{"id":20970,"date":"2024-11-14T13:19:11","date_gmt":"2024-11-14T12:19:11","guid":{"rendered":"https:\/\/contabo.com\/blog\/?p=20970"},"modified":"2026-06-30T21:20:51","modified_gmt":"2026-06-30T19:20:51","slug":"apache-tomcat-complete-guide-to-setup-and-configuration","status":"publish","type":"post","link":"https:\/\/contabo.com\/blog\/apache-tomcat-complete-guide-to-setup-and-configuration\/","title":{"rendered":"Apache Tomcat: Install, Configure &amp; Deploy (2026 Guide)"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN.jpg.webp\" alt=\"\"\/><\/figure>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p>Apache Tomcat is an open-source Java servlet container. It runs servlets and JavaServer Pages (JSP) to generate dynamic web content. Developers get a lightweight option for hosting Java web applications without the bulk of a full Java EE application server. Whether it&#8217;s a single WAR file on a small VPS or a multi-application production stack, Tomcat handles it.<\/p>\n\n\n\n<p>This guide walks through putting Tomcat into production. That means installing it on Linux, Windows, and Docker. Then tuning it properly. Deploying Java and WAR applications. Locking down security. And fixing the errors that actually show up in real environments.<\/p>\n\n\n\n<p><strong>What&#8217;s covered:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Setup on Linux, Windows, and Docker<\/li>\n\n\n\n<li>Memory, threads, compression, and cache configuration<\/li>\n\n\n\n<li>Secure deployment of WAR files and Java applications<\/li>\n\n\n\n<li>Protection against common attack vectors<\/li>\n\n\n\n<li>Fixes for startup failures, memory issues, and deployment problems<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-what-is-apache-tomcat\">What Is Apache Tomcat?<\/h2>\n\n\n\n<p>Apache Tomcat sits between a web server and a Java application. It handles requests that require code execution instead of just serving static files.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-core-function\">Core Function<\/h3>\n\n\n\n<p>Standard web servers deliver static content like images or HTML pages. Tomcat works differently. It processes Java servlets and JSP files to build dynamic responses in real time. It creates the runtime environment Java web applications need to receive requests, run application logic, and send back responses. That&#8217;s why people call it a Tomcat server or apache Tomcat server instead of a traditional web server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-key-components\">Key Components<\/h3>\n\n\n\n<p>Tomcat&#8217;s architecture has three main pieces:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Catalina: <\/strong>the servlet container that runs Java applications<\/li>\n\n\n\n<li><strong>Coyote: <\/strong>the HTTP connector managing incoming web requests<\/li>\n\n\n\n<li><strong>Jasper: <\/strong>the JSP engine that turns pages into servlets<\/li>\n<\/ul>\n\n\n\n<p>When people talk about \u201cTomcat apache\u201d as a platform, they&#8217;re talking about these three components working together.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-choose-tomcat\">Why Choose Tomcat?<\/h3>\n\n\n\n<p>As an open-source application server, Tomcat brings:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Light resource usage that small servers can handle<\/li>\n\n\n\n<li>Security features built in for web applications<\/li>\n\n\n\n<li>An active community with solid documentation<\/li>\n\n\n\n<li>Easy integration with Apache HTTP Server or NGINX<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-key-features-of-apache-tomcat\">Key Features of Apache Tomcat<\/h2>\n\n\n\n<p>Apache Tomcat includes the features that made it the go-to choice for Java application hosting. It works standalone or sits behind an Apache HTTP server. As Tomcat software goes, it stays deliberately focused instead of bloating into a full enterprise stack.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-core-capabilities\">Core Capabilities<\/h3>\n\n\n\n<p><strong>Servlet Processing: <\/strong>Tomcat, as a Java servlet container, manages multiple requests at once without breaking a sweat. That efficiency matters for production applications under load.