Install Tomcat 6 on CentOS or RHEL

 

source：http://www.davidghedini.com/pg/entry/install_tomcat_6_on_centos

This post will cover installation and configuration of Tomcat 6 on CentOS 5.

We will also show how to run Tomcat as a service, create a start/stop script, and configure Tomcat to run under a non-root user.

This post has been updated for Tomcat 6.0.32.

This post below will work with any Tomcat 6.x version, but I have been keeping it updated to keep the links consistent and to make it as "copying-and-paste" as possible.

If you are looking for our tutorial on installing Tomcat 7 on CentOS/RHEL, you can find it here.

This installation of Tomcat 6.0.32 was done on CentOS 5.5, but any CentOS 5.x should work, as well as RHEL and Fedora.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the Tomcat 6.0.32:

Step 1: Install the JDK

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@blanche ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin

Create a new directory /usr/java.

[root@blanche ~]# mkdir /usr/java

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

[root@blanche ~]# cd /usr/java
[root@blanche java]# sh /opt/jdk-6u24-linux-x64.bin

Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:

[root@blanche java]# JAVA_HOME=/usr/java/jdk1.6.0_24
[root@blanche java]# export JAVA_HOME
[root@blanche java]# PATH=$JAVA_HOME/bin:$PATH
[root@blanche java]# export PATH

To set the JAVA_HOME for users, we add below to the user ~/.bashrc or ~/.bash_profile of the user. We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@blanche ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_24

Step 2: Download and Install Tomcat 6.0.32:

Download apache-tomcat-6.0.32.tar.gz here

Save the file to a directory. I'm saving it to /root/apache-tomcat-6.0.32.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-6.0.32.tar.gz, we'll go to the /root directory and use the md5sum command.

[root@blanche ~]# md5sum apache-tomcat-6.0.32.tar.gz
082a0707985b6c029920d4d6d5ec11cd

Compare the output above to the MD5 Checksum provided by the Apache Tomcat MD5 page and insure that they match exactly. (There is also a link to display the MD5 checksum located just to the right off the download link).

Now, move (mv) or copy (cp) the file to the /usr/share directory:

[root@blanche ~]# mv apache-tomcat-6.0.32.tar.gz /usr/share/apache-tomcat-6.0.32.tar.gz

Change to the /usr/share directory and unpack the file using tar -xzf:

[root@blanche ~]# cd /usr/share
[root@sv2 blanche ]# tar -xzf apache-tomcat-6.0.32.tar.gz

This will create the directory /usr/share/apache-tomcat-6.0.32

At this point, you could start Tomcat via the Tomcat bin directory using the Tomcat startup.sh script located at /usr/share/apache-tomcat-6.0.32/bin.

[root@blanche share]# cd /usr/share/apache-tomcat-6.0.32/bin
[root@blanche bin]# ./startup.sh

Step 3: How to Run Tomcat as a Service.

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

[root@blanche share]# cd /etc/init.d
[root@blanche init.d]# vi tomcat

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-6.0.32

case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;;
stop)
sh $CATALINA_HOME/bin/shutdown.sh
;;
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;;
esac
exit 0

The above script is simple and contains all of the basic elements you will need to get going.

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-6.0.32/bin).

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-6.0.32)

Now, set the permissions for your script to make it executable:

[root@blanche init.d]# chmod 755 tomcat

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 244 20 80. 2445 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

[root@blanche init.d]# chkconfig --add tomcat
[root@blanche init.d]# chkconfig --level 234 tomcat on

Verify it:

[root@blanche init.d]# chkconfig --list tomcat
tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off

Now, let's test our script.

Start Tomcat:

[root@blanche ~]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar

Stop Tomcat:

[root@blanche ~]# service tomcat stop
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar

Restarting Tomcat (Must be started first):

[root@blanche ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar

We should review the Catalina.out log located at /usr/share/apache-tomcat-6.0.32/logs/catalina.out and check for any errors.

[root@blanche init.d]# less /usr/share/apache-tomcat-6.0.32/logs/catalina.out

We can now access the Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.

 

Step 5 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary.

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat

2. Create the user 'tomcat' and add this user to the tomcat group we created above.

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

[root@blanche ~]# useradd -g tomcat -d /usr/share/apache-tomcat-6.0.32/tomcat tomcat

The above will create the user tomcat's home directory as /usr/share/apache-tomcat-6.0.32/tomcat

3. Change ownership of the tomcat files to the user we created above:

[root@blanche ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-6.0.32/

Note: it is possible to enhance our security still further by making certain files and directory read-only. This will not be covered in this post and care should be used when setting such permissions.

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
TOMCAT_HOME=/usr/share/apache-tomcat-6.0.32/bin

case $1 in
start)
/bin/su tomcat $TOMCAT_HOME/startup.sh
;;
stop)
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
;;
restart)
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
/bin/su tomcat $TOMCAT_HOME/startup.sh
;;
esac
exit 0

Step 6 (Optional): How to Run Tomcat on Port 80 as Non-Root User.

Note: the following applies when you are running Tomcat in "stand alone" mode. That is, you are running Tomcat without Apache in front of it.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

[root@blanche ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root@blanche ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080

Learn More About Apache Tomcat