4. Installing Tomcat

Download a binary distribution of Tomcat from the Apache Jakarta website:


If you don't want to run the Tomcat daemon as root, create a new user/group tomcat (first make sure that the UID and GID you use are still available by checking the files /etc/passwd and /etc/group):

  groupadd -g 220 tomcat
  useradd -u 220 -g tomcat -c "Tomcat" -r -d /usr/local/tomcat -s "/sbin/nologin" tomcat


You really should not use the root account to run the Tomcat daemon; (using Tomcat version 4.1.27) we found out that this allows the MMBase admin user to write backup dumps of his sites anywhere on the system.

<TODO: better solution available?>

Extract the Tomcat distribution in a new directory:

  cd /usr/local/
  tar -zxvf .../jakarta-tomcat-xxx.tar.gz


Version 4.1.27 came with a hot-fix:

  cd /usr/local/jakarta-tomcat-xxx/
  tar -zxvf .../xxx-hotfix-xxx.tar.gz

Change the ownership of the Tomcat directory and make it available as /usr/local/tomcat/:

  chown -R tomcat:tomcat /usr/local/jakarta-tomcat-xxx
  ln -s /usr/local/jakarta-tomcat-xxx /usr/local/tomcat

Open up the firewall for web access to the Tomcat server by adding to the file /etc/sysconfig/iptables:

  -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 8080 --syn -j ACCEPT

You need to reboot your system to make this rule effective or restart the iptables firewall:

  /etc/rc.d/init.d/iptables restart


Since (for some odd reason) some network managers allow outgoing web connections only to TCP port 80, there might be people around that cannot access your Tomcat (and MMBase) server through port 8080. Further below we will explain how to install a JK 2 mapping or a reverse proxy in Apache, so Tomcat and MMBase can be accessed through the Apache web server at port 80. Apart from the port issue, this has the advantage that you can use Apache to manage you SSL connections and use your existing Apache logs and statistics facilities for Tomcat and MMBase as well.

If you decide to use Apache as a front-end to your Tomcat and MMBase server, there's no need to open up port 8080 in your firewall.

To run Tomcat, set the $CATALINA_HOME environment variable:


and fire it up:


Now you can access Tomcat's home page through (replace <hostname> with your hostname):


which should give you the Tomcat welcome screen.

To shutdown again:


Since we want to automate the starting up and shutting down of the Tomcat server, we create a file /etc/rc.d/init.d/tomcat to do this for us:

  # Startup script for the Jakarta Tomcat Java Servlets and JSP server
  # chkconfig: - 85 15
  # description: Jakarta Tomcat Java Servlets and JSP server
  # processname: tomcat
  # pidfile: /var/run/tomcat.pid
  # config:

  # Source function library.
  . /etc/rc.d/init.d/functions

  # Source networking configuration.
  . /etc/sysconfig/network

  # Check that networking is up.
  [ ${NETWORKING} = "no" ] && exit 0

  # Set Tomcat environment.
  export JAVA_HOME=/usr/local/j2sdk
  export CLASSPATH=.:/usr/local/j2sdk/lib/tools.jar:/usr/local/j2re/lib/rt.jar
  export CATALINA_HOME=/usr/local/tomcat
  export CATALINA_OPTS="-server -Xms64m -Xmx512m -Dbuild.compiler.emacs=true"
  export PATH=/usr/local/j2sdk/bin:/usr/local/j2re/bin:$PATH

  [ -f /usr/local/tomcat/bin/startup.sh ] || exit 0
  [ -f /usr/local/tomcat/bin/shutdown.sh ] || exit 0

  export PATH=$PATH:/usr/bin:/usr/local/bin

  # See how we were called.
  case "$1" in
          # Start daemon.
          echo -n "Starting Tomcat: "
          [ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat
          # Stop daemons.
          echo -n "Shutting down Tomcat: "
          [ $RETVAL = 0 ] && rm -f /var/lock/subsys/tomcat
          $0 stop
          $0 start
         [ -e /var/lock/subsys/tomcat ] && $0 restart
          status tomcat
          echo "Usage: $0 {start|stop|restart|status}"
          exit 1

  exit 0

Set its ownership and access rights:

  chown root:root /etc/rc.d/init.d/tomcat
  chmod 755 /etc/rc.d/init.d/tomcat

And add this init script to chkconfig:

  chkconfig --add tomcat
  chkconfig tomcat on


To install two (or even more) versions of Tomcat server on the same system, increase the port numbers of the second server (e.g. by 10), by editing the configuration file /usr/local/tomcat55/conf/server.xml:

  <Server port="8015" shutdown="SHUTDOWN">
  <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
  <Connector port="8090"
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
      enableLookups="false" redirectPort="8453" acceptCount="100"
      connectionTimeout="20000" disableUploadTimeout="true" />
  <!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
  <Connector port="8453"
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
      enableLookups="false" disableUploadTimeout="true"
      acceptCount="100" scheme="https" secure="true"
      clientAuth="false" sslProtocol="TLS" />
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8019"
      enableLookups="false" redirectPort="8453" protocol="AJP/1.3" />
  <!-- Define a Proxied HTTP/1.1 Connector on port 8082 -->
  <!-- See proxy documentation for more information about using this. -->
  <Connector port="8082"
      maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
      enableLookups="false" acceptCount="100" connectionTimeout="20000"
      proxyPort="80" disableUploadTimeout="true" />

Complete this second Tomcat server installation as above for the first server, using adjusted directory and file names.