33.9 C
Guru Unix /Linux and GNU supporter

Install Tomcat 9 in FreeBSD12

Apache tomcat

Apache tomcat is an open-source implementation of the Java Servlet, JavaServer Pages, Java Expression Language and WebSocket technologies.Tomcat provides a “pure Java” HTTP web server environment in which Java code can run.

- Advertisement -

Tomcat is developed and maintained by an open community of developers under the auspices of the Apache Software Foundation, released under the Apache License 2.0 license.

Lets  Start

Update repositories

root@osradar:~ # pkg update -f Updating FreeBSD repository catalogue... Fetching meta.txz: 100% 944 B 0.9kB/s 00:01 Fetching packagesite.txz: 100% 6 MiB 2.2MB/s 00:03 Processing entries: 100% FreeBSD repository update completed. 31773 packages processed. All repositories are up to date. root@osradar:~ #

Lets install Apache Tomcat 9

oot@osradar:~ # pkg install tomcat9
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
The following 29 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
        tomcat9: 9.0.29
        libXtst: 1.2.3_2
        libXi: 1.7.10,1
        libXfixes: 5.0.3_2
        libX11: 1.6.9,1
        libxcb: 1.13.1
        libXdmcp: 1.1.3
        xorgproto: 2019.2
        libXau: 1.0.9
        libxml2: 2.9.10
        libpthread-stubs: 0.4
        libXext: 1.3.4,1
        libXrender: 0.9.10_2
        libXt: 1.2.0,1
        libSM: 1.2.3,1
        libICE: 1.0.10,1
        fontconfig: 2.12.6,1
        expat: 2.2.8
        freetype2: 2.10.1
        dejavu: 2.37_1
        mkfontscale: 1.2.1
        libfontenc: 1.1.4
        javavmwrapper: 2.7.4
        java-zoneinfo: 2019.b
        giflib: 5.2.1
        libinotify: 20180201_1
        alsa-lib: 1.1.2_2
        apache-commons-daemon: 1.2.2

Number of packages to be installed: 29

The process will require 248 MiB more space.
99 MiB to be downloaded.

Proceed with this action? [y/N]:


You might want to consider increasing the kern.maxfiles tunable if you plan
to use this library for applications that need to monitor activity of a lot of files.

Message from openjdk8-

This OpenJDK implementation requires fdescfs(5) mounted on /dev/fd and
procfs(5) mounted on /proc.

If you have not done it yet, please do the following:

    mount -t fdescfs fdesc /dev/fd
    mount -t procfs proc /proc

To make it permanent, you need the following lines in /etc/fstab:

    fdesc   /dev/fd         fdescfs         rw      0       0
    proc    /proc           procfs          rw      0       0

Before starting Tomcat lets manage the users to login with , manager the paswords and roles

vi /usr/local/apache-tomcat-9.0/conf/tomcat-users.xml

Lets Enable and start Tomcat

To enable tomcat9 to be started automcaticaly everytime server is rebootef

service tomcat9 enable

Lets start Tomcat

How to start Tomcat on freeBSd ?

The easy way

service tomcat9 start


root@osradar:~ # cd  /usr/local/apache-tomcat-9.0/bin/
root@osradar:/usr/local/apache-tomcat-9.0/bin # ./startup.sh
Using CATALINA_BASE:   /usr/local/apache-tomcat-9.0
Using CATALINA_HOME:   /usr/local/apache-tomcat-9.0
Using CATALINA_TMPDIR: /usr/local/apache-tomcat-9.0/temp
Using JRE_HOME:        /usr/local
Using CLASSPATH:       /usr/local/apache-tomcat-9.0/bin/bootstrap.jar:/usr/local/apache-tomcat-9.0/bin/tomcat-juli.jar
Tomcat started.
root@osradar:/usr/local/apache-tomcat-9.0/bin # service tomcat9  status
tomcat9 is not running.

You use other commands like

Stop tomcat

service tomcat9 stop

Restart Tomcat

service tomcat9 restart

Apache tomcat is running per default on port 8080

: Enable Remote Login to Tomcat Manager and Host Manager

For security reasons, access to the Tomcat Manager and Host Manager apps is locked down to the localhost (the server where it is deployed), by default.

