Hey folks! Do you remember the hard ages when you have to install Java and Tomcat by hand when setting up a new Debian server? Now, I tried setting up a Tomcat 10 server just using apt-get commands, and it works! So, here’s the list of commands that you and me in the future have to run when setting up a new Debian 12 + Java 17 + Tomcat 10 server.
Let’s go!
First, choose the timezone of your server
sudo dpkg-reconfigure tzdata
Then, let’s update the system:
sudo su apt-get update && apt-get -y upgrade
While the upgrade is happening, maybe an old good blue screen asks you for some interaction. On Debian 11 it asked for some Grub configuration, and on Debian 12 it’s asking to something related to the SSH configuration of our servers provider. Anyway, think it twice and choose the wiser options.
Then, let’s install the good stuff.
apt-get -y install ntp cron htop tomcat10 tomcat10-admin
Then, just change the content of the Tomcat users file:
vim /etc/tomcat10/tomcat-users.xml
And append this content:
<role rolename="admin-gui"/> <role rolename="manager-gui"/> <role rolename="manager-script"/> <user username="YOURUSER" password="YOURPASSWORD" roles="admin-gui,manager-gui,manager-script"/>
Restart Tomcat… et voilá!
service tomcat10 restart
Nice! Our environment is ready for production. But… just until the disk becomes full of logs. So, let’s clean the Tomcat logs daily. As we installed cron previously, we can create a script under /etc/cron.daily to remove those huge log files.
vim /etc/cron.daily/fewlaps-disk-cleaner #!/bin/sh rm -rf /var/log/tomcat10/*
Note that the last * mark is important. If we delete the whole directory instead of the contained files, Tomcat will not start anymore. That’s not exactly production-ready. Finally, give execution permissions to that script.
chmod +x /etc/cron.daily/fewlaps-disk-cleaner
Nice! Now, in case you want to monitor this brand new Tomcat via JMX, you’ll need to enable JMX. Internet is full of answers, but this one will be specific for Tomcat 10 on Debian 12. Everyone will have Tomcat installed in the same place, so let’s make something copypasteable. The thing is to create a new file setenv.sh with a new line that sets CATALINA_OPTS, and two files to authenticate a user to monitor the instance and another one to control it.
vim /usr/share/tomcat10/bin/setenv.sh
CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=8042 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=true -Dcom.sun.management.jmxremote.access.file=/usr/share/tomcat10/jmxremote.access -Dcom.sun.management.jmxremote.password.file=/usr/share/tomcat10/jmxremote.password"
vim /usr/share/tomcat10/jmxremote.access
readonlyusername   readonly
controlusername    readwrite \
              create javax.management.monitor.*,javax.management.timer.* \
              unregister
vim /usr/share/tomcat10/jmxremote.password
readonlyusername  READONLYPASSWORD
controlusername   WRITEPASSWORD
chown tomcat10:tomcat10 /usr/share/tomcat10/jmxremote.*
chmod 400 /usr/share/tomcat10/jmxremote.*
And that’s all! I will update this post if I detect something to improve. Guys behind Debian 12: THANKS! You made my life easier.