Share on Social Media

Unlock blazing-fast Java web app hosting by learning, how to install Apache Tomcat on Rocky Linux 10—step-by-step. Learn everything from setup to security in minutes. Don’t fall behind—optimize your server now before your competitors do! #centlinux #linux #tomcat

Introduction

If you’re venturing into the world of Java-based web applications, Apache Tomcat is your go-to open-source server. It’s lightweight, robust, and handles Java Servlets and JSPs effortlessly. When paired with Rocky Linux 10—a reliable, RHEL-compatible operating system—you’ve got a rock-solid platform for deploying web apps.

Whether you’re a developer, system admin, or IT enthusiast, this guide will take you step-by-step through installing and configuring Apache Tomcat on Rocky Linux 10. We’ll not only walk through the basic setup but also cover security hardening, performance tweaks, and troubleshooting tips to keep everything running smoothly.

Let’s dive in.

How to install Apache Tomcat on Rocky Linux 10

What is Apache Tomcat?

Apache Tomcat is an open-source implementation of Java Servlet, Java Server Pages (JSP), Java Expression Language, and Java WebSocket technologies. Developed under the Apache License, Tomcat is widely used to host Java-based web applications. It’s known for its lightweight nature, quick deployment, and seamless integration with Java apps.

But Tomcat isn’t a full Java EE server like WildFly or GlassFish. Instead, it focuses on serving web apps that rely on Servlets and JSPs. That simplicity is part of what makes it so popular. It’s highly configurable, and with some know-how, you can tune it to suit everything from small apps to enterprise-grade services.

Some features of Apache Tomcat include:

Support for Java Servlet and JSP standards
HTTP/2, SSL/TLS support
Pluggable realm authentication
Virtual hosting
Lightweight and fast startup

If your application is built using Java technologies and doesn’t need a full EE container, Tomcat is probably your best bet.

Why Choose Rocky Linux 10 for Server Environments?

After CentOS shifted its focus, many users looked for a viable alternative. Rocky Linux, developed by the original CentOS co-founder Gregory Kurtzer, emerged as a community-driven, 1:1 binary-compatible rebuild of Red Hat Enterprise Linux (RHEL). It quickly became the go-to choice for enterprise-level Linux environments.

Here’s why Rocky Linux 10 is ideal for hosting Apache Tomcat:

Stability: Built for long-term support and predictable releases.
Security: Regular patches and updates ensure a hardened OS environment.
Compatibility: Seamlessly works with RHEL packages, repositories, and enterprise tools.
Community Support: Strong community and developer backing.

Combining Tomcat with Rocky Linux 10 gives you a robust, scalable, and secure platform for your Java web applications.

Recommended Training: Apache Tomcat Server from Beginners to Advanced from Amit Kumar

Prerequisites for Installing Apache Tomcat

System Requirements

Before you start, it’s crucial to ensure your system meets the minimum requirements to run Apache Tomcat effectively. While Tomcat itself is lightweight, the underlying Java Virtual Machine (JVM) and your applications might need more resources.

Minimum System Requirements:

CPU: 1 GHz or higher (multi-core recommended for production)
RAM: 1 GB minimum (2 GB+ recommended for applications with heavy usage)
Disk Space: At least 2 GB free (depending on application size and logs)
Operating System: Rocky Linux 10 (fully updated)

Also, make sure you have:

A non-root user with sudo privileges
Access to the internet for downloading packages
Firewall rules that allow HTTP/HTTPS traffic (if accessing Tomcat remotely)

Required Packages and Dependencies

Tomcat requires Java to function. While OpenJDK is commonly used due to its open-source nature, you can also opt for Oracle JDK if licensing permits. This guide will use OpenJDK 17, as it is widely compatible and stable.

Here’s a list of essential packages you’ll need:

java-17-openjdk-devel – To install OpenJDK
wget – To download Tomcat binary
tar – To extract downloaded archives
firewalld – To manage firewall settings (optional but recommended)
vim or nano – For editing configuration files

Before proceeding, it’s good practice to update the system:

sudo dnf update -y
sudo dnf install wget tar vim -y

With prerequisites in place, you’re now ready to begin the actual installation.

Step-by-Step Installation Guide

Step 1: Update System Packages

This step ensures your Rocky Linux system is running the latest available packages. It helps avoid compatibility issues and secures your system with the latest patches.

Run the following command to update your system:

sudo dnf update -y

This may take a few minutes depending on your internet speed and the number of packages that need updating. Once completed, it’s a good idea to reboot the system:

sudo reboot

After the system reboots, confirm the version:

cat /etc/rocky-release

This should return something like:

Rocky Linux release 10.0 (Red Quartz)

You now have a clean and up-to-date system ready for Apache Tomcat.

