Image

Knowledge base → Installing the latest Java and Tomcat 10 on Debian 12

[Virtual servers]
Date of publication: 12.10.2023

Java applications are very popular; in order to run them on VDS servers, you need to install it. Java installation should be done on a bare server without control panels.

As a virtual server configuration, we recommend using VDS with KVM, starting from 2 CPU cores and 2 GB RAM.

1. Install the latest version

apt update
apt install default-jdk

2. Check the Java version

java -version

openjdk version "17.0.8" 2023-07-18
OpenJDK Runtime Environment (build 17.0.8+7-Debian-1deb12u1)
OpenJDK 64-Bit Server VM (build 17.0.8+7-Debian-1deb12u1, mixed mode, sharing)

3. Install the Apache Tomcat web server

apt install tomcat10 tomcat10-admin tomcat10-docs tomcat10-examples

3.1 Starting the tomcat service

systemctl enable tomcat10
systemctl start tomcat10

3.2 Let's check the work

By default, tomcat is configured to work on port 8080, open the link in the browser.

http://ip-or-domain:8080/

It works !
...
Users are defined in /etc/tomcat10/tomcat-users.xml.

4. If necessary, configure users and assign roles

nano /etc/tomcat10/tomcat-users.xml

< tomcat-users xmlns="http://tomcat.apache.org/xml"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
               version="1.0">
              
< !--
Built-in Tomcat manager roles:
     - manager-gui - allows access to the HTML GUI and the status pages
     - manager-script - allows access to the HTTP API and the status pages
     - manager-jmx - allows access to the JMX proxy and the status pages
     - manager-status - allows access to the status pages only
-->
...
< user username="admin" password="< must-be-changed>" roles="manager-gui"/>
...
< /tomcat-users>

4.1 Changing port

If necessary, specify the required port in the settings file

nano /etc/tomcat10/server.xml

< Connector port="8080" protocol="HTTP/1.1"
                connectionTimeout="20000"
                redirectPort="8443" />

4.2 Setting up a certificate and enabling SSL

Uncomment the option in the settings file and edit the path to your certificate

nano /etc/tomcat10/server.xml

< Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
                maxThreads="150" SSLEnabled="true">
         < UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
         < SSLHostConfig>
             < Certificate certificateKeystoreFile="domain-cert.jks"
                          type="RSA" />
         < /SSLHostConfig>
     < /Connector>

4.2.1 Merging the certificate file and the key file

After you have purchased or generated a certificate yourself, you have 2 files, a key file and a certificate file with a chain, we now need to combine them into 1:

openssl pkcs12 -export -out /tmp/cert_and_key.p12 -in cert.pem -inkey key.pem -name tomcat

keytool -importkeystore -deststorepass 'P@ssw0rd' -destkeypass 'P@ssw0rd' -destkeystore /tmp/domain-cert.jks -srckeystore /tmp/cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass 'P@ssw0rd_for_key' -alias tomcat

4.2.2 Copy the finished file

mv /tmp/domain.jks /etc/tomcat10/domain-cert.jks

Please note that if you specified a password, add this line

nano /etc/tomcat10/server.xml

...
certificateKeystoreFile="domain-cert.jks"
certificateKeystorePassword="P@ssw0rd"
                          type="RSA" />

4.3 Apply the settings

systemctl restart tomcat10

The server is ready to work with Java applications.





No Comments Yet