to the /tmp directory:
VERSION=9.0.35
wget https://www-eu.apache.org/dist/tomcat/tomcat-9/v${VERSION}/bin/apache-tomcat-${VERSION}.tar.gz -P /tmp
Once the download is complete, extract the tar file to the /opt/tomcat directory::
sudo tar -xf /tmp/apache-tomcat-${VERSION}.tar.gz -C /opt/tomcat/
Tomcat is updated on a regular basis with security patches and new features. To have more control over versions and updates, we’ll create a symbolic link called latest, that points to the Tomcat installation directory:
sudo ln -s /opt/tomcat/apache-tomcat-${VERSION} /opt/tomcat/latest
Later, when upgrading Tomcat, unpack the newer version and change the symlink to point to it. The system user that was previously created must have access to the tomcat installation directory. Change the directory ownership to user and group tomcat:
sudo chown -R tomcat: /opt/tomcat
The shell scripts inside the Tomcat’s bin directory must be executable :
sudo sh -c 'chmod +x /opt/tomcat/latest/bin/*.sh'
Creating SystemD Unit File
Instead of using the shell scripts to start and stop the Tomcat server, we’ll set it to run as a service.
Open your text editor and create a tomcat.service unit file in the /etc/systemd/system/ directory:
sudo nano /etc/systemd/system/tomcat.service
Paste the following configuration:
on the /etc/systemd/system/tomcat.service
[Unit]
Description=Tomcat 9 servlet container
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"
Environment="CATALINA_BASE=/opt/tomcat/latest"
Environment="CATALINA_HOME=/opt/tomcat/latest"
Environment="CATALINA_PID=/opt/tomcat/latest/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
ExecStart=/opt/tomcat/latest/bin/startup.sh
ExecStop=/opt/tomcat/latest/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Modify the JAVA_HOME variable if the path to your Java installation is different. Save and close the file and notify systemd that a new unit file exists:
sudo systemctl daemon-reload
Enable and start the Tomcat service:
sudo systemctl enable --now tomcat
Check the service status:
sudo systemctl status tomcat
The output should show that the Tomcat server is enabled and running:
● tomcat.service - Tomcat 9 servlet container
Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-05-25 17:58:37 UTC; 4s ago
Process: 5342 ExecStart=/opt/tomcat/latest/bin/startup.sh (code=exited, status=0/SUCCESS)
Main PID: 5362 (java)
...
You can start, stop and restart Tomcat same as any other systemd service:
sudo systemctl start tomcat
sudo systemctl stop tomcat
sudo systemctl restart tomcat
Configuring Firewall
If your server is protected by a firewall and you want to access Tomcat from the outside of your local network, you need to open port 8080.
Use the following command to open the necessary port:
sudo ufw allow 8080/tcp
Install Docker
sudo docker run --detach \
--hostname sicis.ddns.net \
--publish 9443:443 --publish 9022:22 \
--name gitlab \
--restart always \
--volume $GITLAB_HOME/config:/etc/gitlab \
--volume $GITLAB_HOME/logs:/var/log/gitlab \
--volume $GITLAB_HOME/data:/var/opt/gitlab \
gitlab/gitlab-ee:latest