Amazon Basics 1/2 Inch Extra Thick Exercise Yoga Mat with Carrying Strap, Cushioned Support, for Fitness and Gym Workouts

(465104893)

$21.98 (as of August 1, 2025 13:31 GMT +00:00 – )

Step 2: Install Java on Rocky Linux 10

Apache Tomcat runs on Java, so it’s essential to install a compatible Java Development Kit (JDK). While Tomcat 10 works with Java 11 and newer, we’ll go with OpenJDK 17 for stability and future compatibility.

To install:

sudo dnf install java-17-openjdk-devel -y

Verify the installation:

java -version

Output should look like:

openjdk version "17.0.x"
OpenJDK Runtime Environment ...
OpenJDK 64-Bit Server VM ...

This confirms Java is successfully installed. Tomcat will now have the necessary runtime environment to operate.

Step 3: Create a Dedicated Tomcat User

For security reasons, it’s a best practice not to run Tomcat as the root user. Creating a separate system user for Tomcat reduces the risk of a potential compromise escalating to full root access.

To create a dedicated Tomcat user and group:

sudo groupadd tomcat
sudo useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

Here’s what each part of this command does:

-M: Prevents the creation of a home directory
-s /bin/nologin: Prevents login access for the user
-g tomcat: Adds the user to the tomcat group
-d /opt/tomcat: Sets the directory where Tomcat will be installed

This user will own and run the Tomcat server, helping isolate it from other processes and users.

Step 4: Download and Extract Apache Tomcat

Next, we’ll download the latest stable version of Tomcat 10. You can always check Tomcat’s official site for the latest version. As of now, let’s assume the version is 10.1.18.

cd /tmp
wget https://dlcdn.apache.org/tomcat/tomcat-10/v10.1.18/bin/apache-tomcat-10.1.18.tar.gz

After downloading, extract the archive into the /opt/tomcat directory:

sudo mkdir -p /opt/tomcat
sudo tar -xf apache-tomcat-10.1.18.tar.gz -C /opt/tomcat --strip-components=1

Now, assign ownership of the directory to the tomcat user:

sudo chown -R tomcat:tomcat /opt/tomcat

Ensure the permissions are secure and allow the Tomcat user to manage files within this directory:

sudo chmod -R 755 /opt/tomcat

This setup keeps Tomcat files accessible and modifiable only by the correct user.

Step 5: Configure Environment Variables

To make sure Tomcat can find Java and set up runtime environments properly, you’ll need to configure a few environment variables.

Create a new environment script:

sudo nano /etc/profile.d/tomcat.sh

Paste in the following:

export JAVA_HOME=/usr/lib/jvm/java-17-openjdk
export CATALINA_HOME=/opt/tomcat

Save and close the file, then apply the variables:

source /etc/profile.d/tomcat.sh

Confirm that the environment variables are set:

echo $JAVA_HOME
echo $CATALINA_HOME

These should output the correct Java and Tomcat paths. This ensures that every time Tomcat starts, it knows exactly where Java is installed and where its base directory lives.

Configuring Apache Tomcat for Production

Setting Correct Permissions

One of the most overlooked steps is setting the correct file and directory permissions. Not doing this properly opens you up to serious security risks.

Let’s harden the permissions for production:

sudo chown -R tomcat:tomcat /opt/tomcat
sudo chmod -R 700 /opt/tomcat/conf
sudo chmod +x /opt/tomcat/bin/*.sh

700 on /conf ensures only the Tomcat user can read config files like server.xml, which may contain sensitive information.
Executable .sh scripts are needed to start and stop Tomcat.

Also, ensure that log files aren’t globally readable or writable:

sudo chmod -R 640 /opt/tomcat/logs

Configuring Server Ports and Hostname

Tomcat’s default HTTP connector listens on port 8080. You might want to change it, especially if running behind a reverse proxy or to avoid conflicts.

Edit the server configuration:

sudo nano /opt/tomcat/conf/server.xml

Locate the following:

<Connector port="8080" protocol="HTTP/1.1"
           connectionTimeout="20000"
           redirectPort="8443" />

Change the port to your desired value (e.g., 9090), or leave as is. You can also bind it to a specific IP address if desired.

To avoid exposing Tomcat’s version to the outside world, add these inside the <Connector> tag:

server=" " 
xpoweredBy="false"

This hides version details from HTTP headers.

Enabling Firewall Rules

If your Linux server uses firewalld, you’ll need to allow Tomcat’s port through the firewall so it’s accessible from outside.

To allow default port 8080:

sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload

If you chose a custom port, replace 8080 with your selected port.

You can verify with:

sudo firewall-cmd --list-ports

This ensures that your Tomcat server can accept incoming traffic.

