Install Tomcat 8.5 on Debian 9 with Java 8

Hey folks! Do you remember the hard ages when you have to install Java and Tomcat by hand when setting up a new Debian server? Now, I tried setting up a Tomcat 8.5 server just using apt-get commands, and it works! So, here’s the list of commands that you and me in the future have to run when setting up a new Debian 9 + Java 8 + Tomcat 8.5 server.

apt-get update &&
apt-get -y upgrade &&
apt-get -y install ntp cron htop tomcat8 tomcat8-admin

Then, just change the content of the Tomcat users file:

vim /etc/tomcat8/tomcat-users.xml

And append this content:

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="YOURUSER" password="YOURPASSWORD" roles="admin-gui,manager-gui,manager-script"/>

Restart Tomcat… et voilá!

/etc/init.d/tomcat8 restart

Nice! Our environment is ready for production. But… just until the disk becomes full of logs. So, let’s clean the Tomcat logs daily. As we installed cron previously, we can create a script under /etc/cron.daily to remove those huge log files.

vim /etc/cron.daily/fewlaps-disk-cleaner

rm -rf /var/log/tomcat8/*

Note that the last * mark is important. If we delete the whole directory instead of the contained files, Tomcat will not start anymore. That’s not exactly production-ready. Finally, give execution permissions to that script.

chmod +x /etc/cron.daily/fewlaps-disk-cleaner

Nice! Now, in case you want to monitor this brand new Tomcat via JMX, you’ll need to enable JMX. Internet is full of answers, but this one will be specific for Tomcat 8.5 on Debian 9. Everyone will have Tomcat installed in the same place, so let’s make something copypasteable. The thing is to create a new file with a new line that sets CATALINA_OPTS, and two files to authenticate a user to monitor the instance and another one to control it.

vim /usr/share/tomcat8/bin/


vim /usr/share/tomcat8/jmxremote.access

readonlyusername   readonly
controlusername    readwrite \
              create*,* \

vim /usr/share/tomcat8/jmxremote.password

readonlyusername  READONLYPASSWORD
controlusername   WRITEPASSWORD

chown tomcat8:tomcat8 /usr/share/tomcat8/jmxremote.*
chmod 400 /usr/share/tomcat8/jmxremote.*

And that’s all! I will update this post if I detect something to improve. Guys behind Debian 9: THANKS! You made my life easier.