Tomcat via Containers
Last modified: August 16, 2023
Overview
This document explains how to set up Apache Tomcat® in an EasyApache 4 container. This document only applies to the EasyApache 4-provided Tomcat package. You can only install container-based packages on systems that use EasyApache 4’s containers and run AlmaLinux OS, Rocky Linux™, or Ubuntu®.
We provide Tomcat versions 10.0 and 10.1 for use with containers. Tomcat 10.0 is currently end-of-life (EOL) but will continue to function. For information about our Tomcat 8.5 package that runs on other operating systems and not in a container, read our Introduction to Tomcat documentation.
container-name
represents the name of your Tomcat container. You can find the names of your containers with either the registered
or running
options of the /usr/local/cpanel/scripts/ea-podman
script.
su -
or sudo -E
commands to run this script.
Install Tomcat via containers
To install Tomcat in a container on a system that runs EasyApache 4, you must first set up EasyApache 4 containers on your system.
After you set up containers on your system, install the ea-tomcat101
package to add Tomcat to your system.
Set up Tomcat inside containers
To set up Tomcat to run inside a container, perform the following steps:
-
Log in to the cPanel user account via SSH. You can do this by either logging in to the account via SSH from the command line, or using SSH in either WHM’s Terminal interface (WHM » Home » Server Configuration » Terminal) or cPanel’s Terminal interface (cPanel » Home » Advanced » Terminal).
-
Run the following command:
/usr/local/cpanel/scripts/ea-podman install ea-tomcat101
-
Run the following command to retrieve the container’s name. You will need this name to perform any further actions.
/usr/local/cpanel/scripts/ea-podman containers
For more information, read our /usr/local/cpanel/scripts/ea-podman
script documentation.
Configure Tomcat in a container
When you install Tomcat in a container, it creates a directory in the ~/ea-podman.d/container-name
directory in the user’s home
directory. The system creates several directories when you set up Tomcat in containers.
Default configuration
EasyApache 4 makes the following configuration changes from the default Tomcat 10.1 behavior to the ~/ea-podman.d/container-name/conf/server.xml
file:
- Disables the shutdown port by default.
- Sets the
xpoweredBy
attribute of all connectors to afalse
value. - Removes the
redirectPort
attribute. - Adds the
ErrorReportValue
class to all hosts with theshowServerInfo
value set to afalse
value. - Sets the following host attributes to a
false
value:autoDeploy
deployOnStartup
deployXML
unpackWARs
Configure applications
To use the Tomcat instance, configure the desired applications in the ~/ea-podman.d/container-name/webapps/ROOT
directory. To deploy these applications, read the Deploy applications in a Tomcat container section below.
Configure SSL
If you want to use SSL in Tomcat, you must configure it manually.
To configure SSL, perform the following steps:
- Request a port for SSL from the system administrator. The system administrator can assign these ports with the cpuser_port_authority script.
Note:We strongly recommend that you use the
--service=container_name
flag when you assign a port for the Tomcat container. This will ensure that the system releases the port if you remove the container. - Configure the port to use SSL in the
~/ea-podman.d/container-name/conf/server.xml
file.- Add the
redirectPort
attribute. - Add the appropriate SSL connector. For example, if you want to configure SSL with HTTP, your entry might resemble the following example, where
10002
represents your assigned HTTP port, and10004
represents the SSL port:1 2
<Connector port="10002" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="10003" /> <Connector port="10004" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true" scheme="https" secure="true" sslProtocol="TLS" keystoreFile="/path/to/kestorefile" keystorePass="my_keystore_password"/>
Important:We strongly recommend that you do not store plain text passwords in files. However, if you do, you must not loosen the.conf
file permissions.
- Add the
When you’re done changing your configuration, restart your Tomcat container with the following command, where container-name
represents the name of the container:
/usr/local/cpanel/scripts/ea-podman restart container-name
Interact with your Tomcat container
When you install Tomcat into a container, it creates a directory in the ~/ea-podman.d/container-name
directory in the user’s home
directory. The system creates several directories when you set up Tomcat in containers.
You can use this directory to manage the information, files, and other data for the container.
Place any .war
or .jsp
files in the container’s webapps/ROOT
directory.
Deploy applications in a Tomcat container
The default configuration of Tomcat containers allows you to choose the best method to deploy your applications.
To determine which deployment method is the best for you, read Apache’s Tomcat Security Considerations documentation. For more information about how to use that deployment method, read Apache’s Tomcat Web Application Deployment documentation.