<\/p>\n\n\n\n<p><strong>JSP Support: <\/strong>JavaServer Pages processing is built right in. Build dynamic content directly. Tomcat turns JSP files into servlets automatically, which speeds up runtime performance.<\/p>\n\n\n\n<p><strong>HTTP Connector: <\/strong>The Coyote connector handles incoming HTTP connections and delivers:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fast request processing<\/li>\n\n\n\n<li>Connection pooling<\/li>\n\n\n\n<li>Protocol upgrades<\/li>\n\n\n\n<li>SSL\/TLS encryption<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-development-features\">Development Features<\/h3>\n\n\n\n<p><strong>Hot Deployment: <\/strong>Deploy WAR files without restarting the server. Applications stay up during updates.<\/p>\n\n\n\n<p><strong>Resource Management: <\/strong>Tomcat controls JVM (Java Virtual Machine) resources through:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Connection pooling<\/li>\n\n\n\n<li>Memory allocation<\/li>\n\n\n\n<li>Thread optimization<\/li>\n\n\n\n<li>Session management<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-enterprise-ready\">Enterprise-Ready<\/h3>\n\n\n\n<p>Business workloads get specific features:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Clustering for horizontal scaling<\/li>\n\n\n\n<li>Security realms handling authentication<\/li>\n\n\n\n<li>Virtual hosting supporting multiple domains on one instance<\/li>\n\n\n\n<li>Logging and monitoring integration<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-prerequisites-for-installing-apache-tomcat\">Prerequisites for Installing Apache Tomcat<\/h2>\n\n\n\n<p>Before starting the Tomcat installation, check that the server has what it needs.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-system-requirements\">System Requirements<\/h3>\n\n\n\n<p><strong>Hardware:<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>2GB RAM minimum for development<\/li>\n\n\n\n<li>4GB RAM or more for production<\/li>\n\n\n\n<li>1GB free disk space at least<\/li>\n\n\n\n<li>Single CPU core minimum, dual-core or better recommended<\/li>\n<\/ul>\n\n\n\n<p><strong>Operating System: <\/strong>Tomcat runs on any Java-compatible platform:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Linux (best for servers)<\/li>\n\n\n\n<li>Windows Server<\/li>\n\n\n\n<li>macOS (mostly for local development)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-software-prerequisites\">Software Prerequisites<\/h3>\n\n\n\n<p><strong>Java Environment: <\/strong>Tomcat needs a Java Development Kit (JDK) or Java Runtime Environment (JRE):<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>JDK 8 or newer<\/li>\n\n\n\n<li>JAVA_HOME environment variable set correctly<\/li>\n\n\n\n<li>Java on the system PATH<\/li>\n<\/ul>\n\n\n\n<p><strong>Network Requirements: <\/strong>These ports need to be available:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>8080 for HTTP<\/li>\n\n\n\n<li>8443 for HTTPS<\/li>\n\n\n\n<li>8005 for shutdown commands<\/li>\n\n\n\n<li>8009 for AJP connections<\/li>\n<\/ul>\n\n\n\n<p><strong>Additional Tools: <\/strong>Having a text editor for config files, an archive tool for WAR files, and monitoring tools ready helps in production.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-install-apache-tomcat-step-by-step\">How to Install Apache Tomcat (Step-by-Step)<\/h2>\n\n\n\n<p>Four ways exist to install Tomcat: manual download on Linux, Linux package manager, Windows installer, or Docker container. Choose based on the environment.