Blue Flower

Install Apache Tomcat (8.5.24) in CentOS 7

Run the following commands to update your system and install Java if needed

yum -y update

yum -y install epel-release

yum install java-1.8.0-openjdk.x86_64

Create the location from where Apache Tomcat will run (/opt/tomcat/, also called Catalina's home) and also create a dedicate non-root user for the service

mkdir /opt/tomcat

groupadd tomcat

useradd -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

 While on the /opt/ folder , download Apache Tomcat (we are going to be using version 8.5.25) from this link:


tar -zxvf apache-tomcat-8.5.28.tar.gz -C /opt/tomcat --strip-components 1

//**by using the "--stript-components 1" you're untaring the .gz file at the root of opt/tomcat

 Set the proper permissions before running the service

chgrp -R tomcat conf

chmod g+rwx conf

chmod g+r conf/*

chown -R tomcat logs/ temp/ webapps/ work/

chgrp -R tomcat bin

chgrp -R tomcat lib

chmod g+rwx bin

chmod g+r bin/*

 You need to setup as well a system unit file for Apache Tomcat service

vi /etc/systemd/system/tomcat.service

//**populate the above file with:

Description=Apache Tomcat Web Application Container


Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'

ExecStop=/bin/kill -15 $MAINPID



 Install as well the security related program haveged, and make sure it starts at system boot together with Tomcat

yum install haveged

systemctl start haveged.service

systemctl enable haveged.service

systemctl start tomcat.service

systemctl enable tomcat.service

 Add the exception on your firewall zone (trusted on my example) to access port 8080

firewall-cmd --zone=trusted --permanent --add-port=8080/tcp

firewall-cmd --reload

 At this stage, you should be able to open Apache Tomcat from the loopback IP address at the CentOS server:


We still need to give access to the computers on your LAN to access the Apache Tomcat interface, which is what I need on my case

Configure the xml files

Visit the location /opt/tomcat/conf/ and either edit or create the file tomcat-users.xml as follows: 

<role rolename="manager-gui"/>
<role rolename="manager"/>
<role rolename="manager-status"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="admin-gui"/>
<role rolename="admin"/>
<user username="admin" password="password1" roles="manager-gui,manager,

 Visit the locations:

  • /opt/tomcat/webapps/manager/META-INF/
  • /opt/tomcat/webapps/host-manager/META-INF/

And modify the context.xml file in both location to be exactly the same, allowing access to you local LAN as well as the localhost

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="^.*$" />
    <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|192\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

 London, 11 March 2018




Big thanks to Vultr Docs for his great help: 


Print Friendly, PDF & Email