How to install Apache Tomcat 9 on Ubuntu 18.04 LTS

Apache Tomcat is a web server and servlet container developed by the Apache Software Foundation. It implements several Java EE technologies including Java Servlet, JavaServer Pages, Java WebSocket, and Java Expression language.

In today’s tutorial, we are going to show you how to install and configure Apache Tomcat 9 with Oracle Java 8.

Step 1) Install Oracle Java

Enter the following commands one at a time in the Terminal to add the Java repository, update the system and install Java.

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-set-default

Select “yes” for the agreement and installation will continue. After installation is complete, you can check the Java Version and Java Home after installation as follows:

sudo java -version

sudo echo $JAVA_HOME

Step 2) Create a User for Tomcat

Typically, we don’t recommend you to run Tomcat under the root user for security purpose. Rather, we advise you to create a new user and group. Additionally, we are going to install tomcat to “/opt/tomcat” folder to use as a Tomcat user home directory.

Start with creating a group and user.

 sudo groupadd tomcat
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

Step 3) Download and install Tomcat

Tomcat 9 binary release can be downloaded from official download page. You can download “zip” or “tar.gz” file from under the binary distribution in the “core” section.

Tomcat Download
Tomcat Download

We are going to install Tomcat to “/opt”directory. So we will download package to that location.

Change directory to /opt

 cd /opt

Copy the download URL and paste it in the below wget command to download Tomcat Package:

sudo wget

Extract the tar package.

sudo tar -xvzf apache-tomcat-9.0.14.tar.gz

Rename the extracted file as tomcat.

sudo mv apache-tomcat-9.0.14 tomcat

Modify ownership and permissions of Tomcat folder.

sudo chown -R tomcat: tomcat

Give executed permission to “bin” directory.

sudo chmod o+x /opt/tomcat/bin/

Step 4) Create a “systemd” file for Tomcat service management

To start and stop Tomcat service we will create a file called “tomcat.service” in the “/etc/systemd/system”.

sudo vim /etc/systemd/system/tomcat.service

Add the following content to the file.

Description=Tomcat 9 Server



Environment="JAVA_OPTS=-Xms512m -Xmx512m"

Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"




Then save and the exit file.

Restart “systemctl deamon”.

sudo systemctl daemon-reload

Start Tomcat service.

sudo systemctl start tomcat

Monitor Tomcat logfile.

tail -f /opt/tomcat/logs/catalina.out

If there is no error you will get similar to below output:

Tomcat Starting
Tomcat Starting

Check the Tomcat service status.

sudo systemctl status tomcat

Tomcat Status
Tomcat Status

Enable Tomcat service on system boot:

sudo systemctl enable tomcat

Default Tomcat port is “8080” So need to allow that port on Ubuntu firewall.

sudo ufw allow 8080/tcp

Check firewall status:

sudo ufw status

Step 5) Configure Tomcat Web Management Interface

Edit the tomcat-users file as follows to add the following line to before “</tomcat-users>”. Obviously, you will have to replace the role name, username and password as desired in the following command:

sudo vim /opt/tomcat/conf/tomcat-users.xml
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<user username="tomcatadmin" password="abc123" roles="admin-gui,manager-gui"/>

Restart Tomcat for the new configuration to take into effect.

sudo systemctl restart tomcat

Step 6) Test Tomcat

If you made this far successfully, you should be able to browse the Tomcat server. Launch the following URL in the browser.


You should see the page as follows:

Tomcat Home Page
Tomcat Home Page

Click on the manager app or host Manager. You should see a prompt for the user name and password. Enter tomcat username and password that was created on “tomcat-users.xml” file in step 5.


If everything went well, you should get an “Access Denied” error. This is completely normal.

Access Denied
Access Denied

The reasoning behind this error is that the Tomcat web management interface is configured to restrict access to the apps Manager and Host Manager only from the localhost. Therefore remote IP access should be enabled. This is not recommended for production environments.

However, here is how to remove those restrictions and enable our public IP.

Open the following file for Manage App settings:

sudo vim /opt/tomcat/webapps/manager/META-INF/context.xml

For the Host Manager configurations:

sudo vim /opt/tomcat/webapps/host-manager/META-INF/context.xml

Modify the following section in both files. Replace your public IP with “yourIP” in the command below.

<Context antiResourceLocking="false" privileged="true" >
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127.d+.d+.d+|::1|0:0:0:0:0:0:0:1|yourIP" />
  <Manager sessionAttributeValueClassNameFilter="java.lang.(?:Boolean|Integer|Long|Number|String)|org.apache.catalina.filters.CsrfPreventionFilter$LruCache(?:$1)?|java.util.(?:Linked)?HashMap"/>


Restart Tomcat and then browse Tomcat again, following by clicking on Manager App or Host Manager. You should see no problems now.

sudo systemctl restart tomcat

App Manager

App ManagerHost Manager

Host Manager
Host Manager

Server Status


Congratulations! You have now successfully installed and configured Tomcat 9. How did the instructions work for you? Let us know your feedback in the comments below and don’t forget to share the tutorial with your friends!

Categorized as Ubuntu

Leave a comment

Your email address will not be published. Required fields are marked *