How to Set up a Tomcat Server

Tomcat is simply a web server developed by Apache. Apache Tomcat implements several Java EE specifications including Java Servlet, JavaServer Pages, Java EL, and WebSocket, and provides a “pure Java” HTTP web server environment in which Java code can run.

WAR (Web Archive) files are deployed to tomcat servers. Java web applications consist of Servlets and Tomcat has a servlet container and manage the servlets.

The Servlet Container is a program that can receive requests from web pages and redirect those requests to a Servlet object and the Servlet object is a java object which is responsible for providing a response as a JSP.

Let’s deploy sample war files to the tomcat instance.

You can download Tomcat from here. then extract it and you can create a folder like “opt/tomcat” and move to it.

tar -xvf <downloaded apache tomcat>

Let’s go inside to the bin directory of apache tomcat and start the tomcat server.

./catalina.sh start

Now tomcat will start on default port 8080. You can do configurations on Tomcat server by modifying server.xml file inside conf directory.

You will be directed to the home page

You can go through the documentation. But to view tomcat manager views, you have to create a manager user as follows.

conf/tomcat-users.xml

This file keeps track of the user details and privileges. let’s create a user with desired privileges to access management views.

<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="admin" password="password" roles="manager-gui, manager-script"/>

Restart the Tomcat server. From the home page, select Manager App and provide the credentials. From that management dashboard, WAR files can be upload, remove and start, stop deployed applications.

Up to now, there is Http connector listening on port 8080. Let’s add Https connector listening on port 8443.

First, we have to generate an SSL Certificate. We can create a self-signed certificate as follows.

keytool -genkey -keyalg RSA -alias tomcat -keystore selfsigned.jks  -validity 365 -keysize 2048

The certificate will be valid for 365 days, you can store it inside /opt/tomcat/certificates/ something like this.

After that whenever you need to get the details of your self-signed certificate, you can view it by this command

keytool -list -v -keystore selfsigned.jks

You can add an HTTPS connector as follows.

<Connector port="8443" protocol = "org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile = "/home/ubuntu/apache-tomcat-8.0.23/certificate/selfsigned.jks" keystorePass="Sandil@123"   />

When users make request for the HTTP (port 8080) connector, it can be redirected to HTTPS (port 8443). Inside the conf folder, there is a web.xml file. At the end of the file, we can add the above tag in order to enable redirection.

<!-- added by Sadil for automatic redirect from HTTP to HTTPS -->
    <security-constraint>
       <web-resource-collection>
           <web-resource-name>Entire Application</web-resource-name>
           <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
   </security-constraint>