Install Tomcat 6 on CentOS or RHEL

cto67

　　come form:http://www.davidghedini.com/pg/entry/install_tomcat_6_on_centos
　　This post will cover installation and configuration of Tomcat 6 on CentOS 5.

We will also show how to run Tomcat as a service, create a start/stop script, and configure Tomcat to run under a non-root user.

This post has been updated for Tomcat 6.0.32.

This post below will work with any Tomcat 6.x version, but I have been keeping it updated to keep the links consistent and to make it as "copying-and-paste" as possible. 

If you are looking for our tutorial on installing Tomcat 7 on CentOS/RHEL, you can find it here.

This installation of Tomcat 6.0.32 was done on CentOS 5.5, but any CentOS 5.x should work, as well as RHEL and Fedora.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the Tomcat 6.0.32:
　　Step 1: Install the JDK
　　

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin    
  

　　

Create a new directory /usr/java.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# mkdir /usr/java    
  

　　

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# cd /usr/java  
  
• 
  [iyunv@blanche java]# sh /opt/jdk-6u24-linux-x64.bin  
  

　　

Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche java]# JAVA_HOME=/usr/java/jdk1.6.0_24  
  
• 
  [iyunv@blanche java]# export JAVA_HOME  
  
• 
  [iyunv@blanche java]# PATH=$JAVA_HOME/bin:$PATH  
  
• 
  [iyunv@blanche java]# export PATH  
  

　　

To set the JAVA_HOME for users, we add below to the user ~/.bashrc or ~/.bash_profile of the user. We can also add it /etc/profile and then source it to give to all users.

　　view plaincopy to clipboardprint?

• 
  JAVA_HOME=/usr/java/jdk1.6.0_24  
  
• 
  export JAVA_HOME  
  
• 
  PATH=$JAVA_HOME/bin:$PATH  
  
• 
  export PATH  
  

　　

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]#  echo $JAVA_HOME  
  
• 
  /usr/java/jdk1.6.0_24  
  

　　
　　Step 2: Download and Install Tomcat 6.0.32:
　　

Download apache-tomcat-6.0.32.tar.gz here

Save the file to a directory. I'm saving it to /root/apache-tomcat-6.0.32.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-6.0.32.tar.gz, we'll go to the /root directory and use the md5sum command.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# md5sum apache-tomcat-6.0.32.tar.gz  
  
• 
  082a0707985b6c029920d4d6d5ec11cd  
  

　　

Compare the output above to the MD5 Checksum provided by the Apache Tomcat MD5 page and insure that they match exactly. (There is also a link to display the MD5 checksum located just to the right off the download link).

Now, move (mv) or copy (cp) the file to the /usr/share directory:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# mv apache-tomcat-6.0.32.tar.gz /usr/share/apache-tomcat-6.0.32.tar.gz  
  

　　

Change to the /usr/share directory and unpack the file using tar -xzf:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# cd /usr/share  
  
• 
  [iyunv@sv2 blanche ]# tar -xzf apache-tomcat-6.0.32.tar.gz    
  

　　

This will create the directory /usr/share/apache-tomcat-6.0.32

At this point, you could start Tomcat via the Tomcat bin directory using the Tomcat startup.sh script located at /usr/share/apache-tomcat-6.0.32/bin.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche share]# cd /usr/share/apache-tomcat-6.0.32/bin  
  
• 
  [iyunv@blanche bin]# ./startup.sh  
  

　　
　　Step 3: How to Run Tomcat as a Service.
　　

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche share]# cd /etc/init.d  
  
• 
  [iyunv@blanche init.d]# vi tomcat  
  

　　
　　view plaincopy to clipboardprint?

• 
  #!/bin/bash  
  
• 
  # description: Tomcat Start Stop Restart  
  
• 
  # processname: tomcat  
  
• 
  # chkconfig: 234 20 80  
  
• 
  JAVA_HOME=/usr/java/jdk1.6.0_24  
  
• 
  export JAVA_HOME  
  
• 
  PATH=$JAVA_HOME/bin:$PATH  
  
• 
  export PATH  
  
• 
  CATALINA_HOME=/usr/share/apache-tomcat-6.0.32  
  
• 
     
  
• 
  case $1 in  
  
• 
  start)  
  
• 
  sh $CATALINA_HOME/bin/startup.sh  
  
• 
  ;;   
  
• 
  stop)     
  
• 
  sh $CATALINA_HOME/bin/shutdown.sh  
  
• 
  ;;   
  
• 
  restart)  
  
• 
  sh $CATALINA_HOME/bin/shutdown.sh  
  
• 
  sh $CATALINA_HOME/bin/startup.sh  
  
• 
  ;;   
  
• 
  esac      
  
• 
  exit 0  
  

　　

The above script is simple and contains all of the basic elements you will need to get going. 

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-6.0.32/bin). 

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-6.0.32)

Now, set the permissions for your script to make it executable:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche init.d]# chmod 755 tomcat  
  

　　

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 244 20 80. 2445 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche init.d]# chkconfig --add tomcat  
  
• 
  [iyunv@blanche init.d]# chkconfig --level 234 tomcat on  
  

　　

Verify it:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche init.d]# chkconfig --list tomcat  
  
• 
  tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off  
  

　　

Now, let's test our script.

Start Tomcat:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# service tomcat start  
  
• 
  Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp  
  
• 
  Using JRE_HOME:        /usr/java/jdk1.6.0_24  
  
• 
  Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar  
  

　　

Stop Tomcat:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# service tomcat stop  
  
• 
  Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp  
  
• 
  Using JRE_HOME:        /usr/java/jdk1.6.0_24  
  
• 
  Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar  
  

　　Restarting Tomcat (Must be started first):

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# service tomcat restart  
  
• 
  Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp  
  
• 
  Using JRE_HOME:        /usr/java/jdk1.6.0_24  
  
• 
  Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar  
  
• 
  Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32  
  
• 
  Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp  
  
• 
  Using JRE_HOME:        /usr/java/jdk1.6.0_24  
  
• 
  Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar  
  

　　

We should review the Catalina.out log located at /usr/share/apache-tomcat-6.0.32/logs/catalina.out and check for any errors.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche init.d]# less /usr/share/apache-tomcat-6.0.32/logs/catalina.out  
  

　　

We can now access the Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.

　　Step 4 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.
　　

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary. 

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# groupadd tomcat  
  
• 
  [iyunv@blanche ~]# useradd -s /bin/bash -g tomcat tomcat  
  

　　

2. Create the user 'tomcat' and add this user to the tomcat group we created above.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# groupadd tomcat  
  
• 
  [iyunv@blanche ~]# useradd -s /bin/bash -g tomcat tomcat  
  

　　

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# useradd -g tomcat -d /usr/share/apache-tomcat-6.0.32/tomcat tomcat  
  

　　

The above will create the user tomcat's home directory as /usr/share/apache-tomcat-6.0.32/tomcat

3. Change ownership of the tomcat files to the user we created above:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-6.0.32/  
  

　　

Note: it is possible to enhance our security still further by making certain files and directory read-only. This will not be covered in this post and care should be used when setting such permissions.

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

　　view plaincopy to clipboardprint?

• 
  #!/bin/bash  
  
• 
  # description: Tomcat Start Stop Restart  
  
• 
  # processname: tomcat  
  
• 
  # chkconfig: 234 20 80  
  
• 
  JAVA_HOME=/usr/java/jdk1.6.0_24  
  
• 
  export JAVA_HOME  
  
• 
  PATH=$JAVA_HOME/bin:$PATH  
  
• 
  export PATH  
  
• 
  TOMCAT_HOME=/usr/share/apache-tomcat-6.0.32/bin  
  
• 
     
  
• 
  case $1 in  
  
• 
  start)  
  
• 
  /bin/su tomcat $TOMCAT_HOME/startup.sh  
  
• 
  ;;   
  
• 
  stop)     
  
• 
  /bin/su tomcat $TOMCAT_HOME/shutdown.sh  
  
• 
  ;;   
  
• 
  restart)  
  
• 
  /bin/su tomcat $TOMCAT_HOME/shutdown.sh  
  
• 
  /bin/su tomcat $TOMCAT_HOME/startup.sh  
  
• 
  ;;   
  
• 
  esac      
  
• 
  exit 0  
  

　　
　　Step 5 (Optional): How to Run Tomcat on Port 80 as Non-Root User.
　　

Note: the following applies when you are running Tomcat in "stand alone" mode. That is, you are running Tomcat without Apache in front of it. 

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

　　view plaincopy to clipboardprint?

• 
  [iyunv@blanche ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080    
  
• 
  [iyunv@blanche ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080    
  

　　

Learn More About Apache Tomcat

Apache Tomcat Foundation

Tomcat 6