DADDYLOCO Men’s Hawaiian Shirt Button Down Funny Printed Casual Short Sleeve Summer Beach Shirts

(44536)

$19.99 (as of July 30, 2025 13:13 GMT +00:00 – )

Running and Managing Tomcat

Create a Systemd Service File

To make Tomcat easier to manage—start, stop, enable on boot—we’ll create a custom systemd service file.

Create the file:

sudo nano /etc/systemd/system/tomcat.service

Paste the following content:

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
User=tomcat
Group=tomcat
Environment="JAVA_HOME=/usr/lib/jvm/java-17-openjdk"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat"
Environment="CATALINA_BASE=/opt/tomcat"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
Environment="JAVA_OPTS=-Djava.security.egd=file:/dev/./urandom"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
Restart=on-failure

[Install]
WantedBy=multi-user.target

Save and close the file, then reload systemd:

sudo systemctl daemon-reexec
sudo systemctl daemon-reload

This sets up Tomcat as a service managed by systemd, making it far easier to control.

Start and Enable Tomcat as a Service

Once your systemd service is in place, start and enable Tomcat so it launches on boot:

sudo systemctl start tomcat
sudo systemctl enable tomcat

Check the status:

sudo systemctl status tomcat

You should see output indicating that Tomcat is active and running. If you spot errors, review your systemd service file and confirm all paths are correct.

Enable Tomcat to start at boot:

sudo systemctl enable tomcat

Now, every time your server restarts, Tomcat will automatically come back online.

Verifying Tomcat Installation

To confirm that everything is working, open your web browser and visit:

http://<your_server_ip>:8080

You should see the Apache Tomcat welcome page. If not:

Ensure the firewall allows traffic on port 8080
Confirm Tomcat is running:
- sudo systemctl status tomcat
Check the logs:
- cat /opt/tomcat/logs/catalina.out

If everything is good, congratulations—you now have a fully functional Tomcat server running on Rocky Linux 10.

Securing Apache Tomcat

Disable Unused Services

Tomcat comes with several default apps and services such as:

Manager App
Host Manager
Examples

These are useful for development but are unnecessary (and insecure) in production.

To disable them:

sudo rm -rf /opt/tomcat/webapps/docs
sudo rm -rf /opt/tomcat/webapps/examples
sudo rm -rf /opt/tomcat/webapps/host-manager
sudo rm -rf /opt/tomcat/webapps/manager

This removes unused services and reduces your server’s attack surface.

Configure Tomcat Manager Access

If you plan to use the Manager App (e.g., for deploying apps through the web UI), restrict it to trusted users.

Edit the user configuration:

sudo nano /opt/tomcat/conf/tomcat-users.xml

Add the following just above the closing </tomcat-users> tag:

<role rolename="manager-gui"/>
<user username="admin" password="securepassword" roles="manager-gui"/>

Important: Never use default or simple passwords. Then restrict access to local IPs by modifying context.xml:

sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml

Find the <Valve> tag and limit access:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
       allow="127\.\d+\.\d+\.\d+|::1"/>

This ensures only local users or admins connected via SSH can access it.

Enable SSL/TLS Support

For secure communication, especially when deploying sensitive apps, SSL/TLS is essential.

You can enable HTTPS on Tomcat by modifying server.xml:

sudo nano /opt/tomcat/conf/server.xml

Find this block:

<!--
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           ...
-->

Uncomment it and configure paths to your SSL certificate and key:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           SSLEnabled="true" maxThreads="150"
           scheme="https" secure="true" clientAuth="false"
           sslProtocol="TLS"
           keystoreFile="/etc/ssl/certs/tomcat.keystore"
           keystorePass="your_keystore_password" />

Restart Tomcat:

sudo systemctl restart tomcat

You can now access Tomcat securely via:

https://your-server-ip:8443

Troubleshooting Common Issues

Checking Logs and Debugging

Tomcat logs are your best friend when things go wrong. They’re located in /opt/tomcat/logs, and you should monitor them regularly, especially after configuration changes or deployments.

Here’s what each log does:

catalina.out – Main log file with startup/shutdown events and errors.
localhost.log – Logs for your hosted applications.
manager.log – Tracks activity through the Tomcat Manager UI.
host-manager.log – Logs related to the Host Manager app.

To watch logs in real-time:

tail -f /opt/tomcat/logs/catalina.out

Common issues include:

Port already in use: Check for conflicts with
- netstat -tulpn | grep 8080
Permission denied errors: Ensure Tomcat directories are owned by the correct user.
Java errors: Recheck your $JAVA_HOME and JAVA_OPTS.

If Tomcat won’t start, always check the service status and logs before adjusting configuration files blindly.

Fixing Permission and Port Conflicts

Permission Errors:
If you see errors like “Permission denied” or “Cannot write to file,” it’s often due to misconfigured file ownership.