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-install-tomcat-on-linux-manual-package-manager\">Install Tomcat on Linux (Manual + Package Manager)<\/h3>\n\n\n\n<p><strong>Manual installation:<\/strong><\/p>\n\n\n\n<p><strong>1. Download and extract Tomcat<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>wget https:\/\/downloads.apache.org\/tomcat\/tomcat-9\/v9.0.x\/bin\/apache-tomcat-9.0.x.tar.gz tar xzvf apache-tomcat-9.0.x.tar.gz sudo mv apache-tomcat-9.0.x \/opt\/tomcat<\/code><\/pre>\n\n\n\n<p><strong>2. Create a service user and fix permissions<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo useradd -r -m -U -d \/opt\/tomcat -s \/bin\/false tomcat sudo chown -R tomcat: \/opt\/tomcat sudo chmod +x \/opt\/tomcat\/bin\/*.sh<\/code><\/pre>\n\n\n\n<p><strong>Package manager installation, <\/strong>for those who want to install Tomcat in Linux through distribution repositories:<\/p>\n\n\n\n<p><strong>For Ubuntu\/Debian:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update sudo apt install tomcat9 sudo apt install tomcat9-admin<\/code><\/pre>\n\n\n\n<p><strong>For CentOS\/RHEL:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo yum install tomcat sudo systemctl start tomcat<\/code><\/pre>\n\n\n\n<p>Manual installation gives exact control over Tomcat version and directory structure. Package managers are faster and handle updates through normal system cycles.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-install-tomcat-on-windows\">Install Tomcat on Windows<\/h3>\n\n\n\n<p>To install Apache Tomcat on Windows:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Download the Windows Service Installer from Apache&#8217;s official site<\/li>\n\n\n\n<li>Run it as administrator<\/li>\n\n\n\n<li>Go through the setup wizard and set: installation directory, service name, port numbers, and initial memory<\/li>\n<\/ul>\n\n\n\n<p>The Windows installer sets up Tomcat as a native Windows service. Start and stop it through the Services console like any other system service.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-install-tomcat-with-docker\">Install Tomcat with Docker<\/h3>\n\n\n\n<p>Running Tomcat in Docker keeps the host clean. Version upgrades become a simple image swap.<\/p>\n\n\n\n<p><strong>1. Install Docker if needed<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo apt update sudo apt install docker.io sudo systemctl start docker sudo systemctl enable docker<\/code><\/pre>\n\n\n\n<p><strong>2. Pull and run the Tomcat image<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker pull tomcat:9.0 &nbsp; docker run -d --name tomcat -p 8080:8080 -v tomcat-data:\/usr\/local\/tomcat\/webapps tomcat:9.0<\/code><\/pre>\n\n\n\n<p><strong>3. Verify it&#8217;s running<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>docker ps docker logs tomcat docker exec -it tomcat bash<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-run-tomcat-as-a-systemd-service\">Run Tomcat as a systemd Service<\/h3>\n\n\n\n<p>On Linux, running Tomcat as a systemd service means automatic startup on boot. Manage it with standard service commands.<\/p>\n\n\n\n<p><strong>1. Create a systemd service file<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/systemd\/system\/tomcat.service<\/code><\/pre>\n\n\n\n<p><strong>2. Add this configuration<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Unit] Description=Tomcat Servlet Container After=network.target &nbsp; &#91;Service] Type=forking User=tomcat Environment=\"JAVA_HOME=\/usr\/lib\/jvm\/java-11-openjdk\" Environment=\"CATALINA_HOME=\/opt\/tomcat\" ExecStart=\/opt\/tomcat\/bin\/startup.sh ExecStop=\/opt\/tomcat\/bin\/shutdown.sh &nbsp; &#91;Install] WantedBy=multi-user.target<\/code><\/pre>\n\n\n\n<p><strong>3. Start and check the service with systemctl<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start tomcat sudo systemctl status tomcat<\/code><\/pre>\n\n\n\n<p><strong>On Windows: <\/strong>net start tomcat9<\/p>\n\n\n\n<p>Once running, verify Tomcat is accessible. Open http:\/\/your-server-ip:8080 in a browser. Check for the Tomcat welcome page. Test the Manager app at http:\/\/your-server-ip:8080\/manager.<\/p>\n\n\n\n<p>If nothing loads, check these common problems: port 8080 already taken (change it in server.xml), JAVA_HOME pointing to the wrong location, bad directory permissions on \/opt\/tomcat, or silent service failures. The logs in \/var\/log\/tomcat or catalina.out show the real error.