
Apache Tomcat is an open-source Java servlet container. It runs servlets and JavaServer Pages (JSP) to generate dynamic web content. Developers get a lightweight option for hosting Java web applications without the bulk of a full Java EE application server. Whether it’s a single WAR file on a small VPS or a multi-application production stack, Tomcat handles it.
This guide walks through putting Tomcat into production. That means installing it on Linux, Windows, and Docker. Then tuning it properly. Deploying Java and WAR applications. Locking down security. And fixing the errors that actually show up in real environments.
What’s covered:
- Setup on Linux, Windows, and Docker
- Memory, threads, compression, and cache configuration
- Secure deployment of WAR files and Java applications
- Protection against common attack vectors
- Fixes for startup failures, memory issues, and deployment problems
What Is Apache Tomcat?
Apache Tomcat sits between a web server and a Java application. It handles requests that require code execution instead of just serving static files.
Core Function
Standard web servers deliver static content like images or HTML pages. Tomcat works differently. It processes Java servlets and JSP files to build dynamic responses in real time. It creates the runtime environment Java web applications need to receive requests, run application logic, and send back responses. That’s why people call it a Tomcat server or apache Tomcat server instead of a traditional web server.
Key Components
Tomcat’s architecture has three main pieces:
- Catalina: the servlet container that runs Java applications
- Coyote: the HTTP connector managing incoming web requests
- Jasper: the JSP engine that turns pages into servlets
When people talk about “Tomcat apache” as a platform, they’re talking about these three components working together.
Why Choose Tomcat?
As an open-source application server, Tomcat brings:
- Light resource usage that small servers can handle
- Security features built in for web applications
- An active community with solid documentation
- Easy integration with Apache HTTP Server or NGINX
Key Features of Apache Tomcat
Apache Tomcat includes the features that made it the go-to choice for Java application hosting. It works standalone or sits behind an Apache HTTP server. As Tomcat software goes, it stays deliberately focused instead of bloating into a full enterprise stack.
Core Capabilities
Servlet Processing: Tomcat, as a Java servlet container, manages multiple requests at once without breaking a sweat. That efficiency matters for production applications under load.
JSP Support: JavaServer Pages processing is built right in. Build dynamic content directly. Tomcat turns JSP files into servlets automatically, which speeds up runtime performance.
HTTP Connector: The Coyote connector handles incoming HTTP connections and delivers:
- Fast request processing
- Connection pooling
- Protocol upgrades
- SSL/TLS encryption
Development Features
Hot Deployment: Deploy WAR files without restarting the server. Applications stay up during updates.
Resource Management: Tomcat controls JVM (Java Virtual Machine) resources through:
- Connection pooling
- Memory allocation
- Thread optimization
- Session management
Enterprise-Ready
Business workloads get specific features:
- Clustering for horizontal scaling
- Security realms handling authentication
- Virtual hosting supporting multiple domains on one instance
- Logging and monitoring integration
Prerequisites for Installing Apache Tomcat
Before starting the Tomcat installation, check that the server has what it needs.
System Requirements
Hardware:
- 2GB RAM minimum for development
- 4GB RAM or more for production
- 1GB free disk space at least
- Single CPU core minimum, dual-core or better recommended
Operating System: Tomcat runs on any Java-compatible platform:
- Linux (best for servers)
- Windows Server
- macOS (mostly for local development)
Software Prerequisites
Java Environment: Tomcat needs a Java Development Kit (JDK) or Java Runtime Environment (JRE):
- JDK 8 or newer
- JAVA_HOME environment variable set correctly
- Java on the system PATH
Network Requirements: These ports need to be available:
- 8080 for HTTP
- 8443 for HTTPS
- 8005 for shutdown commands
- 8009 for AJP connections
Additional Tools: Having a text editor for config files, an archive tool for WAR files, and monitoring tools ready helps in production.
How to Install Apache Tomcat (Step-by-Step)
Four ways exist to install Tomcat: manual download on Linux, Linux package manager, Windows installer, or Docker container. Choose based on the environment.
Install Tomcat on Linux (Manual + Package Manager)
Manual installation:
1. Download and extract Tomcat
wget https://downloads.apache.org/tomcat/tomcat-9/v9.0.x/bin/apache-tomcat-9.0.x.tar.gz tar xzvf apache-tomcat-9.0.x.tar.gz sudo mv apache-tomcat-9.0.x /opt/tomcat2. Create a service user and fix permissions
sudo useradd -r -m -U -d /opt/tomcat -s /bin/false tomcat sudo chown -R tomcat: /opt/tomcat sudo chmod +x /opt/tomcat/bin/*.shPackage manager installation, for those who want to install Tomcat in Linux through distribution repositories:
For Ubuntu/Debian:
sudo apt update sudo apt install tomcat9 sudo apt install tomcat9-adminFor CentOS/RHEL:
sudo yum install tomcat sudo systemctl start tomcatManual installation gives exact control over Tomcat version and directory structure. Package managers are faster and handle updates through normal system cycles.
