Java applications are very popular; in order to run them on VDS servers, you need to install it. Java installation should be done on a bare server without control panels.
As a virtual server configuration, we recommend using VDS with KVM, starting from 2 CPU cores and 2 GB RAM.
1. Install the latest version
apt update
apt install default-jdk
2. Check the Java version
java -version
3. Install the Apache Tomcat web server
apt install tomcat10 tomcat10-admin tomcat10-docs tomcat10-examples
3.1 Starting the tomcat service
systemctl enable tomcat10
systemctl start tomcat10
3.2 Let's check the work
By default, tomcat is configured to work on port 8080, open the link in the browser.
http://ip-or-domain:8080/
4. If necessary, configure users and assign roles
nano /etc/tomcat10/tomcat-users.xml
< tomcat-users xmlns="http://tomcat.apache.org/xml"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
version="1.0">
< !--
Built-in Tomcat manager roles:
- manager-gui - allows access to the HTML GUI and the status pages
- manager-script - allows access to the HTTP API and the status pages
- manager-jmx - allows access to the JMX proxy and the status pages
- manager-status - allows access to the status pages only
-->
...
< user username="admin" password="< must-be-changed>" roles="manager-gui"/>
...
< /tomcat-users>
4.1 Changing port
If necessary, specify the required port in the settings file
nano /etc/tomcat10/server.xml
< Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />
4.2 Setting up a certificate and enabling SSL
Uncomment the option in the settings file and edit the path to your certificate
nano /etc/tomcat10/server.xml
< Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
< UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
< SSLHostConfig>
< Certificate certificateKeystoreFile="domain-cert.jks"
type="RSA" />
< /SSLHostConfig>
< /Connector>
4.2.1 Merging the certificate file and the key file
After you have purchased or generated a certificate yourself, you have 2 files, a key file and a certificate file with a chain, we now need to combine them into 1:
openssl pkcs12 -export -out /tmp/cert_and_key.p12 -in cert.pem -inkey key.pem -name tomcat
keytool -importkeystore -deststorepass 'P@ssw0rd' -destkeypass 'P@ssw0rd' -destkeystore /tmp/domain-cert.jks -srckeystore /tmp/cert_and_key.p12 -srcstoretype PKCS12 -srcstorepass 'P@ssw0rd_for_key' -alias tomcat
4.2.2 Copy the finished file
mv /tmp/domain.jks /etc/tomcat10/domain-cert.jks
Please note that if you specified a password, add this line
nano /etc/tomcat10/server.xml
...
certificateKeystoreFile="domain-cert.jks"
certificateKeystorePassword="P@ssw0rd"
type="RSA" />
4.3 Apply the settings
systemctl restart tomcat10
The server is ready to work with Java applications.