Installation Guide for Apache Tomcat 11.0.7 Integration with Nginx and SSL Encryption on Rocky Linux 9

Installation Guide for Apache Tomcat 11.0.7 Integration with Nginx and SSL Encryption on Rocky Linux 9

In today's digital landscape, the need for a modern, secure, and scalable environment for Java web applications is paramount. This article outlines the setup process for such an environment using Apache Tomcat 11.0.7, Nginx, and SSL on Rocky Linux 9.

**System Requirements**

To begin, you'll need the following components: - Rocky Linux 9 as the operating system - OpenJDK 17 or later, to support Java 11 applications - Apache Tomcat 11.0.7 as the web server - Nginx as the proxy server - A SSL/TLS certificate from a trusted Certificate Authority (CA), such as Let's Encrypt

**Step-by-Step Setup**

**1. Install Required Packages**

- Update the system: ```bash sudo dnf update -y ``` - Install Java: ```bash sudo dnf install java-11-openjdk-headless -y ``` - Install Nginx: ```bash sudo dnf install nginx -y ``` - Download and extract the Tomcat archive manually from the Apache Tomcat website. Alternatively, you can use a package manager if available.

**2. Configure Apache Tomcat**

- Set up Tomcat: - Extract the downloaded Tomcat archive to a directory (e.g., `/opt/tomcat`). - Ensure the `JAVA_HOME` environment variable is set to your Java installation directory. - Start Tomcat: ```bash sudo systemctl start tomcat ``` If you did not set up Tomcat using a package manager, you will need to write a custom service file. - Configure Tomcat for Running as a Service: - Create a service file in `/etc/systemd/system/tomcat.service` with the following content: ```bash [Unit] Description=Apache Tomcat Web Server After=network.target

[Service] User=tomcat Group=tomcat Environment=JAVA_HOME=/usr/lib/jvm/jre-11-openjdk Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid Environment=CATALINA_HOME=/opt/tomcat Environment=CATALINA_BASE=/opt/tomcat ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh

[Install] WantedBy=multi-user.target ``` - Reload the systemd daemon and enable the service to start automatically: ```bash sudo systemctl daemon-reload sudo systemctl enable tomcat ```

**3. Configure Nginx as a Reverse Proxy**

- Create or Edit Nginx Configuration for Reverse Proxy: - Create a new file in `/etc/nginx/conf.d/` (e.g., `tomcat-proxy.conf`) with the following configuration: ```nginx server { listen 80; server_name example.com;

location / { proxy_pass http://localhost:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } } ``` - Restart Nginx: ```bash sudo systemctl restart nginx ```

**4. Enable SSL/TLS**

- Obtain an SSL/TLS Certificate: - Use Certbot by Let’s Encrypt to obtain a certificate. Install Certbot if it's not available: ```bash sudo dnf install epel-release -y sudo dnf config-manager --set-enabled PowerTools sudo dnf install certbot python3-certbot-nginx -y ``` - Run Certbot to obtain a certificate: ```bash sudo certbot --nginx --agree-tos --email [email protected] --non-interactive --expand --domains -d example.com ```

- Update Nginx Configuration: Certbot will automatically configure your Nginx to use the obtained SSL/TLS certificates.

**5. Security Considerations**

- Keep Software Updated: Regularly update your system and software to protect against vulnerabilities. - Firewall Configuration: Use a firewall (e.g., `firewalld` on Rocky Linux) to limit incoming traffic to necessary ports only. - Tomcat Configuration: Ensure that Tomcat is configured to use secure protocols and settings, such as disabling unnecessary features.

By following these steps, you can set up a secure and scalable environment for deploying Java web applications using Apache Tomcat, Nginx, and SSL on Rocky Linux 9. This architecture offers separation of concerns, better performance, and out-of-the-box SSL integration using open tools like Certbot.

For those interested in creating a Shape.Host instance, you can do so by visiting [our website.host](https://our website.host), logging in, clicking "Create", choosing "Instance", selecting a server location, choosing Rocky Linux 9 (64-bit) as the operating system, picking a plan with at least 2 CPUs, 4 GB RAM, and 20 GB SSD, and clicking "Create Instance".

This setup allows you to run Tomcat behind Nginx, providing reverse proxying for clean and flexible request routing, TLS/SSL termination using Let's Encrypt and Certbot, improved performance for static content, and protection against direct Tomcat exposure to the public internet.

Christian Wells is the author of this article. For more information on Apache Tomcat, Nginx, and SSL on Rocky Linux 9, please refer to the resources mentioned in this article.

1. The renewable-energy industry is experiencing rapid growth, offering abundant career opportunities in finance, energy, business, and technology sectors.
2. Pursuing education-and-self-development in data-and-cloud-computing is a valuable skill for anyone seeking a career in the technology field, as it can lead to opportunities in renewable-energy firms.
3. Online-education platforms provide a flexible and accessible way for adults to learn about renewable-energy technologies and lifelong-learning skills, such as Java programming, which can be applied in various aspects of the renewable-energy business.
4. To succeed in a career in the renewable-energy sector, one must be committed to ongoing learning and staying updated on the latest advances in energy production, storage, and distribution technologies.
5. Companies in the renewable-energy industry are increasingly investing in smart grids and energy management systems, requiring expertise in computer networking, data analysis, and cloud computing.
6. By adopting renewable-energy sources and implementing efficient energy storage solutions, businesses can reduce their carbon footprint, lower operating costs, and enhance their overall competitiveness in the modern digital landscape.

Read also: