Introduction to Tomcat
Last modified: March 14, 2023
Overview
Apache Tomcat allows you to serve Java-based applications. EasyApache 4 provides the option to install Tomcat 8.5.
For more information about the Apache Tomcat open-source project, visit the Apache Tomcat website.
- This document does not apply to our version of Tomcat 10.0 that runs in a container. For more information, read our Tomcat via Containers documentation.
- We strongly recommend that only experienced Tomcat administrators install Tomcat.
- Tomcat can present security issues on systems with multiple users. We strongly recommend that you understand the risks of this feature before you use it. For more information, read Tomcat’s Security Considerations documentation.
How to install Tomcat
Requirements
Tomcat requires root
-level access to install.
If you are running a server that uses AlmaLinux, Rocky Linux™, or Ubuntu®, you can only install Tomcat in container-based packages that use EasyApache 4’s containers. For more information about using Tomcat on these operating systems, read our Tomcat via Containers documentation.
Install Tomcat
In the interface
To install Tomcat, use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4). Tomcat appears in the Additional Packages section.
On the command line
To install Tomcat, run the following command on the command line as the root
user:
yum install ea-tomcat85
Uninstall Tomcat
In the interface
To uninstall Tomcat, use WHM’s EasyApache 4 interface (WHM » Home » Software » EasyApache 4). Tomcat appears in the Additional Packages section.
On the command line
To uninstall Tomcat, run the following command on the command line as the root
user:
yum remove ea-tomcat85
Configuration
In EasyApache 4, Tomcat runs as a per-user private instance. This increases security and allows the user to manage their own Tomcat services, but increases memory load on the server. We strongly recommend that you consider your server’s configuration carefully before you enable Tomcat for many users. For more information, read our Tomcat Private Instances documentation.
Tomcat 8.5 places its configuration files in the following location, where user
represents the name of the user for which you installed Tomcat:
/home/user/ea-tomcat85/conf
Default configuration
EasyApache 4 makes the following configuration changes to the default Tomcat 8.5 behavior in the ~/ea-tomcat85/conf/server.xml
file:
- Disable the shutdown port by default.
- Set the
xpoweredBy
attribute of all Connectors to afalse
value. - Remove the
redirectPort
attribute. - Add the
ErrorReportValue
class to all Hosts with theshowServerInfo
value set to afalse
value. - Set the following Host attributes to a
false
value:autoDeploy
deployOnStartup
deployXML
unpackWARs
Add Tomcat support for a user
Configure crontab access
You must grant crontab
access to Tomcat users. Otherwise, the user will not be able to use Tomcat.
- If the
/etc/cron.allow
file exists, the user must exist in the file. - If the
/etc/cron.deny
file exists, you must ensure that the user does not exist in the file.
To determine whether a user has crontab
access, perform the following steps:
- Navigate to WHM’s List Accounts interface (WHM » Home » Account Information » List Accounts).
- Click the cPanel logo to log in to the account as the user.
- Navigate to cPanel’s Terminal interface (cPanel » Home » Advanced » Terminal).
- Run the
crontab -l
command.- If you receive an error then you must grant crontab access to Tomcat users.
After you grant crontab
access to the user, you will need to remove and re-add the user to Tomcat.
In the interface
To add Tomcat 8.5 support to a user, use WHM’s Tomcat Manager interface (WHM » Home » Software » Tomcat Manager).
On the command line
To add Tomcat 8.5 support to a user, run the following command as the root
user:
/usr/local/cpanel/scripts/ea-tomcat85 [argument] [option]
The /usr/local/cpanel/scripts/ea-tomcat85
script accepts the following arguments, where user
represents the user you wish to change and command
represents an argument for the script:
Header One | Description | Example |
---|---|---|
add user |
Add Tomcat 8.5 support to a user. | /usr/local/cpanel/scripts/ea-tomcat85 add user123 |
rem user |
Remove Tomcat 8.5 support from a user. | /usr/local/cpanel/scripts/ea-tomcat85 rem user123 |
list |
View the users with a Tomcat 8.5 instance. | /usr/local/cpanel/scripts/ea-tomcat85 list |
hint [command] |
Display the abbreviated help information.
Note:
The command is optional. If you specify a command, only that command’s abbreviated help information will display.
|
/usr/local/cpanel/scripts/ea-tomcat85 hint add |
help [command] |
Display the script’s help information.
Note:
The command is optional. If you specify a command, only that command’s help information will display.
|
/usr/local/cpanel/scripts/ea-tomcat85 help |
Jailshell user considerations
Jailshell users cannot see the status of their previously started Tomcat service. The default jailshell permissions only allow users to view their current session’s processes. If they attempt to restart an already active service with Ubic, the system will launch a duplicate process.
You can address this behavior with one of the following actions:
- Select Always mount a full /proc under the Jailed /proc mount method option of the System section of WHM’s Tweak Settings interface (WHM » Home » Server Configuration » Tweak Settings). If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
- If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.
- If you do not enable this setting, Ubic will stop the Tomcat service when you exit the shell.
- You can assign the user a normal shell.
- You can do nothing. We do not recommend this action, as it may cause confusion and the user may start duplicate processes.
Running Tomcat
Custom configurations
When you add a user with either WHM’s Tomcat Manager interface (WHM » Home » Software » Tomcat Manager) or the /usr/local/cpanel/scripts/ea-tomcat85
script, the script creates an environment that the user can configure for their unique requirements.
When a you assign Tomcat access to a cPanel user, the script assigns two ports to the user. You can find these port assignments in the /etc/cpanel/cpuser_port_authority.json
file and the user’s ~/ea-tomcat85/conf/server.xml
file.
You must configure any custom behavior manually. To change how Tomcat interacts with Apache, edit or create the appropriate file in the /etc/apache2/conf.d/userdata/
directory. For more information, read our Advanced Apache Configuration and Modify Apache Virtual Hosts with Include Files documentation.
Proxy an app with Apache JServ Protocol (AJP)
Tomcat 8.5 can use AJP to serve applications in EasyApache 4. For more information, read our Tomcat Proxies documentation.
LiteSpeed Web Server
Versions of LiteSpeed earlier than 5.3.5 (build 6) are not compatible with the ProxyPassMatch
directive. This causes LiteSpeed to not proxy from the assigned port to port 80
. Update your LiteSpeed server to a newer, compatible version or use the Tomcat instance’s assigned port.
Differences between Tomcat in EasyApache 3 and EasyApache 4
EasyApache 3 handles Tomcat differently than EasyApache 4. EasyApache 4 provides Tomcat 8.5, rather than Tomcat 7.
In EasyApache 3, Tomcat existed as a shared service and all applications ran as the tomcat
user. The server created a container within a shared server.xml
file.
In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the tomcat
user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements.
- For more information, read our Tomcat Private Instances documentation.
- For more information about managing services in Tomcat, read our The cpuser_service_manager script and the Ubic subsystem documentation.
- EasyApache 4 provides the
mod_proxy_ajp
Apache module rather than themod_jk
connector.