Hey folks! Do you remember the hard ages when you have to install Java and Tomcat by hand when setting up a new Debian server? Now, I tried setting up a Tomcat 8.5 server just using apt-get commands, and it works! So, here’s the list of commands that you and me in the future have to run when setting up a new Debian 9 + Java 8 + Tomcat 8.5 server.
su
apt-get update &&
apt-get -y upgrade &&
apt-get -y install ntp cron htop tomcat8 tomcat8-admin
Then, just change the content of the Tomcat users file:
vim /etc/tomcat8/tomcat-users.xml
And append this content:
<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="YOURUSER" password="YOURPASSWORD" roles="admin-gui,manager-gui,manager-script"/>
Restart Tomcat… et voilá!
/etc/init.d/tomcat8 restart
Nice! Our environment is ready for production. But… just until the disk becomes full of logs. So, let’s clean the Tomcat logs daily. As we installed cron previously, we can create a script under /etc/cron.daily to remove those huge log files.
vim /etc/cron.daily/fewlaps-disk-cleaner
#!/bin/sh
rm -rf /var/log/tomcat8/*
Note that the last * mark is important. If we delete the whole directory instead of the contained files, Tomcat will not start anymore. That’s not exactly production-ready. Finally, give execution permissions to that script.
chmod +x /etc/cron.daily/fewlaps-disk-cleaner
Nice! Now, in case you want to monitor this brand new Tomcat via JMX, you’ll need to enable JMX. Internet is full of answers, but this one will be specific for Tomcat 8.5 on Debian 9. Everyone will have Tomcat installed in the same place, so let’s make something copypasteable. The thing is to create a new file setenv.sh with a new line that sets CATALINA_OPTS, and two files to authenticate a user to monitor the instance and another one to control it.
vim /usr/share/tomcat8/bin/setenv.sh
CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=8042 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.access.file=/usr/share/tomcat8/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/usr/share/tomcat8/jmxremote.password"
vim /usr/share/tomcat8/jmxremote.access
readonlyusername readonly
controlusername readwrite \
create javax.management.monitor.*,javax.management.timer.* \
unregister
vim /usr/share/tomcat8/jmxremote.password
readonlyusername READONLYPASSWORD
controlusername WRITEPASSWORD
chown tomcat8:tomcat8 /usr/share/tomcat8/jmxremote.*
chmod 400 /usr/share/tomcat8/jmxremote.*
And that’s all! I will update this post if I detect something to improve. Guys behind Debian 9: THANKS! You made my life easier.