However, you can enable remote access from a specific IP address or any host or network to Tomcat Manager and Host Manager apps as explained below.

For the Tomcat Manager app, type:

$ sudo nano /usr/local/apache-tomcat-9.0/webapps/manager/META-INF/context.xml

For the Host Manager app, type:

$ sudo nano /usr/local/apache-tomcat-9.0/webapps/host-manager/META-INF/context.xml

Inside, comment out the IP address restriction to allow access from any network.

<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->

Enable remote access from your own IP address or from a network (192.1681.0/24 by adding the IP address to the list.


Allow Tomcat consoles from everywhere


Save the files, and restart the Tomcat service to keep our changes into effect.

$ sudo service tomcat9 restart 

How to change Tomcat Port

To change TOmcat ports please edit the file /usr/local/apache-tomcat-9.0/conf/server.xml

vi /usr/local/apache-tomcat-9.0/conf/server.xml

 <Connector port="8080" protocol="HTTP/1.1"
               redirectPort="8443" />

How to Install an SSL/TLS Certificate In Tomcat.

Execute command to create a keystore

root@osradar:~ # keytool -genkey -alias osradar -keyalg RSA -keysize 2048 -keystore osradar.jks
Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:  osradar.com
What is the name of your organizational unit?
  [Unknown]:  osradar
What is the name of your organization?
  [Unknown]:  Osradar
What is the name of your City or Locality?
  [Unknown]:  Amsterdam
What is the name of your State or Province?
  [Unknown]:  Amsterdam
What is the two-letter country code for this unit?
  [Unknown]:  NL
Is CN=osradar.com, OU=osradar, O=Osradar, L=Amsterdam, ST=Amsterdam, C=NL correct?
  [no]:  yes

Enter key password for <osradar>
        (RETURN if same as keystore password):

The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore osradar.jks -destkeystore osradar.jks -deststoretype pkcs12".

Next would be to generate a new CSR with the newly created keystore

root@osradar:~ # keytool -certreq -alias osradar -keyalg RSA -file osradar.csr -keystore osradar.jks
Enter keystore password:
The JKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore osradar.jks -destkeystore osradar.jks -deststoretype pkcs12".

root@osradar:~ # ls -altr
total 36
-rw-r--r--   2 root  wheel   470 Nov  1 05:27 .profile
-rw-r--r--   1 root  wheel   392 Nov  1 05:27 .login
-rw-r--r--   2 root  wheel   951 Nov  1 05:27 .cshrc
-rw-r--r--   1 root  wheel   149 Nov  1 05:32 .k5login
drwxr-xr-x  19 root  wheel  1024 Jan 28 22:16 ..
-rw-------   1 root  wheel   259 Jan 29 00:03 .history
-rw-r--r--   1 root  wheel  2249 Jan 29 05:38 osradar.jks
-rw-r--r--   1 root  wheel  1101 Jan 29 05:40 osradar.csr
drwxr-xr-x   2 root  wheel   512 Jan 29 05:40 .
root@osradar:~ #

Ones the CSR created you need to send it to the certificate authority to get it signed.

Once you’ve downloaded both your own Certificate and the Root certificate provided by your CA, import them into your keystore with the following commands, replacing the [placeholders]:

To import the Root Certificate –

keytool -import -alias root -keystore [path/to/your/keystore] -trustcacerts -file [path/to/the/root_certificate]

To import your new Certificate –

keytool -import -alias [youralias] -keystore [path/to/your/keystore] -file [path/to/intermidiate_cert]

After the successful import you need to edit Tomcat configuration file (server.xml). As a rule, it is called server.xml and usually can be found in Home_Directory/conf/ folder.

By default it should look something like this:

<Connector port=”443″ protocol=”HTTP/1.1″
scheme=”https” secure=”true” clientAuth=”false”
sslProtocol=”TLS” keystoreFile=”/your_path/yourkeystore.jks”

Restart Tomcat Apache and Enjoy

Please Lets us know if u have any comments or corrections to add to this Articles

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article