To fix:

sudo chown -R tomcat:tomcat /opt/tomcat
sudo chmod -R 755 /opt/tomcat

Port Conflicts:
If port 8080 is already in use, find out what’s using it:

sudo lsof -i :8080

Either stop the conflicting service or change Tomcat’s port in server.xml.

Also, remember that ports below 1024 require root privileges. Avoid binding Tomcat directly to ports like 80 or 443. Instead, use a reverse proxy like Nginx.

Performance Tuning and Optimization

JVM Options for Better Performance

Tomcat’s performance can be significantly improved by tuning the Java Virtual Machine (JVM). The JAVA_OPTS and CATALINA_OPTS environment variables are used for this.

Here’s a basic tuning configuration:

JAVA_OPTS="-server -Xms512M -Xmx2048M -XX:+UseG1GC"

Explanation:

-Xms: Initial heap size
-Xmx: Max heap size
-XX:+UseG1GC: Enables the G1 garbage collector for lower pause times

Edit your systemd file or add this to /opt/tomcat/bin/setenv.sh to apply these optimizations.

Apple 2025 MacBook Air 15-inch Laptop with M4 chip: Built for Apple Intelligence, 15.3-inch Liquid Retina Display, 16GB Unified Memory, 256GB SSD Storage, 12MP Center Stage Camera, Touch ID; Midnight

(485644)

$999.00 (as of July 30, 2025 01:49 GMT +00:00 – )

Using Connection Pooling and Caching

Using a connection pool library like Apache DBCP or HikariCP can improve database performance. Tomcat includes DBCP by default.

Configure connection pooling in context.xml:

<Resource name="jdbc/MyDB" auth="Container"
          type="javax.sql.DataSource" driverClassName="com.mysql.cj.jdbc.Driver"
          url="jdbc:mysql://localhost:3306/mydb"
          username="dbuser" password="dbpass"
          maxTotal="50" maxIdle="10" maxWaitMillis="10000"/>

Additionally, enabling caching for static content (like CSS, JS, and images) improves load times. This can be done through a reverse proxy like Nginx or Apache HTTPD.

Keeping Tomcat Updated

Checking for Updates

Tomcat doesn’t come with an auto-updater. You’ll need to monitor Tomcat’s official site or subscribe to the mailing list for version updates.

To check your current version:

cat /opt/tomcat/RELEASE-NOTES

Or view from the web interface at http://your-server-ip:8080.

Safe Upgrade Practices

To upgrade Tomcat safely:

Backup the current installation:
- sudo tar czvf tomcat-backup.tar.gz /opt/tomcat
Download the latest version:
Follow the same steps as the initial install, just with the newer .tar.gz.
Copy over custom files:
Migrate your server.xml, webapps/, and conf/ directories.
Test in staging before replacing your production instance.
Restart and verify:
- sudo systemctl restart tomcat

This ensures minimal downtime and protects your environment from breaking changes.

Conclusion

Installing Apache Tomcat on Rocky Linux 10 is a straightforward yet powerful way to host Java applications in a production-grade environment. From setting up Java and downloading Tomcat to configuring users, securing ports, and optimizing performance, this guide has walked you through every essential step.

By following best practices—like creating a dedicated user, disabling unnecessary services, enabling HTTPS, and monitoring logs—you’ll have a secure, stable, and high-performing Tomcat server.

With Rocky Linux 10’s robust enterprise capabilities and Tomcat’s reliable lightweight architecture, you’re well-equipped to deploy powerful Java applications at scale.

Need a dependable Linux system administrator? I specialize in managing, optimizing, and securing Linux servers to keep your operations running flawlessly. Check out my services on Fiverr!

Frequently Asked Questions (FAQs)

1. Is Apache Tomcat suitable for enterprise applications?

Yes. While it’s not a full Java EE application server, Tomcat is perfect for web applications using Servlets, JSP, and WebSockets. Many large enterprises rely on it for performance and reliability.

2. Can I run multiple Tomcat instances on the same server?

Absolutely. Just ensure each instance uses different ports and directories. You’ll also need unique systemd service files for each instance.

3. How do I uninstall Apache Tomcat from Rocky Linux 10?

Simply stop the service and remove the directory:

sudo systemctl stop tomcat
sudo rm -rf /opt/tomcat
sudo rm /etc/systemd/system/tomcat.service

Reload systemd afterward:

sudo systemctl daemon-reload

4. What alternatives exist to Apache Tomcat?

Alternatives include:

Jetty: Lightweight and fast.
WildFly: Full Java EE support.
GlassFish: Reference implementation of Java EE.

Each has its pros and cons depending on your project needs.

5. Does Tomcat support automatic deployments?

Yes. By placing .war files in the /webapps/ directory, Tomcat will automatically deploy them on startup or hot-redeploy during runtime.

Install Apache Tomcat on Rocky Linux 10

Table of Contents