===== Install and Configure Tomcat 9.0.19 =====
https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-10-on-ubuntu-20-04
Create tomcat user:
sudo useradd -m -d /opt/tomcat -U -s /bin/false tomcat
Install JDK (Ubuntu)
sudo apt install default-jdk -y
Install JDK (CentOS/RHEL)
sudo dnf install java-latest-openjdk-headless
Download Tomcat (9.0.76)
wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.76/bin/apache-tomcat-9.0.76.tar.gz
Decompress
sudo tar xzvf apache-tomcat-*tar.gz -C /opt/tomcat --strip-components=1
Give tomcat user ownership
sudo chown -R tomcat:tomcat /opt/tomcat/ && sudo chmod -R u+x /opt/tomcat/bin
===== Install and configure authbind =====
=== Ubuntu ===
sudo apt install authbind -y
=== CentOS/RHEL ===
Get authbind from here: https://aaronsilber.me/2016/04/24/install-authbind-on-centos-7-x86_64-download-the-rpm/
sudo rpm -Uvh https://s3.amazonaws.com/aaronsilber/public/authbind-2.1.1-0.1.x86_64.rpm
sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 0755 /etc/authbind/byport/80
sudo chmod 0755 /etc/authbind/byport/443
sudo chown tomcat:tomcat /etc/authbind/byport/80
sudo chown tomcat:tomcat /etc/authbind/byport/443
update startup.sh in /opt/tomcat/bin :
exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"
===== Using Lets Encrypt with Tomcat9 (single) =====
This is the manual way. I'm sure there's an automated way but I haven't bothered to do that yet.
===== Pull cert =====
sudo certbot certonly --manual --preferred-challenges dns -d tomcat.syninf.net
===== Put cert in keystore =====
openssl pkcs12 -export \
-in /etc/letsencrypt/live/tomcat.syninf.net/cert.pem \
-inkey /etc/letsencrypt/live/tomcat.syninf.net/privkey.pem \
-out /tmp/keystore.p12 \
-name tomcat.syninf.net \
-CAfile /etc/letsencrypt/live/tomcat.syninf.net/fullchain.pem \
-caname "Let's Encrypt Authority X3" \
-password pass:tomcat
===== Move keystore to tomcat box =====
Header is self explanatory, so here's server.xml
===== tomcat systemd service file =====
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
Environment="JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64"
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"
Environment="CATALINA_HOME=/opt/tomcat/"
Environment="CATALINA_BASE=/opt/tomcat/"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"
Environment="JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom"
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
User=root
Group=root
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target