Introduction to Tomcat
Last modified: September 22, 2021
This document only applies to Tomcat in cPanel & WHM version 76 and later.
Apache Tomcat® allows you to serve Java-based applications. EasyApache 4 provides the option to install Tomcat 8.5.
For more information about the Apache Tomcat open-source project, visit the Apache Tomcat website.
- We strongly recommend that only experienced Tomcat administrators install Tomcat.
- Tomcat can present security issues on systems with multiple users. We strongly recommend that you understand the risks of this feature before you use it. For more information, read Tomcat’s Security Considerations documentation.
How to install Tomcat
root-level access to install.
cPanel & WHM does not support Tomcat on servers that run the CentOS 8 or AlmaLinux OS 8 operating systems.
In the interface
To install Tomcat, use WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4). Tomcat appears in the Additional Packages section.
On the command line
To install Tomcat, run the following command on the command line as the
yum install ea-tomcat85
In the interface
To uninstall Tomcat, use WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4). Tomcat appears in the Additional Packages section.
On the command line
To uninstall Tomcat, run the following command on the command line as the
yum remove ea-tomcat85
In EasyApache 4, Tomcat runs as a per-user private instance. This increases security and allows the user to manage their own Tomcat services, but increases memory load on the server. We strongly recommend that you consider your server’s configuration carefully before you enable Tomcat for many users. For more information, read our Tomcat Private Instances documentation.
Tomcat 8.5 places its configuration files in the following location, where
user represents the name of the user for which you installed Tomcat:
EasyApache 4 makes the following configuration changes to the default Tomcat 8.5 behavior in the
- Disable the shutdown port by default.
- Set the
xpoweredByattribute of all Connectors to a
- Remove the
- Add the
ErrorReportValueclass to all Hosts with the
showServerInfovalue set to a
- Set the following Host attributes to a
Add Tomcat support for a user
Configure crontab access
You must grant
crontab access to Tomcat users. Otherwise, the user will not be able to use Tomcat.
/etc/cron.allowfile exists, the user must exist in the file.
/etc/cron.denyfile exists, you must ensure that the user does not exist in the file.
To determine whether a user has
crontab access, perform the following steps:
Navigate to WHM’s List Accounts interface (WHM >> Home >> Account Information >> List Accounts).
Click the cPanel logo to log in to the account as the user.
Navigate to cPanel’s Terminal interface (cPanel >> Home >> Advanced >> Terminal).
- If you receive an error then you must grant crontab access to Tomcat users.
After you grant
crontab access to the user, you will need to remove and re-add the user to Tomcat.
In the interface
To add Tomcat 8.5 support to a user, use WHM’s Tomcat Manager interface (WHM >> Home >> Software >> Tomcat Manager).
On the command line
To add Tomcat 8.5 support to a user, run the following command as the
/usr/local/cpanel/scripts/ea-tomcat85 [argument] [option]
/usr/local/cpanel/scripts/ea-tomcat85 script accepts the following arguments, where
user represents the user you wish to change and
command represents an argument for the script:
||Add Tomcat 8.5 support to a user.||
||Remove Tomcat 8.5 support from a user.||
||View the users with a Tomcat 8.5 instance.||
||Display the abbreviated help information.
The command is optional. If you specify a command, only that command’s abbreviated help information will display.
||Display the script’s help information.
The command is optional. If you specify a command, only that command’s help information will display.
Jailshell user considerations
Jailshell users cannot see the status of their previously started Tomcat service. The default jailshell permissions only allow users to view their current session’s processes. If they attempt to restart an already active service with Ubic, the system will launch a duplicate process.
You can address this behavior with one of the following actions:
Select Always mount a full /proc under the Jailed /proc mount method option of the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
If you do not enable this setting, Ubic will stop the Tomcat service when you exit the shell.
You can assign the user a normal shell.
You can do nothing. We do not recommend this action, as it may cause confusion and the user may start duplicate processes.
When you add a user with either WHM’s Tomcat Manager interface (WHM >> Home >> Software >> Tomcat Manager) or the
/usr/local/cpanel/scripts/ea-tomcat85 script, the script creates an environment that the user can configure for their unique requirements.
When a you assign Tomcat access to a cPanel user, the script assigns two ports to the user. You can find these port assignments in the
/etc/cpanel/cpuser_port_authority.json file and the user’s
You must configure any custom behavior manually. To change how Tomcat interacts with Apache, edit or create the appropriate file in the
/etc/apache2/conf.d/userdata/ directory. For more information, read our Advanced Apache Configuration and Modify Apache Virtual Hosts with Include Files documentation.
Proxy an app with Apache JServ Protocol (AJP)
Tomcat 8.5 can use AJP to serve applications in EasyApache 4. For more information, read our Tomcat Proxies documentation.
LiteSpeed Web Server
Versions of LiteSpeed earlier than 5.3.5 (build 6) are not compatible with the
ProxyPassMatch directive. This causes LiteSpeed to not proxy from the assigned port to port
80. Update your LiteSpeed server to a newer, compatible version or use the Tomcat instance’s assigned port.
Differences between Tomcat in EasyApache 3 and EasyApache 4
EasyApache 3 handles Tomcat differently than EasyApache 4. EasyApache 4 provides Tomcat 8.5, rather than Tomcat 7.
In EasyApache 3, Tomcat existed as a shared service and all applications ran as the
tomcat user. The server created a container within a shared
In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the
tomcat user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements.
- For more information, read our Tomcat Private Instances documentation.
- For more information about managing services in Tomcat, read our The cpuser_service_manager script and the Ubic subsystem documentation.
- EasyApache 4 provides the
mod_proxy_ajpApache module rather than the