Tomcat Docs

Table of Contents

• Overview
• How to install Tomcat
• Requirements
• Install Tomcat
• Uninstall Tomcat
• Configuration
• Default configuration
• Add Tomcat support for a user
• Configure crontab access
• In the interface
• On the command line
• Jailshell user considerations
• Running Tomcat
• Custom configurations
• Proxy an app with Apache JServ Protocol (AJP)
• LiteSpeed Web Server
• Differences between Tomcat in EasyApache 3 and EasyApache 4

While installing or upgrading to Smart IT 20.02 and onward versions, you must specify your Tomcat server details in the User Inputs Specify Installed/Existing Tomcat folder section. To provide communication security among applications, configure SSL for the Apache Tomcat server. Apr 02, 2021 This document only applies to Tomcat in cPanel & WHM version 76 and later. Apache Tomcat® allows you to serve Java-based applications. EasyApache 4 provides the option to install Tomcat 8.5. For more information about the Apache Tomcat open-source project, visit the Apache Tomcat website. And restart Tomcat. This should allow Tomcat to add all the security headers to the responses it sends back to client requests. Note: For more granular control, edit the specific attributes in the web.xml file. Refer to the Tomcat official documentation for more information. HttpOnly and secure flag- Raise the bar against XSS!

Table of Contents

Jun 29, 2018 This is the top-level entry point of the documentation bundle for the Apache Tomcat Servlet/JSP container. Apache Tomcat version 8.0 implements the Servlet 3.1 and JavaServer Pages 2.3 specifications from the Java Community Process, and includes many additional features that make it a useful platform for developing and deploying web applications and web services. Apr 02, 2021 Tomcat runs as the individual user, rather than as the tomcat user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements. For more information, read our Tomcat Private Instances documentation.

• Overview
• How to install Tomcat
• Requirements
• Install Tomcat
• Uninstall Tomcat
• Configuration
• Default configuration
• Add Tomcat support for a user
• Configure crontab access
• In the interface
• On the command line
• Jailshell user considerations
• Running Tomcat
• Custom configurations
• Proxy an app with Apache JServ Protocol (AJP)
• LiteSpeed Web Server
• Differences between Tomcat in EasyApache 3 and EasyApache 4

Last modified: April 2, 2021

Overview

This document only applies to Tomcat in cPanel & WHM version 76 and later.

Apache Tomcat® allows you to serve Java-based applications. EasyApache 4 provides the option to install Tomcat 8.5.

For more information about the Apache Tomcat open-source project, visit the Apache Tomcat website.

• We strongly recommend that only experienced Tomcat administrators install Tomcat.
• Tomcat can present security issues on systems with multiple users. We strongly recommend that you understand the risks of this feature before you use it. For more information, read Tomcat’s Security Considerations documentation.

How to install Tomcat

Requirements

Tomcat requires root-level access to install.

cPanel & WHM does not support Tomcat on servers that run CentOS 8 or AlmaLinux 8.

Install Tomcat

Tomcat Docs

In the interface

To install Tomcat, use WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4). Tomcat appears in the Additional Packages section.

On the command line

To install Tomcat, run the following command on the command line as the root user:

Uninstall Tomcat

In the interface

To uninstall Tomcat, use WHM’s EasyApache 4 interface (WHM >> Home >> Software >> EasyApache 4). Tomcat appears in the Additional Packages section.

On the command line

To uninstall Tomcat, run the following command on the command line as the root user:

Configuration

Tomcat Sslenabledprotocols

In EasyApache 4, Tomcat runs as a per-user private instance. This increases security and allows the user to manage their own Tomcat services, but increases memory load on the server. We strongly recommend that you consider your server’s configuration carefully before you enable Tomcat for many users. For more information, read our Tomcat Private Instances documentation.

Tomcat 8.5 places its configuration files in the following location, where user represents the name of the user for which you installed Tomcat:

Default configuration

EasyApache 4 makes the following configuration changes to the default Tomcat 8.5 behavior in the ~/ea-tomcat85/conf/server.xml file:

• Disable the shutdown port by default.
• Set the xpoweredBy attribute of all Connectors to a false value.
• Remove the redirectPort attribute.
• Add the ErrorReportValue class to all Hosts with the showServerInfo value set to a false value.
• Set the following Host attributes to a false value:
  • autoDeploy
  • deployOnStartup
  • deployXML

Add Tomcat support for a user

Configure crontab access

You must grant crontab access to Tomcat users. Otherwise, the user will not be able to use Tomcat.

