How To Install Apache Tomcat 9 on Debian 10

Apache Tomcat is a free, mature, robust, and popular web application server software that is used to serve Java-based applications. It is an open-source implementation of the Java Servlet, JavaServer Pages (JSP), Java Expression Language and Java WebSocket technologies, developed by the Apache Software Foundation (ASF).

Read Also: How to Install Apache Tomcat in Ubuntu

This tutorial will walk you through the process of installing and configuring the latest release of Tomcat 9 on your Debian 10 Linux server.

Before you start with this tutorial, make sure you have a non-root user account with sudo privileges on your server. If not, you can set up one using our guide on How to Create a New Sudo User on Ubuntu/Debian.

Step 1: Install Java on Debian 10

To install the latest release of Tomcat 9 on your Debian 10 server, you must have Java installed on the server so that you can execute Java web application code.

First, update the system software package index using the apt command as shown.

$ sudo apt update
Apt Update Debian 10

Apt Update Debian 10

Then install the Java Development Kit package using the apt command.

$ sudo apt install default-jdk
Install Java on Debian 10

Install Java on Debian 10

Once the Java installation is complete, check the version of Java installed on the system using the following command.

$ java -version
Check Java Version in Debian 10

Check Java Version in Debian 10

Step 2: Install Tomcat in Debian 10

For security purposes, Tomcat should be installed and executed by unprivileged user (i.e. not root). We will create a new tomcat group and user to run the Tomcat service under /opt/tomcat directory (Tomcat installation).

$ sudo mkdir /opt/tomcat
$ sudo groupadd tomcat
$ sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
Create Tomcat User

Create Tomcat User

Once we set up tomcat user, now download the latest version of Tomcat 9 (i.e 9.0.30) from the Tomcat 9 Downloads page or use the following curl command-line tool to download the tarball and extract the archive to /opt/tomcat directory.

$ curl -O http://www-eu.apache.org/dist/tomcat/tomcat-9/v9.0.30/bin/apache-tomcat-9.0.30.tar.gz
$ sudo tar xzvf apache-tomcat-9*tar.gz -C /opt/tomcat --strip-components=1
Download Tomcat in Debian 10

Download Tomcat in Debian 10

Next, assign the permissions to tomcat user to have access to the Tomcat installation /opt/tomcat directory.

$ cd /opt/tomcat
$ sudo chgrp -R tomcat /opt/tomcat
$ sudo chmod -R g+r conf
$ sudo chmod g+x conf
$ sudo chown -R tomcat webapps/ work/ temp/ logs/
Set Permissions to Tomcat User

Set Permissions to Tomcat User

Step 3: Create a Tomcat systemd Service File

We will create a new systemd service file to manage and run Tomcat as a service under systemd. To create a service file, you should know where Java is installed, as this referred to as JAVA_HOME using the following command.

$ sudo update-java-alternatives -l
Find Java Home Installation

Find Java Home Installation

From the above output, our JAVA_HOME is:

/usr/lib/jvm/java-1.11.0-openjdk-amd64

Once we know our JAVA_HOME, we can create the systemd service file called tomcat.service in the /etc/systemd/system directory by running.

$ sudo nano /etc/systemd/system/tomcat.service

Paste the following contents into your tomcat.service file.

/etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

Next, reload the systemd to apply the new changes, so that it knows about our tomcat.service file.

$ sudo systemctl daemon-reload

Finally, you can start and verify the status of the Tomcat service by running the following commands.

$ sudo systemctl start tomcat
$ systemctl status tomcat
$ systemctl enable tomcat
Verify Tomcat Status

Verify Tomcat Status

Step 4: Enable Login for Tomcat Manager and Host Manager

In order to access the manager-gui and admin-gui web apps that comes with Tomcat, we must enable login to our Tomcat server by editing the tomcat-users.xml file as shown.

$ sudo nano /opt/tomcat/conf/tomcat-users.xml

Add the following configuration within the <tomcat-users> tags, with the correct username and password as shown.

tomcat-users.xml
<role rolename="admin-gui,manager-gui"/> 
<user username="admin" password="password" roles="admin-gui,manager-gui"/>
Enable Tomcat Web Apps Login

Enable Tomcat Web Apps Login

The above configuration implies that add the admin-gui and manager-gui roles to a user named “admin” with a password of “tecmint123”.

Step 5: Enable Remote Login to Tomcat Manager and Host Manager

For security reasons, access to the Tomcat Manager and Host Manager apps is locked down to the localhost (the server where it is deployed), by default.

However, you can enable remote access from a specific IP address or any host or network to Tomcat Manager and Host Manager apps as explained below.

For the Tomcat Manager app, type:

$ sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

For the Host Manager app, type:

$ sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml

Inside, comment out the IP address restriction to allow access from any network.

<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>
Configure Tomcat Remote Login

Configure Tomcat Remote Login

Alternatively, enable remote access from your own IP address 192.168.0.103 or from a network (192.168.0.0) by adding the IP address to the list.

allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.103" />-->
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.0.*" />-->

Save the files, and restart the Tomcat service to keep our changes into effect.

$ sudo systemctl restart tomcat

Step 6: Access the Tomcat Web Interface

To access a Tomcat web interface from any browser, you need to open 8080 port to allow traffic to the Tomcat service on the firewall by typing.

$ sudo ufw allow 8080

Now access the Tomcat web management interface by going to your server’s domain name or IP address followed by port 8080 in your browser.

http://server_domain_or_IP:8080
Tomcat Running in Debian

Tomcat Running in Debian

Let’s access the Manager App at the below URL, you will need to enter the account credentials.

http://server_domain_or_IP:8080/manager/html
Tomcat Web Application Manager

Tomcat Web Application Manager

Let’s access the Host Manager at the below URL, you will need to enter the account credentials.

http://server_domain_or_IP:8080/host-manager/html/
Tomcat Virtual Host Manager

Tomcat Virtual Host Manager

That’s all! Your Tomcat installation is complete, now you can deploy and run Java web applications. If you have any questions or thoughts to share, reach us via the comment form below.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Ravi Saive

I am Ravi Saive, creator of TecMint. A Computer Geek and Linux Guru who loves to share tricks and tips on Internet. Most Of My Servers runs on Open Source Platform called Linux. Follow Me: Twitter, Facebook and Google+

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.