Install Tomcat on Windows
To install Apache Tomcat on Windows:
- Download the Windows Service Installer from Apache’s official site
- Run it as administrator
- Go through the setup wizard and set: installation directory, service name, port numbers, and initial memory
The Windows installer sets up Tomcat as a native Windows service. Start and stop it through the Services console like any other system service.
Install Tomcat with Docker
Running Tomcat in Docker keeps the host clean. Version upgrades become a simple image swap.
1. Install Docker if needed
sudo apt update sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker2. Pull and run the Tomcat image
docker pull tomcat:9.0 docker run -d --name tomcat -p 8080:8080 -v tomcat-data:/usr/local/tomcat/webapps tomcat:9.03. Verify it’s running
docker ps docker logs tomcat docker exec -it tomcat bashRun Tomcat as a systemd Service
On Linux, running Tomcat as a systemd service means automatic startup on boot. Manage it with standard service commands.
1. Create a systemd service file
sudo nano /etc/systemd/system/tomcat.service2. Add this configuration
[Unit] Description=Tomcat Servlet Container After=network.target [Service] Type=forking User=tomcat Environment="JAVA_HOME=/usr/lib/jvm/java-11-openjdk" Environment="CATALINA_HOME=/opt/tomcat" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.target3. Start and check the service with systemctl
sudo systemctl start tomcat sudo systemctl status tomcatOn Windows: net start tomcat9
Once running, verify Tomcat is accessible. Open http://your-server-ip:8080 in a browser. Check for the Tomcat welcome page. Test the Manager app at http://your-server-ip:8080/manager.
If nothing loads, check these common problems: port 8080 already taken (change it in server.xml), JAVA_HOME pointing to the wrong location, bad directory permissions on /opt/tomcat, or silent service failures. The logs in /var/log/tomcat or catalina.out show the real error.
How to Configure Apache Tomcat
Apache Tomcat configuration happens in three key places. server.xml controls connectors and threading. catalina.sh or setenv.sh controls JVM memory. context.xml controls per-application settings like caching and database resources. Getting these three files right separates a default install from a properly tuned production server.
Memory, Thread Pool, Compression & Cache
Set memory allocation in catalina.sh or setenv.sh:
export CATALINA_OPTS="$CATALINA_OPTS -Xms512m -Xmx1024m -XX:MaxPermSize=256m"What these control:
- Xms: starting heap memory
- Xmx: maximum heap memory
- MaxPermSize: space for Java classes
For most small to medium apps, 512MB starting with a 1GB ceiling works as a baseline.
Thread pool settings in server.xml determine how many simultaneous requests Tomcat handles:
<Connector port="8080" protocol="HTTP/1.1"
maxThreads="400"
minSpareThreads="25"
maxSpareThreads="75"
acceptCount="100"
connectionTimeout="20000"
enableLookups="false" />- maxThreads: maximum simultaneous connections
- minSpareThreads: idle threads ready for quick response
- acceptCount: queue size before rejecting new requests
- connectionTimeout: how long inactive connections stay open
Compression cuts down data sent over the wire. Biggest impact for users on slow connections:
<Connector port="8080" protocol="HTTP/1.1" compression="on" compressionMinSize="2048" compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript" />Caching stores frequently requested resources without hitting disk repeatedly:
<Context>
<Resources cachingAllowed="true" cacheMaxSize="100000" />
</Context>Memory, threads, compression, caching. These four settings are the backbone of Tomcat performance tuning.
How to Deploy Java Applications on Tomcat
Tomcat server configuration and deployment typically uses one of four approaches: dropping a WAR file into webapps, using the Manager application, deploying an unpacked directory, or letting auto-deployment handle it. For a standard Java Tomcat workflow, WAR file deployment is where most people start.
Understanding Tomcat Deployment Options
- WAR file deployment: drop a packaged app into the webapps directory
- Directory deployment: deploy an already-unpacked application
- Manager application: use a web control panel
- Auto-deployment: Tomcat watches for and unpacks new files automatically
WAR File Deployment
cp your-application.war /opt/tomcat/webapps/ tail -f /opt/tomcat/logs/catalina.outTomcat automatically unpacks and deploys WAR files placed in webapps.
