Install Tomcat 10 on Debian 12 with Java 17

Hey folks! Do you remember the hard ages when you have to install Java and Tomcat by hand when setting up a new Debian server? Now, I tried setting up a Tomcat 10 server just using apt-get commands, and it works! So, here’s the list of commands that you and me in the future have to run when setting up a new Debian 12 + Java 17 + Tomcat 10 server.

Let’s go!

First, choose the timezone of your server

sudo dpkg-reconfigure tzdata

Then, let’s update the system:

sudo su
apt-get update &&
apt-get -y upgrade

While the upgrade is happening, maybe an old good blue screen asks you for some interaction. On Debian 11 it asked for some Grub configuration, and on Debian 12 it’s asking to something related to the SSH configuration of our servers provider. Anyway, think it twice and choose the wiser options.

Then, let’s install the good stuff.

apt-get -y install ntp cron htop tomcat10 tomcat10-admin

Then, just change the content of the Tomcat users file:

vim /etc/tomcat10/tomcat-users.xml

And append this content:

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="YOURUSER" password="YOURPASSWORD" roles="admin-gui,manager-gui,manager-script"/>

Restart Tomcat… et voilá!

service tomcat10 restart

Nice! Our environment is ready for production. But… just until the disk becomes full of logs. So, let’s clean the Tomcat logs daily. As we installed cron previously, we can create a script under /etc/cron.daily to remove those huge log files.

vim /etc/cron.daily/fewlaps-disk-cleaner

#!/bin/sh
rm -rf /var/log/tomcat10/*

Note that the last * mark is important. If we delete the whole directory instead of the contained files, Tomcat will not start anymore. That’s not exactly production-ready. Finally, give execution permissions to that script.

chmod +x /etc/cron.daily/fewlaps-disk-cleaner

Nice! Now, in case you want to monitor this brand new Tomcat via JMX, you’ll need to enable JMX. Internet is full of answers, but this one will be specific for Tomcat 10 on Debian 12. Everyone will have Tomcat installed in the same place, so let’s make something copypasteable. The thing is to create a new file setenv.sh with a new line that sets CATALINA_OPTS, and two files to authenticate a user to monitor the instance and another one to control it.

vim /usr/share/tomcat10/bin/setenv.sh

CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=8042 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.access.file=/usr/share/tomcat10/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/usr/share/tomcat10/jmxremote.password"

vim /usr/share/tomcat10/jmxremote.access

readonlyusername   readonly
controlusername    readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister

vim /usr/share/tomcat10/jmxremote.password

readonlyusername  READONLYPASSWORD
controlusername   WRITEPASSWORD

chown tomcat10:tomcat10 /usr/share/tomcat10/jmxremote.*
chmod 400 /usr/share/tomcat10/jmxremote.*

And that’s all! I will update this post if I detect something to improve. Guys behind Debian 12: THANKS! You made my life easier.

Install Tomcat 9 on Debian 11 with Java 11

Hey folks! Do you remember the hard ages when you have to install Java and Tomcat by hand when setting up a new Debian server? Now, I tried setting up a Tomcat 9 server just using apt-get commands, and it works! So, here’s the list of commands that you and me in the future have to run when setting up a new Debian 11 + Java 11 + Tomcat 9 server.

Let’s go!

su
apt-get update &&
apt-get -y upgrade

There’s a moment when a blue old-good-days interactive screen requests you to tell in which drives you should install the latest version of GRUB. Just mark all the drives, and if can’t be done in any of them, it will tell you later… but just don’t worry.

Then, let’s install the good stuff.

apt-get -y install ntp cron htop tomcat9 tomcat9-admin

Then, just change the content of the Tomcat users file:

vim /etc/tomcat9/tomcat-users.xml

And append this content:

<role rolename="admin-gui"/>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<user username="YOURUSER" password="YOURPASSWORD" roles="admin-gui,manager-gui,manager-script"/>

Restart Tomcat… et voilá!

systemctl restart tomcat9

Nice! Our environment is ready for production. But… just until the disk becomes full of logs. So, let’s clean the Tomcat logs daily. As we installed cron previously, we can create a script under /etc/cron.daily to remove those huge log files.

vim /etc/cron.daily/fewlaps-disk-cleaner

#!/bin/sh
rm -rf /var/log/tomcat9/*

Note that the last * mark is important. If we delete the whole directory instead of the contained files, Tomcat will not start anymore. That’s not exactly production-ready. Finally, give execution permissions to that script.

chmod +x /etc/cron.daily/fewlaps-disk-cleaner

Nice! Now, in case you want to monitor this brand new Tomcat via JMX, you’ll need to enable JMX. Internet is full of answers, but this one will be specific for Tomcat 9 on Debian 11. Everyone will have Tomcat installed in the same place, so let’s make something copypasteable. The thing is to create a new file setenv.sh with a new line that sets CATALINA_OPTS, and two files to authenticate a user to monitor the instance and another one to control it.

vim /usr/share/tomcat9/bin/setenv.sh

CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=8042 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.access.file=/usr/share/tomcat9/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/usr/share/tomcat9/jmxremote.password"

vim /usr/share/tomcat9/jmxremote.access

readonlyusername   readonly
controlusername    readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister

vim /usr/share/tomcat9/jmxremote.password

readonlyusername  READONLYPASSWORD
controlusername   WRITEPASSWORD

chown tomcat9:tomcat9 /usr/share/tomcat9/jmxremote.*
chmod 400 /usr/share/tomcat9/jmxremote.*

And that’s all! I will update this post if I detect something to improve. Guys behind Debian 11: THANKS! You made my life easier.