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-configure-apache-tomcat\">How to Configure Apache Tomcat<\/h2>\n\n\n\n<p>Apache Tomcat configuration happens in three key places. server.xml controls connectors and threading. catalina.sh or setenv.sh controls JVM memory. context.xml controls per-application settings like caching and database resources. Getting these three files right separates a default install from a properly tuned production server.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-memory-thread-pool-compression-amp-cache\">Memory, Thread Pool, Compression &amp; Cache<\/h3>\n\n\n\n<p>Set memory allocation in catalina.sh or setenv.sh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>export CATALINA_OPTS=\"$CATALINA_OPTS -Xms512m -Xmx1024m -XX:MaxPermSize=256m\"<\/code><\/pre>\n\n\n\n<p>What these control:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Xms: <\/strong>starting heap memory<\/li>\n\n\n\n<li><strong>Xmx: <\/strong>maximum heap memory<\/li>\n\n\n\n<li><strong>MaxPermSize: <\/strong>space for Java classes<\/li>\n<\/ul>\n\n\n\n<p>For most small to medium apps, 512MB starting with a 1GB ceiling works as a baseline.<\/p>\n\n\n\n<p>Thread pool settings in server.xml determine how many simultaneous requests Tomcat handles:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Connector port=\"8080\" protocol=\"HTTP\/1.1\"\n           maxThreads=\"400\"\n           minSpareThreads=\"25\"\n           maxSpareThreads=\"75\"\n           acceptCount=\"100\"\n           connectionTimeout=\"20000\"\n           enableLookups=\"false\" \/&gt;<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>maxThreads: <\/strong>maximum simultaneous connections<\/li>\n\n\n\n<li><strong>minSpareThreads: <\/strong>idle threads ready for quick response<\/li>\n\n\n\n<li><strong>acceptCount: <\/strong>queue size before rejecting new requests<\/li>\n\n\n\n<li><strong>connectionTimeout: <\/strong>how long inactive connections stay open<\/li>\n<\/ul>\n\n\n\n<p>Compression cuts down data sent over the wire. Biggest impact for users on slow connections:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code><code>&lt;Connector port=\"8080\" protocol=\"HTTP\/1.1\" compression=\"on\" compressionMinSize=\"2048\" compressableMimeType=\"text\/html,text\/xml,text\/plain,text\/css,text\/javascript\" \/&gt;<\/code><\/code><\/pre>\n\n\n\n<p>Caching stores frequently requested resources without hitting disk repeatedly:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Context&gt;\n    &lt;Resources cachingAllowed=\"true\" cacheMaxSize=\"100000\" \/&gt;\n&lt;\/Context&gt;<\/code><\/pre>\n\n\n\n<p>Memory, threads, compression, caching. These four settings are the backbone of Tomcat performance tuning.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-how-to-deploy-java-applications-on-tomcat\">How to Deploy Java Applications on Tomcat<\/h2>\n\n\n\n<p>Tomcat server configuration and deployment typically uses one of four approaches: dropping a WAR file into webapps, using the Manager application, deploying an unpacked directory, or letting auto-deployment handle it. For a standard Java Tomcat workflow, WAR file deployment is where most people start.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-understanding-tomcat-deployment-options\">Understanding Tomcat Deployment Options<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>WAR file deployment: <\/strong>drop a packaged app into the webapps directory<\/li>\n\n\n\n<li><strong>Directory deployment: <\/strong>deploy an already-unpacked application<\/li>\n\n\n\n<li><strong>Manager application: <\/strong>use a web control panel<\/li>\n\n\n\n<li><strong>Auto-deployment: <\/strong>Tomcat watches for and unpacks new files automatically<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-war-file-deployment\">WAR File Deployment<\/h3>\n\n\n\n<pre class=\"wp-block-code\"><code>cp your-application.war \/opt\/tomcat\/webapps\/ tail -f \/opt\/tomcat\/logs\/catalina.out<\/code><\/pre>\n\n\n\n<p>Tomcat automatically unpacks and deploys WAR files placed in webapps.