I just announced the new Spring Boot 2 material, coming in REST With Spring:


1. Overview

Simply put, Apache Tomcat is a web server and servlet container that is used to deploy and serve Java web applications.

In this quick article, we’re going to show how to install Tomcat, how to configure a user for the Tomcat Manager and create an SSL certificate to allow Tomcat to serve HTTPS content.

2. Install Tomcat on Windows

2.1. Download and Prepare

First, we need to download Tomcat.

Download the server as a zip file for Windows:

Next, we’ll simply uncompress Tomcat into its directory.

2.3. Install

On Windows, a quick additional installation is necessary. Open the Windows terminal and from the Tomcat installation bin directory:

C:\Java\Apache Tomcat 8.5.9\bin>

Install the service with the following command:

C:\Java\Apache Tomcat 8.5.9\bin>service install

The output should be similar to this:

Installing the service 'Tomcat8' ...
Using CATALINA_HOME:    "C:\Java\Apache Tomcat 8.5.9"
Using CATALINA_BASE:    "C:\Java\Apache Tomcat 8.5.9"
Using JAVA_HOME:        "C:\Java\jdk1.8.0_40"
Using JRE_HOME:         "C:\Java\jre1.8.0_40"
Using JVM:              "C:\Java\jre1.8.0_40\bin\client\jvm.dll"
The service 'Tomcat8' has been installed.

2.4. Start the Tomcat Service

Start the service with the following command:

C:\Java\Apache Tomcat 8.5.9\bin>sc start Tomcat8

You should get the following output:

        TYPE               : 10  WIN32_OWN_PROCESS
        STATUS             : 2  START_PENDING
                                (NOT_STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_OUTPUT_CODE  : 0  (0x0)
        SERVICE_OUTPUT_CODE: 0  (0x0)
        CHECK-POINT        : 0x0
        START-INDICATOR    : 0x7d0
        PID                : 5552
        MARKS              :

Open the browser in the URL:


And you should see the Tomcat Welcome screen.

3. Installing Tomcat on Linux (Debian)

We’re going to install Tomcat on Ubuntu Linux 16.06, but this procedure should work well on any Debian-based Linux distribution.

3.1. Download and Uncompress

Similarly, we’re going to download and uncompress Tomcat:

sudo mkdir /opt/tomcat
sudo tar xvf apache-tomcat-8.5.9.tar.gz -C /opt/tomcat --strip-components=1

3.2. Ensure that Java is Installed

Let’s also make sure that we have Java installed and available on the system:

java -version

You should get the following output:

3.3. Create a User and a Group

We’re going to run the server under a separate group and user; let’s create a group for it first:

sudo groupadd tomcat

And let’s create a Tomcat user to avoid use the root user:

sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

Let’s also update the permissions of the server – to use them with the new user and group:

cd /opt/tomcat
sudo chgrp -R tomcat conf
sudo chmod g+rwx conf
sudo chmod g+r conf/*
sudo chown -R tomcat work/ temp/ logs/

Finally, let’s make sure that Tomcat starts automatically with a simple Upstart script:

vi /etc/init/tomcat.conf

The tomcat.conf script is used by the operative system to start the Tomcat service at boot time.

This script is used to start and stop the service when needed:

description "Tomcat Server"
    start on runlevel [2345]
    stop on runlevel [!2345]
    setuid tomcat
    setgid tomcat
    env JAVA_HOME=/opt/jdk1.8.0_77/jre/
    env CATALINA_HOME=/opt/tomcat
    exec $CATALINA_HOME/bin/catalina.sh run

3.4. Start

Go to the opt/tomcat/bin directory and execute the following command:

./catalina.sh start

You should see the following output:

Using CATALINA_BASE:   /opt/tomcat
Using CATALINA_HOME:   /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME:        /usr
Using CLASSPATH:       /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started.
[email protected]:/opt/tomcat/bin#

Now its time of test our server.

Open your browser in the URL:


And you should see the following page:

4. Tomcat Manager

To access the Tomcat manager, we need to create a user with the privileges to do that.

On Windows:

C:\Java\Apache Tomcat 8.5.9\conf\tomcat-users.xml

On Linux:


In this file, we are going to define the users to access the tomcat manager.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
  xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
    <user username="admin" password="admin" roles="manager-gui,admin-gui"/>

In the <user> tag, we are defining a user “admin” with the password “admin” with the roles manager-gui and admin-gui.

Now restart the server and open again the URL:


This time click on the “Manager App” button and the server will ask for credentials. After you enter the provided credentials, you should see the following screen:

5. SSL Certificate

Run the following command to generate the certificate:

On Windows:

keytool -genkey -alias tomcat -keyalg RSA -keystore C:\Java\apache-tomcat-8.5.9\keystore\tomcat

On Linux:

keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/keystore/tomcat

The tool is going to ask some questions to feed the certificate. The certificate is going to be in the folder and the name of the certificate is “tomcat”. You can check the certificate with:
On Windows:

keytool -list -keystore C:\Java\apache-tomcat-8.5.9\keystore\tomcat

On Linux:

keytool -list -keystore /opt/tomcat/keystore/tomcat

5.1. Use the Certificate

Edit the file:

On Windows:

C:\Java\Apache Tomcat 8.5.9\conf\server.xml

On Linux:


and add an SSL connector.

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
  maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS"
  keystorePass="changeit" />

Restart Tomcat and you are done. Now you can run your Applications under HTTPS in Tomcat.

6. Conclusion

At this end of this quick tutorial, we now have a working Tomcat in Linux and Windows to use during development.

To use Tomcat in production, we, of course, need to configure and tune the server accordingly.

I just announced the new Spring Boot 2 material, coming in REST With Spring: