Ubuntu Tomcat Installation - pwm-project/pwm GitHub Wiki
It is recommended to install Tomcat from source using the latest version supported by PWM.
For this example, Tomcat will be installed to /opt/tomcat
Navigate to https://tomcat.apache.org/download-90.cgi and download the latest Tomcat 9.x distribution. Unzip this file into /opt/ and rename to tomcat so that it is /opt/tomcat. This just makes it easier to update down the road without using version numbers.
Step 1: Create tomcat user and add to group
sudo useradd -c "Apache Tomcat" -r -s /usr/sbin/nologin tomcat
sudo adduser tomcat tomcat
Step 2: Set permissions
sudo chown -R tomcat:tomcat /opt/tomcat
sudo chmod -R 0755 /opt/tomcat/bin/*.sh
sudo chmod -R 0664 /opt/tomcat/logs
sudo chmod -R 0755 /opt/tomcat/webapps
Step 3: Create either a (A) init.d or (B) systemd script, do not try and create both.
Step 3 (A): Create init.d startup script
Use the below script to create a new file under /etc/init.d/ named 'tomcat'. Please adjust the INST_PATH variable to where you have installed Tomcat
#!/bin/bash
#
# Startup script for Tomcat Servlet Engine
#
# chkconfig: 345 86 14
# description: Tomcat Servlet Engine
#
### BEGIN INIT INFO
# Provides: tomcat
# Required-Start: $remote_fs $syslog $network
# Required-Stop: $remote_fs $syslog $network
# Default-Start: 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Tomcat Servlet Engine
# Description: Tomcat Servlet Engine
### END INIT INFO
#
# Directory where tomcat is installed
INST_PATH=/opt/tomcat
# User under which tomcat will run
RUN_AS_USER=tomcat
case "$1" in
start)
su $RUN_AS_USER -c "$INST_PATH/bin/startup.sh" -s /bin/bash
;;
stop)
su $RUN_AS_USER -c "$INST_PATH/bin/shutdown.sh" -s /bin/bash
;;
restart)
su $RUN_AS_USER -c "$INST_PATH/bin/shutdown.sh" -s /bin/bash
su $RUN_AS_USER -c "$INST_PATH/bin/startup.sh" -s /bin/bash
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit $RETVAL
Once you have saved the file, set permissions and make it executable
sudo chmod 0755 /etc/init.d/tomcat
Now register the service using
sudo update-rc.d tomcat defaults
Step 3(B): Create systemd script
Use the below script to create a new file under /etc/systemd/system/ named 'tomcat.service'. Please adjust the variables to where you have installed Tomcat and where your JDK is located.
[Unit]
Description=Apache Tomcat
After=network.target
[Service]
Type=forking
PIDFile=/var/run/tomcat.pid
User=tomcat
Group=tomcat
# Tomcat variables
Environment='JAVA_HOME=/opt/jdks/java-11-openjdk'
Environment='CATALINA_PID=/var/run/tomcat.pid'
Environment='CATALINA_HOME=/opt/tomcat'
Environment='CATALINA_BASE=/opt/tomcat'
Environment='CATALINA_OPTS=-Xms256M -Xmx2048M -XX:+UseParallelGC -server'
# Taken from https://stackoverflow.com/a/58301082
WorkingDirectory=/opt/tomcat/bin
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
[Install]
WantedBy=multi-user.target
Once you have saved the file, set permissions and make it executable
sudo chmod 0755 /etc/systemd/system/tomcat.service
Now register the service using
sudo systemctl enable tomcat.service
Step 4: Start Tomcat
Now you can startup Tomcat
sudo /etc/init.d/tomcat start OR sudo systemctl start tomcat
Source installation complete!
Recommended: Harden Tomcat
Read the below guide and make the adjustments that you are able to for your environment. Remember, PWM can set passwords for any of your directory accounts so ensure it is secure and is using security best practices.
https://tomcat.apache.org/tomcat-9.0-doc/security-howto.html