Tomcat via Containers

Last modified: March 14, 2024


This document explains how to set up Apache Tomcat® in an EasyApache 4 container. This document only applies to the EasyApache 4-provided Tomcat package. You can only install container-based packages on systems that use EasyApache 4’s containers and run AlmaLinux OS, Rocky Linux™, or Ubuntu®.

We provide Tomcat versions 10.0 and 10.1 for use with containers. Tomcat 10.0 is currently end-of-life (EOL) but will continue to function. For information about our Tomcat 8.5 package that runs on other operating systems and not in a container, read our Introduction to Tomcat documentation.

In this documentation, container-name represents the name of your Tomcat container. You can find the names of your containers with either the registered or running options of the /usr/local/cpanel/scripts/ea-podman script.
You must log in with SSH as the user. You cannot use the su - or sudo -E commands to run this script.

Install Tomcat via containers

To install Tomcat in a container on a system that runs EasyApache 4, you must first set up EasyApache 4 containers on your system.

After you set up containers on your system, your system administrator must install the ea-tomcat101 package to add Tomcat to your system.

In the interface

Install or uninstall the ea-tomcat101 package in WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4)

On the command line

Use one of the following commands to install the Tomcat package on your server.

To install Tomcat on AlmaLinux or Rocky Linux, run the following command:

dnf install -y ea-tomcat100

To install Tomcat on Ubuntu, run the following commands:

apt install -y ea-tomcat100
apt update

Set up Tomcat inside containers

To set up Tomcat to run inside a container, perform the following steps:

  1. Log in to the cPanel user account via SSH. You can do this by either logging in to the account via SSH from the command line, or using SSH in either WHM’s Terminal interface (WHM » Home » Server Configuration » Terminal) or cPanel’s Terminal interface (cPanel » Home » Advanced » Terminal).

  2. Run the following command:

    /usr/local/cpanel/scripts/ea-podman install ea-tomcat101

  3. Run the following command to retrieve the container’s name. You will need this name to perform any further actions.

    /usr/local/cpanel/scripts/ea-podman containers

For more information, read our /usr/local/cpanel/scripts/ea-podman script documentation.

Configure Tomcat in a container

cPanel users must have shell access to configure Tomcat in a container.

When you install Tomcat in a container, it creates a directory in the ~/ea-podman.d/container-name directory in the user’s home directory. The system creates several directories when you set up Tomcat in containers.

Default configuration

EasyApache 4 makes the following configuration changes from the default Tomcat 10.1 behavior to the ~/ea-podman.d/container-name/conf/server.xml file:

  • Disables the shutdown port by default.
  • Sets the xpoweredBy attribute of all connectors to a false value.
  • Removes the redirectPort attribute.
  • Adds the ErrorReportValue class to all hosts with the showServerInfo value set to a false value.
  • Sets the following host attributes to a false value:
    • autoDeploy
    • deployOnStartup
    • deployXML
    • unpackWARs

Configure applications

To use the Tomcat instance, configure the desired applications in the ~/ea-podman.d/container-name/webapps/ROOT directory. To deploy these applications, read the Deploy applications in a Tomcat container section below.

Configure SSL

If you want to use SSL in Tomcat, you must configure it manually.

To configure SSL, perform the following steps:

  1. Request a port for SSL from the system administrator. The system administrator can assign these ports with the cpuser_port_authority script.
    We strongly recommend that you use the --service=container_name flag when you assign a port for the Tomcat container. This will ensure that the system releases the port if you remove the container.
  2. Configure the port to use SSL in the ~/ea-podman.d/container-name/conf/server.xml file.
    • Add the redirectPort attribute.
    • Add the appropriate SSL connector. For example, if you want to configure SSL with HTTP, your entry might resemble the following example, where 10002 represents your assigned HTTP port, and 10004 represents the SSL port:
      <Connector port="10002" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="10003" />
      <Connector port="10004" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/path/to/kestorefile" keystorePass="my_keystore_password"/>
      • We strongly recommend that you do not store plaintext passwords in files. However, if you do, you must not loosen the .conf file permissions.
      • For more information, read Tomcat’s SSL/TLS Configuration documentation.

When you’re done changing your configuration, restart your Tomcat container with the following command, where container-name represents the name of the container:

/usr/local/cpanel/scripts/ea-podman restart container-name

Interact with your Tomcat container

When you install Tomcat into a container, it creates a directory in the ~/ea-podman.d/container-name directory in the user’s home directory. The system creates several directories when you set up Tomcat in containers.

You can use this directory to manage the information, files, and other data for the container.

Place any .war or .jsp files in the container’s webapps/ROOT directory.

Deploy applications in a Tomcat container

The default configuration of Tomcat containers allows you to choose the best method to deploy your applications.

To determine which deployment method is the best for you, read Apache’s Tomcat Security Considerations documentation. For more information about how to use that deployment method, read Apache’s Tomcat Web Application Deployment documentation.

Additional Documentation