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-using-the-manager-application\">Using the Manager Application<\/h3>\n\n\n\n<p><strong>1. Set up manager access in tomcat-users.xml<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;tomcat-users&gt;\n    &lt;role rolename=\"manager-gui\"\/&gt;\n    &lt;user username=\"admin\" password=\"secure_password\" roles=\"manager-gui\"\/&gt;\n&lt;\/tomcat-users&gt;<\/code><\/pre>\n\n\n\n<p><strong>2. Access the manager<\/strong><\/p>\n\n\n\n<p>Go to:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>http:&#47;&#47;your-server:8080\/manager\/html<\/code><\/pre>\n\n\n\n<p><strong>3. Manage applications<\/strong><\/p>\n\n\n\n<p>Upload applications, start them, stop them, monitor them through the browser.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-directory-structure\">Directory Structure<\/h3>\n\n\n\n<p>Deployed applications use this layout:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>\/webapps\/\n    \u2514\u2500\u2500 your-application\/\n        \u251c\u2500\u2500 WEB-INF\/\n        \u2502   \u251c\u2500\u2500 web.xml\n        \u2502   \u251c\u2500\u2500 classes\/\n        \u2502   \u2514\u2500\u2500 lib\/\n        \u2514\u2500\u2500 resources\/<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-hot-deployment-configuration\">Hot Deployment Configuration<\/h3>\n\n\n\n<p>Hot deployment lets you update applications without taking the server offline. Set it in server.xml:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Host name=\"localhost\" appBase=\"webapps\"\n      unpackWARs=\"true\" autoDeploy=\"true\"&gt;\n    &lt;Valve className=\"org.apache.catalina.valves.AccessLogValve\" \n           directory=\"logs\"\n           prefix=\"localhost_access_log\" suffix=\".txt\"\n           pattern=\"%h %l %u %t &amp;amp;quot;%r&amp;quot; %s %b\" \/&gt;\n&lt;\/Host&gt;<\/code><\/pre>\n\n\n\n<p>In production, unpackWARs=&#8221;true&#8221; makes Tomcat extract packages automatically. autoDeploy=&#8221;true&#8221; watches for new or updated applications and installs them. For mission-critical apps, turn autoDeploy off to keep deployment under strict manual control.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-common-deployment-issues\">Common Deployment Issues<\/h3>\n\n\n\n<p>Check and fix file permissions:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ls -l \/opt\/tomcat\/webapps\/your-application chown -R tomcat:tomcat \/opt\/tomcat\/webapps\/your-application<\/code><\/pre>\n\n\n\n<p>Missing libraries mean a dependency isn&#8217;t in WEB-INF\/lib. Check memory directly:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ps aux | grep tomcat<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-context-configuration\">Context Configuration<\/h3>\n\n\n\n<p>context.xml holds application-specific settings like database connections:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Context&gt;\n    &lt;!-- Database connection settings --&gt;\n    &lt;Environment name=\"dbUrl\" \n                 value=\"jdbc:mysql:\/\/localhost:3306\/mydb\"\n                 type=\"java.lang.String\" override=\"false\"\/&gt;\n&lt;\/Context&gt;<\/code><\/pre>\n\n\n\n<p>Keeping settings in context.xml instead of application code means configuration updates without touching the codebase.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-securing-your-apache-tomcat-server\">Securing Your Apache Tomcat Server<\/h2>\n\n\n\n<p>Security isn&#8217;t negotiable for servers running web applications. These steps cover the Tomcat security essentials.