Tomcat via Containers

Last modified: October 17, 2022

Overview

This document explains how to set up Apache Tomcat® in an EasyApache 4 container. This document only applies to the EasyApache 4-provided Tomcat package.

We provide Tomcat version 10.0 for use with containers. You can only install container-based packages on systems that use EasyApache 4’s containers and run AlmaLinux OS 8, Rocky Linux™ 8, or Ubuntu®. For information about our Tomcat package that runs on other operating systems and not in a container, read our Introduction to Tomcat documentation.

Note:

In this documentation, container-name represents the name of your Tomcat container. You can find the names of your containers with either the registered or running options of the /usr/local/cpanel/scripts/ea-podman script.

Important:

You must log in with SSH as the user. You cannot use the su - or sudo -E commands to run this script.

Install Tomcat via containers

To install Tomcat in a container on a system that runs EasyApache 4, you must first set up EasyApache 4 containers on your system.

After you set up containers on your system, install the ea-tomcat100 package to add Tomcat to your system.

Set up Tomcat inside containers

To set up Tomcat to run inside a container, perform the following steps:

Log in to the cPanel user account via SSH. You can do this by either logging in to the account via SSH from the command line, or using SSH in either WHM’s Terminal interface (WHM » Home » Server Configuration » Terminal) or cPanel’s Terminal interface (cPanel » Home » Advanced » Terminal).

Run the following command:

/usr/local/cpanel/scripts/ea-podman install ea-tomcat100

Run the following command to retrieve the container’s name. You will need this name to perform any further actions.
```
/usr/local/cpanel/scripts/ea-podman containers
```

For more information, read our /usr/local/cpanel/scripts/ea-podman script documentation.

Configure Tomcat in a container

Note:

cPanel users must have shell access to configure Tomcat in a container.

When you install Tomcat in a container, it creates a directory in the ~/ea-podman.d/container-name directory in the user’s home directory. The system creates several directories when you set up Tomcat in containers.

Default configuration

EasyApache 4 makes the following configuration changes from the default Tomcat 8.5 behavior to the ~/ea-podman.d/container-name/conf/server.xml file:

Disables the shutdown port by default.
Sets the xpoweredBy attribute of all connectors to a false value.
Removes the redirectPort attribute.
Adds the ErrorReportValue class to all hosts with the showServerInfo value set to a false value.
Sets the following host attributes to a false value:
- autoDeploy
- deployOnStartup
- deployXML
- unpackWARs

Configure applications

To use the Tomcat instance, configure the desired applications in the ~/ea-podman.d/container-name/webapps directory. For more information, read the Load jsp pages in Tomcat section below.

Configure SSL

If you want to use SSL in Tomcat, you must configure it manually.

To configure SSL, perform the following steps:

Request a port for SSL from the system administrator. The system administrator can assign these ports with the cpuser_port_authority script.

Note:

We strongly recommend that you use the --service=container_name flag when you assign a port for the Tomcat container. This will ensure that the system releases the port if you remove the container.

Configure the port to use SSL in the ~/ea-podman.d/container-name/conf/server.xml file.

Add the redirectPort attribute.

Add the appropriate SSL connector. For example, if you want to configure SSL with HTTP, your entry might resemble the following example, where 10002 represents your assigned HTTP port, and 10004 represents the SSL port:

1
2


<Connector port="10002" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="10003" />
<Connector port="10004" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/path/to/kestorefile" keystorePass="my_keystore_password"/>

Important:

We strongly recommend that you do not store plain text passwords in files. However, if you do, you must not loosen the .conf file permissions.

When you’re done changing your configuration, restart your Tomcat container with the following command, where container-name represents the name of the container:

/usr/local/cpanel/scripts/ea-podman restart container-name

Interact with your Tomcat container

When you install Tomcat into a container, it creates a directory in the ~/ea-podman.d/container-name directory in the user’s home directory. The system creates several directories when you set up Tomcat in containers.

You can use this directory to manage the information, files, and other data for the container.

Place any .war or .jsp files in the container’s webapps directory.

Load jsp pages in Tomcat

To load .jsp pages in Tomcat, perform the following steps:

Place your .jsp files in the webapps directory of your Tomcat container. You must place these files in this directory for them to load.
Edit the Context element in the Host section of your ~/ea-podman.d/container-name/conf/server.xml file. Your entry might resemble the following example, where container-name represents the container’s name:
1 2

<Context path="/" docBase="~/ea-podman.d/container-name/webapps/ROOT/"> </Context>
Find your container’s port numbers with the following command:
```
usr/local/cpanel/scripts/ea-podman list
```
Your results might resemble the following example:
1 2 3 4 5 6 7 8

"ea-tomcat100.cptest1.02" : { "image" : "docker.io/library/tomcat:10.0.20\n", "ports" : [ "10002", "10003" ] } }
In this example, the first port number listed, 10002, is the port used by HTTP. The second port listed, 10003, is the one used by AJP.
Next, configure your application for AJP. To do this, you must create a virtual host include file.

Your include file might resemble the following example, where /app represents the Tomcat application and 10003 represents the user’s AJP port number:
1 2 3

<IfModule proxy_ajp_module> ProxyPass "/app" "ajp://127.0.0.1:10003/docs" </IfModule>
Add your include file to the appropriate location in the /etc/apache2/ directory. For more information about Apache include files and their locations, read our Modify Apache Virtual Hosts with Include Files documentation.
Test that your pages serve correctly by navigating to the following URLs:
- http://example.com:10002/test.jsp — This URL tests that your HTTP requests serve correctly.
- http://example.com/app — This URL tests that your AJP connections proxy your content correctly. In this example, the server proxies the response to your app Tomcat application.