1. cPanel & WHM Documentation
  2. EasyApache4
  3. Tomcat
  4. Introduction to Tomcat
ea4 server

Introduction to Tomcat

Last modified: March 14, 2023

Overview

Apache Tomcat allows you to serve Java-based applications. EasyApache 4 provides the option to install Tomcat 8.5.

For more information about the Apache Tomcat open-source project, visit the Apache Tomcat website.

Important:
  • This document does not apply to our version of Tomcat 10.0 that runs in a container. For more information, read our Tomcat via Containers documentation.
  • We strongly recommend that only experienced Tomcat administrators install Tomcat.
  • Tomcat can present security issues on systems with multiple users. We strongly recommend that you understand the risks of this feature before you use it. For more information, read Tomcat’s Security Considerations documentation.

How to install Tomcat

Requirements

Tomcat requires root-level access to install.

Note:

If you are running a server that uses AlmaLinux, Rocky Linux™, or Ubuntu®, you can only install Tomcat in container-based packages that use EasyApache 4’s containers. For more information about using Tomcat on these operating systems, read our Tomcat via Containers documentation.

Install Tomcat

In the interface

To install Tomcat, use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4). Tomcat appears in the Additional Packages section.

On the command line

To install Tomcat, run the following command on the command line as the root user:

yum install ea-tomcat85

Uninstall Tomcat

In the interface

To uninstall Tomcat, use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4). Tomcat appears in the Additional Packages section.

On the command line

To uninstall Tomcat, run the following command on the command line as the root user:

yum remove ea-tomcat85

Configuration

In EasyApache 4, Tomcat runs as a per-user private instance. This increases security and allows the user to manage their own Tomcat services, but increases memory load on the server. We strongly recommend that you consider your server’s configuration carefully before you enable Tomcat for many users. For more information, read our Tomcat Private Instances documentation.

Tomcat 8.5 places its configuration files in the following location, where user represents the name of the user for which you installed Tomcat:

/home/user/ea-tomcat85/conf

Default configuration

EasyApache 4 makes the following configuration changes to the default Tomcat 8.5 behavior in the ~/ea-tomcat85/conf/server.xml file:

  • Disable the shutdown port by default.
  • Set the xpoweredBy attribute of all Connectors to a false value.
  • Remove the redirectPort attribute.
  • Add the ErrorReportValue class to all Hosts with the showServerInfo value set to a false value.
  • Set the following Host attributes to a false value:
    • autoDeploy
    • deployOnStartup
    • deployXML
    • unpackWARs
Note:
You may need to make additional security changes, depending on your system’s Tomcat requirements. For more information, read Tomcat’s Security Considerations documentation.

Add Tomcat support for a user

Configure crontab access

You must grant crontab access to Tomcat users. Otherwise, the user will not be able to use Tomcat.

  • If the /etc/cron.allow file exists, the user must exist in the file.
  • If the /etc/cron.deny file exists, you must ensure that the user does not exist in the file.

To determine whether a user has crontab access, perform the following steps:

  1. Navigate to WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts).
  2. Click the cPanel logo to log in to the account as the user.
  3. Navigate to cPanel’s Terminal interface (cPanel » Home » Advanced » Terminal).
  4. Run the crontab -l command.
    • If you receive an error then you must grant crontab access to Tomcat users.

After you grant crontab access to the user, you will need to remove and re-add the user to Tomcat.

In the interface

To add Tomcat 8.5 support to a user, use WHM’s Tomcat Manager interface (WHM » Home » Software » Tomcat Manager).

On the command line

To add Tomcat 8.5 support to a user, run the following command as the root user:

/usr/local/cpanel/scripts/ea-tomcat85 [argument] [option]

The /usr/local/cpanel/scripts/ea-tomcat85 script accepts the following arguments, where user represents the user you wish to change and command represents an argument for the script:

Header One Description Example
add user Add Tomcat 8.5 support to a user. /usr/local/cpanel/scripts/ea-tomcat85 add user123
rem user Remove Tomcat 8.5 support from a user. /usr/local/cpanel/scripts/ea-tomcat85 rem user123
list View the users with a Tomcat 8.5 instance. /usr/local/cpanel/scripts/ea-tomcat85 list
hint [command] Display the abbreviated help information.
Note:
The command is optional. If you specify a command, only that command’s abbreviated help information will display.
/usr/local/cpanel/scripts/ea-tomcat85 hint add
help [command] Display the script’s help information.
Note:
The command is optional. If you specify a command, only that command’s help information will display.
/usr/local/cpanel/scripts/ea-tomcat85 help

Jailshell user considerations

Jailshell users cannot see the status of their previously started Tomcat service. The default jailshell permissions only allow users to view their current session’s processes. If they attempt to restart an already active service with Ubic, the system will launch a duplicate process.

You can address this behavior with one of the following actions:

  • Select Always mount a full /proc under the Jailed /proc mount method option of the System section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings). If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
    • If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
    • If you do not enable this setting, Ubic will stop the Tomcat service when you exit the shell.
  • You can assign the user a normal shell.
  • You can do nothing. We do not recommend this action, as it may cause confusion and the user may start duplicate processes.

Running Tomcat

Note:
Tomcat may take a long time to start to serve requests on initial startup. This usually happens on virtual machines. For suggestions of ways to start your Tomcat server faster, read the Tomcat Faster Startup documentation. System administrators must choose the solution that best fits their needs.

Custom configurations

When you add a user with either WHM’s Tomcat Manager interface (WHM » Home » Software » Tomcat Manager) or the /usr/local/cpanel/scripts/ea-tomcat85 script, the script creates an environment that the user can configure for their unique requirements.

When a you assign Tomcat access to a cPanel user, the script assigns two ports to the user. You can find these port assignments in the /etc/cpanel/cpuser_port_authority.json file and the user’s ~/ea-tomcat85/conf/server.xml file.

You must configure any custom behavior manually. To change how Tomcat interacts with Apache, edit or create the appropriate file in the /etc/apache2/conf.d/userdata/ directory. For more information, read our Advanced Apache Configuration and Modify Apache Virtual Hosts with Include Files documentation.

Important:
You must update your custom Tomcat configuration if you make any changes to an Apache user’s username or home directory.

Proxy an app with Apache JServ Protocol (AJP)

Tomcat 8.5 can use AJP to serve applications in EasyApache 4. For more information, read our Tomcat Proxies documentation.

LiteSpeed Web Server

Versions of LiteSpeed earlier than 5.3.5 (build 6) are not compatible with the ProxyPassMatch directive. This causes LiteSpeed to not proxy from the assigned port to port 80. Update your LiteSpeed server to a newer, compatible version or use the Tomcat instance’s assigned port.

Differences between Tomcat in EasyApache 3 and EasyApache 4

EasyApache 3 handles Tomcat differently than EasyApache 4. EasyApache 4 provides Tomcat 8.5, rather than Tomcat 7.

In EasyApache 3, Tomcat existed as a shared service and all applications ran as the tomcat user. The server created a container within a shared server.xml file.

In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the tomcat user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements.

Additional Documentation