Guide for Setting Up Apache Tomcat 11.0.7 with Nginx and SSL on Rocky Linux 9
In this article, we'll walk you through the process of setting up a modern, secure, and scalable environment for Java web applications by deploying Apache Tomcat 11.0.7 with Nginx and SSL on Rocky Linux 9.
Step 1: Install Apache Tomcat 11.0.7
First, download the binary distribution from the official Apache Tomcat website. Create a dedicated user for running Tomcat for security, extract the Tomcat archive to a preferred directory (e.g., ), and configure environment variables such as . Adjust permissions to allow the Tomcat user to execute scripts and access necessary directories.
Step 2: Install and Configure Nginx
Install Nginx using the default package manager:
Configure Nginx as a reverse proxy to Tomcat by editing the server block in :
``` server { listen 80; server_name yourdomain.com;
} ```
Enable and start Nginx:
Step 3: Enable and Configure SSL with Let’s Encrypt
Install Certbot and the Nginx plugin:
Obtain and install the SSL certificate:
Certbot will automatically modify the Nginx configuration to enable SSL and redirect HTTP traffic to HTTPS. Verify renewal is scheduled automatically (Certbot sets up a systemd timer or cron job).
Step 4: Configure Tomcat for Production
Modify to ensure the Connector is listening on a non-public port (default 8080). Optional: Secure Tomcat by disabling default applications and using proper logging as per Tomcat’s best practices. Start Tomcat:
Step 5: Firewall and SELinux
Allow HTTP and HTTPS through the firewall:
If SELinux is enforcing, set appropriate boolean for Nginx proxying:
Step 6: Testing
Access to confirm that requests are correctly proxied to Tomcat and the site is secured with SSL.
This setup creates a secure production environment where Nginx handles SSL termination and proxies HTTP requests to Tomcat running in the backend on Rocky Linux 9. For detailed Tomcat-specific tuning, refer to official Tomcat 11 documentation and security guides.
Apache Tomcat, an open-source web server and servlet container developed by the Apache Software Foundation, supports Jakarta EE specifications such as Jakarta Servlets, Jakarta Server Pages (JSP), and Jakarta WebSocket. Rocky Linux 9, an Enterprise Linux distribution fully compatible with RHEL 9, is another key component of this setup.
Common use cases for Apache Tomcat include hosting Spring Boot or Jakarta EE-based web apps, running admin panels or dashboards in Java, deploying APIs behind HTTPS reverse proxy, and serving enterprise SaaS with role-based access. Security recommendations for deploying Apache Tomcat include running it under a non-root system user, binding it to a specific IP, using SELinux in enforcing mode with correct policies, restricting connectors and secure headers, using Certbot for TLS with automatic renewal, and enabling firewalld to only expose ports and IP.
Running Tomcat behind Nginx provides reverse proxying, TLS/SSL termination, improved performance for static content, and protection against direct Tomcat exposure to the public internet. A Tomcat system user is created and Tomcat is downloaded, extracted, moved, and given proper permissions. OpenJDK 17 is installed, which is required by Apache Tomcat.
To create a Shape.Host instance, go to https://ourwebsite.host, log in, click "Create", choose "Instance", select your desired server location, choose Rocky Linux 9 (64-bit) as the operating system, and pick a plan with at least 2 CPUs, 4 GB RAM, and 20 GB SSD. Windows users can use PuTTY to connect via SSH. The user can deploy a reliable cloud server using Shape.Host Linux SSD VPS. Version 11.0.7 of Apache Tomcat brings full compatibility with Jakarta EE 11. The firewall is installed and configured to allow HTTP, HTTPS, and Tomcat's port 8080. The user can find the instance's IP address under the "Resources" section. A Tomcat systemd service is created with a specific configuration.
- To ensure optimal performance and security for the Java web applications, it's recommended to use gadgets like the Tomcat Connector and Nginx as reverse proxies, as demonstrated in this article's setup.
- Incorporating technology, such as Apache Tomcat and Nginx, can help create a robust, scalable environment for hosting web applications, providing features like SSL termination, caching of static content, and enhanced security against direct exposure to public networks.