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-basic-security-measures\">Basic Security Measures<\/h3>\n\n\n\n<p>Remove default applications that ship with Tomcat. Each one is a potential entry point:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>cd $CATALINA_HOME\/webapps rm -rf docs examples manager host-manager ROOT<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-access-control\">Access Control<\/h3>\n\n\n\n<p>Lock down the Manager interface with strong credentials in tomcat-users.xml:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;tomcat-users&gt;\n    &lt;role rolename=\"manager-gui\"\/&gt;\n    &lt;role rolename=\"admin-gui\"\/&gt;\n    &lt;user username=\"admin\" \n          password=\"your_strong_password_here\" \n          roles=\"manager-gui,admin-gui\"\/&gt;\n&lt;\/tomcat-users&gt;<\/code><\/pre>\n\n\n\n<p>Limit manager access to specific IPs in context.xml:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Context antiResourceLocking=\"false\"&gt;\n    &lt;Valve className=\"org.apache.catalina.valves.RemoteAddrValve\"\n           allow=\"127\\.0\\.0\\.1|192\\.168\\.1\\.*\"\/&gt;\n&lt;\/Context&gt;<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-ssl-tls-configuration\">SSL\/TLS Configuration<\/h3>\n\n\n\n<p>Enable HTTPS to encrypt traffic between clients and server:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Connector port=\"8443\" protocol=\"org.apache.coyote.http11.Http11NioProtocol\"\n           maxThreads=\"150\" SSLEnabled=\"true\"&gt;\n    &lt;SSLHostConfig&gt;\n        &lt;Certificate certificateKeystoreFile=\"conf\/localhost-rsa.jks\"\n                     type=\"RSA\" \/&gt;\n    &lt;\/SSLHostConfig&gt;\n&lt;\/Connector&gt;<\/code><\/pre>\n\n\n\n<p><em>For obtaining and renewing certificates, see our Ultimate <a href=\"https:\/\/contabo.com\/blog\/wiki\/ssl\/\">Guide to SSL and our Let&#8217;s Encrypt<\/a> guide before configuring this connector.<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-security-headers\">Security Headers<\/h3>\n\n\n\n<p>Add security headers in web.xml to block common web vulnerabilities:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;filter&gt;\n    &lt;filter-name&gt;httpHeaderSecurity&lt;\/filter-name&gt;\n    &lt;filter-class&gt;org.apache.catalina.filters.HttpHeaderSecurityFilter&lt;\/filter-class&gt;\n&lt;\/filter&gt;<\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-troubleshooting-common-tomcat-issues\">Troubleshooting Common Tomcat Issues<\/h2>\n\n\n\n<p>A systematic approach to Tomcat troubleshooting saves hours when things break. These sections cover the most frequent production issues.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-won-t-the-tomcat-server-start\">Why won&#8217;t the Tomcat server start?<\/h3>\n\n\n\n<p>Check in this order:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo netstat -tulpn | grep LISTEN java -version tail -f \/opt\/tomcat\/logs\/catalina.out<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-does-tomcat-stop-unexpectedly\">Why does Tomcat stop unexpectedly?<\/h3>\n\n\n\n<p>Usually points to memory exhaustion:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>ps aux | grep tomcat tail -f \/opt\/tomcat\/logs\/gc.log<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-is-tomcat-responding-slowly\">Why is Tomcat responding slowly?<\/h3>\n\n\n\n<p>Slow responses typically trace back to high memory usage, too many concurrent connections, poorly optimized database queries, or an undersized thread pool. Look at these metrics:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>top -u tomcat netstat -an | grep 8080 | wc -l<\/code><\/pre>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"h-why-am-i-seeing-application-errors\">Why am I seeing application errors?<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>404 errors: <\/strong>verify the deployment path and context root<\/li>\n\n\n\n<li><strong>503 errors: <\/strong>resource exhaustion<\/li>\n\n\n\n<li>ClassNotFoundException: confirm the library exists in WEB-INF\/lib<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-apache-tomcat-vs-other-java-application-servers\">Apache Tomcat vs Other Java Application Servers<\/h2>\n\n\n\n<p>Knowing how Tomcat stacks up against JBoss\/WildFly, GlassFish, and Jetty helps confirm it&#8217;s the right choice before going all-in.