Using the Manager Application
1. Set up manager access in tomcat-users.xml
<tomcat-users>
<role rolename="manager-gui"/>
<user username="admin" password="secure_password" roles="manager-gui"/>
</tomcat-users>2. Access the manager
Go to:
http://your-server:8080/manager/html3. Manage applications
Upload applications, start them, stop them, monitor them through the browser.
Directory Structure
Deployed applications use this layout:
/webapps/
└── your-application/
├── WEB-INF/
│ ├── web.xml
│ ├── classes/
│ └── lib/
└── resources/Hot Deployment Configuration
Hot deployment lets you update applications without taking the server offline. Set it in server.xml:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t &amp;quot;%r" %s %b" />
</Host>In production, unpackWARs=”true” makes Tomcat extract packages automatically. autoDeploy=”true” watches for new or updated applications and installs them. For mission-critical apps, turn autoDeploy off to keep deployment under strict manual control.
Common Deployment Issues
Check and fix file permissions:
ls -l /opt/tomcat/webapps/your-application chown -R tomcat:tomcat /opt/tomcat/webapps/your-applicationMissing libraries mean a dependency isn’t in WEB-INF/lib. Check memory directly:
ps aux | grep tomcatContext Configuration
context.xml holds application-specific settings like database connections:
<Context>
<!-- Database connection settings -->
<Environment name="dbUrl"
value="jdbc:mysql://localhost:3306/mydb"
type="java.lang.String" override="false"/>
</Context>Keeping settings in context.xml instead of application code means configuration updates without touching the codebase.
Securing Your Apache Tomcat Server
Security isn’t negotiable for servers running web applications. These steps cover the Tomcat security essentials.
Basic Security Measures
Remove default applications that ship with Tomcat. Each one is a potential entry point:
cd $CATALINA_HOME/webapps rm -rf docs examples manager host-manager ROOTAccess Control
Lock down the Manager interface with strong credentials in tomcat-users.xml:
<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="admin-gui"/>
<user username="admin"
password="your_strong_password_here"
roles="manager-gui,admin-gui"/>
</tomcat-users>Limit manager access to specific IPs in context.xml:
<Context antiResourceLocking="false">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.0\.0\.1|192\.168\.1\.*"/>
</Context>SSL/TLS Configuration
Enable HTTPS to encrypt traffic between clients and server:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<SSLHostConfig>
<Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
type="RSA" />
</SSLHostConfig>
</Connector>For obtaining and renewing certificates, see our Ultimate Guide to SSL and our Let’s Encrypt guide before configuring this connector.
Security Headers
Add security headers in web.xml to block common web vulnerabilities:
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
</filter>Troubleshooting Common Tomcat Issues
A systematic approach to Tomcat troubleshooting saves hours when things break. These sections cover the most frequent production issues.
Why won’t the Tomcat server start?
Check in this order:
sudo netstat -tulpn | grep LISTEN java -version tail -f /opt/tomcat/logs/catalina.outWhy does Tomcat stop unexpectedly?
Usually points to memory exhaustion:
ps aux | grep tomcat tail -f /opt/tomcat/logs/gc.logWhy is Tomcat responding slowly?
Slow responses typically trace back to high memory usage, too many concurrent connections, poorly optimized database queries, or an undersized thread pool. Look at these metrics:
top -u tomcat netstat -an | grep 8080 | wc -lWhy am I seeing application errors?
- 404 errors: verify the deployment path and context root
- 503 errors: resource exhaustion
- ClassNotFoundException: confirm the library exists in WEB-INF/lib
Apache Tomcat vs Other Java Application Servers
Knowing how Tomcat stacks up against JBoss/WildFly, GlassFish, and Jetty helps confirm it’s the right choice before going all-in.
| Feature | Tomcat | JBoss / WildFly | GlassFish | Jetty |
| Startup Time | Fast | Slower | Medium | Fast |
| Resource Usage | Light | Heavy | Medium to heavy | Light |
| Java EE Support | Servlet/JSP, partial Java EE | Full Java EE | Full Java EE (reference implementation) | Servlet/JSP, embeddable focus |
| Best For | Lightweight web apps, small to mid-size VPS deployments | Enterprise Java EE applications | Reference-platform and enterprise Java EE workloads | Embedded apps, microservices, IoT |
| Clustering | Available, manual setup | Built-in, advanced | Built-in | Limited, mostly manual |