• If the /etc/cron.allow file exists, the user must exist in the file.

• If the /etc/cron.deny file exists, you must ensure that the user does not exist in the file.

To determine whether a user has crontab access, perform the following steps:

1. Navigate to WHM’s List Accounts interface (WHM >> Home >> Account Information >> List Accounts).

2. Click the cPanel logo to log in to the account as the user.

3. Navigate to cPanel’s Terminal interface (cPanel >> Home >> Advanced >> Terminal).

4. Run the crontab -l command.

   • If you receive an error then you must grant crontab access to Tomcat users.

After you grant crontab access to the user, you will need to remove and re-add the user to Tomcat.

In the interface

To add Tomcat 8.5 support to a user, use WHM’s Tomcat Manager interface (WHM >> Home >> Software >> Tomcat Manager).

On the command line

To add Tomcat 8.5 support to a user, run the following command as the root user:

The /usr/local/cpanel/scripts/ea-tomcat85 script accepts the following arguments, where user represents the user you wish to change and command represents an argument for the script:

Jailshell user considerations

Jailshell users cannot see the status of their previously started Tomcat service. The default jailshell permissions only allow users to view their current session’s processes. If they attempt to restart an already active service with Ubic, the system will launch a duplicate process.

You can address this behavior with one of the following actions:

• Select Always mount a full /proc under the Jailed /proc mount method option of the System section of WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings). If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.

  • If you enable this functionality, a jailshelled user can see all running processes. This can allow the jailshell user to break out of their shell.

  • If you do not enable this setting, Ubic will stop the Tomcat service when you exit the shell.

• You can assign the user a normal shell.

• You can do nothing. We do not recommend this action, as it may cause confusion and the user may start duplicate processes.

Running Tomcat

Custom configurations

Tomcat Dockerfile

When you add a user with either WHM’s Tomcat Manager interface (WHM >> Home >> Software >> Tomcat Manager) or the /usr/local/cpanel/scripts/ea-tomcat85 script, the script creates an environment that the user can configure for their unique requirements.

Tomcat /docs/apr.html

When a you assign Tomcat access to a cPanel user, the script assigns two ports to the user. You can find these port assignments in the /etc/cpanel/cpuser_port_authority.json file and the user’s ~/ea-tomcat85/conf/server.xml file.

You must configure any custom behavior manually. To change how Tomcat interacts with Apache, edit or create the appropriate file in the /etc/apache2/conf.d/userdata/ directory. For more information, read our Advanced Apache Configuration and Modify Apache Virtual Hosts with Include Files documentation.

Proxy an app with Apache JServ Protocol (AJP)

Tomcat 8.5 can use AJP to serve applications in EasyApache 4. For more information, read our Tomcat Proxies documentation.

LiteSpeed Web Server

Versions of LiteSpeed earlier than 5.3.5 (build 6) are not compatible with the ProxyPassMatch directive. This causes LiteSpeed to not proxy from the assigned port to port 80. Update your LiteSpeed server to a newer, compatible version or use the Tomcat instance’s assigned port.

Differences between Tomcat in EasyApache 3 and EasyApache 4

EasyApache 3 handles Tomcat differently than EasyApache 4. EasyApache 4 provides Tomcat 8.5, rather than Tomcat 7.

Apache Tomcat 8

In EasyApache 3, Tomcat existed as a shared service and all applications ran as the tomcat user. The server created a container within a shared server.xml file.

In EasyApache 4, Tomcat runs as a per-user private instance and allows the user to configure their instance themselves. Tomcat runs as the individual user, rather than as the tomcat user. This increases security and places management of the Tomcat instance in the user’s control, but may affect your server’s performance due to the memory requirements.

• For more information, read our Tomcat Private Instances documentation.
• For more information about managing services in Tomcat, read our The cpuser_service_manager script and the Ubic subsystem documentation.
• EasyApache 4 provides the mod_proxy_ajp Apache module rather than the mod_jk connector.

Tomcat Documentary