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><td><strong>Feature<\/strong><\/td><td><strong>Tomcat<\/strong><\/td><td><strong>JBoss \/ WildFly<\/strong><\/td><td><strong>GlassFish<\/strong><\/td><td><strong>Jetty<\/strong><\/td><\/tr><\/thead><tbody><tr><td>Startup Time<\/td><td>Fast<\/td><td>Slower<\/td><td>Medium<\/td><td>Fast<\/td><\/tr><tr><td>Resource Usage<\/td><td>Light<\/td><td>Heavy<\/td><td>Medium to heavy<\/td><td>Light<\/td><\/tr><tr><td>Java EE Support<\/td><td>Servlet\/JSP, partial Java EE<\/td><td>Full Java EE<\/td><td>Full Java EE (reference implementation)<\/td><td>Servlet\/JSP, embeddable focus<\/td><\/tr><tr><td>Best For<\/td><td>Lightweight web apps, small to mid-size VPS deployments<\/td><td>Enterprise Java EE applications<\/td><td>Reference-platform and enterprise Java EE workloads<\/td><td>Embedded apps, microservices, IoT<\/td><\/tr><tr><td>Clustering<\/td><td>Available, manual setup<\/td><td>Built-in, advanced<\/td><td>Built-in<\/td><td>Limited, mostly manual<\/td><\/tr><\/tbody><\/table><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>Complete Apache Tomcat guide: what it is, how to install it on Linux, Windows &#038; Docker, deploy Java\/WAR apps, secure it, and troubleshoot in 2026.<\/p>\n","protected":false},"author":63,"featured_media":21004,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":"","_members_access_role":[],"_members_access_error":""},"categories":[18],"tags":[1750,1552,1765,1751,1752,1758,1764,602,1760,1757,1601,1755,1762,1749,1756,1761,1753,1763,1759,1754],"ppma_author":[1492],"class_list":["post-20970","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-apache-tomcat","tag-application-deployment","tag-deployment-guide","tag-java-applications","tag-java-development","tag-java-servlet-container","tag-java-web-apps","tag-open-source","tag-server-management","tag-server-optimization","tag-server-security","tag-server-setup","tag-system-administration","tag-tomcat-configuration","tag-tomcat-installation","tag-tomcat-performance","tag-tomcat-security","tag-tomcat-troubleshooting","tag-web-application-hosting","tag-web-server"],"uagb_featured_image_src":{"full":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN.jpg",1200,630,false],"thumbnail":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN-150x150.jpg",150,150,true],"medium":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN-600x315.jpg",600,315,true],"medium_large":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN-768x403.jpg",768,403,true],"large":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN.jpg",1200,630,false],"1536x1536":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN.jpg",1200,630,false],"2048x2048":["https:\/\/contabo.com\/blog\/wp-content\/uploads\/2024\/11\/blog-head_apache-tomcat-guide_EN.jpg",1200,630,false]},"uagb_author_info":{"display_name":"Christopher Carter","author_link":"https:\/\/contabo.com\/blog\/author\/christophercarter\/"},"uagb_comment_info":0,"uagb_excerpt":"Complete Apache Tomcat guide: what it is, how to install it on Linux, Windows & Docker, deploy Java\/WAR apps, secure it, and troubleshoot in 2026.","authors":[{"term_id":1492,"user_id":63,"is_guest":0,"slug":"christophercarter","display_name":"Christopher Carter","avatar_url":"https:\/\/secure.gravatar.com\/avatar\/63db81672a5ce4c1e8ee39753d00251d561b5b3a9967febf1c4f662024cef00f?s=96&d=mm&r=g","author_category":"","user_url":"","last_name":"Carter","first_name":"Christopher","job_title":"","description":""}],"_links":{"self":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts\/20970","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/comments?post=20970"}],"version-history":[{"count":14,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts\/20970\/revisions"}],"predecessor-version":[{"id":31927,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/posts\/20970\/revisions\/31927"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/media\/21004"}],"wp:attachment":[{"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/media?parent=20970"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/categories?post=20970"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/tags?post=20970"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/contabo.com\/blog\/wp-json\/wp\/v2\/ppma_author?post=20970"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}