Tomcat linux ��� ���

Apache Tomcat ®

Content

Tomcat 10 Software Downloads

Welcome to the Apache Tomcat ® 10.x software download page. This page provides download links for obtaining the latest version of Tomcat 10.0.x software, as well as links to the archives of older releases.

Unsure which version you need? Specification versions implemented, minimum Java version required and lots more useful information may be found on the ‘which version?’ page.

Users of Tomcat 10 onwards should be aware that, as a result of the move from Java EE to Jakarta EE as part of the transfer of Java EE to the Eclipse Foundation, the primary package for all implemented APIs has changed from javax.* to jakarta.* . This will almost certainly require code changes to enable applications to migrate from Tomcat 9 and earlier to Tomcat 10 and later. A migration tool has been developed to aid this process.

Quick Navigation

Release Integrity

You must verify the integrity of the downloaded files. We provide OpenPGP signatures for every release file. This signature should be matched against the KEYS file which contains the OpenPGP keys of Tomcat’s Release Managers. We also provide SHA-512 checksums for every release file. After you download the file, you should calculate a checksum for your download, and make sure it is the same as ours.

Mirrors

You are currently using https://dlcdn.apache.org/. If you encounter a problem with this mirror, please select another mirror. If all mirrors are failing, there are backup mirrors (at the end of the mirrors list) that should be available.

10.0.12

Please see the README file for packaging information. It explains what every distribution contains.

Binary Distributions

• Core:
  • zip (pgp, sha512)
  • tar.gz (pgp, sha512)
  • 32-bit Windows zip (pgp, sha512)
  • 64-bit Windows zip (pgp, sha512)
  • 32-bit/64-bit Windows Service Installer (pgp, sha512)
• Full documentation:
  • tar.gz (pgp, sha512)
• Deployer:
  • zip (pgp, sha512)
  • tar.gz (pgp, sha512)
• Embedded:
  • tar.gz (pgp, sha512)
  • zip (pgp, sha512)

Source Code Distributions

10.1.0-M6

Please see the README file for packaging information. It explains what every distribution contains.

Источник

Apache Tomcat ®

Content

Apache Tomcat

The Apache Tomcat ® software is an open source implementation of the Jakarta Servlet, Jakarta Server Pages, Jakarta Expression Language, Jakarta WebSocket, Jakarta Annotations and Jakarta Authentication specifications. These specifications are part of the Jakarta EE platform.

The Jakarta EE platform is the evolution of the Java EE platform. Tomcat 10 and later implement specifications developed as part of Jakarta EE. Tomcat 9 and earlier implement specifications developed as part of Java EE.

The Apache Tomcat software is developed in an open and participatory environment and released under the Apache License version 2. The Apache Tomcat project is intended to be a collaboration of the best-of-breed developers from around the world. We invite you to participate in this open development project. To learn more about getting involved, click here.

Apache Tomcat software powers numerous large-scale, mission-critical web applications across a diverse range of industries and organizations. Some of these users and their stories are listed on the PoweredBy wiki page.

Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo are trademarks of the Apache Software Foundation.

2021-10-06 Tomcat 8.6.72 Released

The Apache Tomcat Project is proud to announce the release of version 8.5.72. of Apache Tomcat. This release implements specifications that are part of the Java EE 7 platform. The notable changes compared to 8.5.71 include:

• Further robustness improvements to HTTP/2 flow control window management
• Fix an issue that caused some Servlet non-blocking API reads of the HTTP request body to incorrectly use blocking IO

Full details of these changes, and all the other changes, are available in the Tomcat 8.5 changelog.

2021-10-01 Tomcat 9.0.54 Released

The Apache Tomcat Project is proud to announce the release of version 9.0.54 of Apache Tomcat. This release implements specifications that are part of the Java EE 8 platform. The notable changes compared to 9.0.53 include:

• Further robustness improvements to HTTP/2 flow control window management
• Improvements to the DataSourceUserDatabase
• Fix an issue that caused some Servlet non-blocking API reads of the HTTP request body to incorrectly use blocking IO

Full details of these changes, and all the other changes, are available in the Tomcat 9 changelog.

2021-10-01 Tomcat 10.0.12 Released

The Apache Tomcat Project is proud to announce the release of version 10.0.12 of Apache Tomcat. This release implements specifications that are part of the Jakarta EE 9 platform.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

• Further robustness improvements to HTTP/2 flow control window management.
• Improvements to the DataSourceUserDatabase.
• Fix an issue that caused some Servlet non-blocking API reads of the HTTP request body to incorrectly use blocking IO.

Full details of these changes, and all the other changes, are available in the Tomcat 10 changelog.

2021-10-01 Tomcat 10.1.0-M6 (alpha) Released

The Apache Tomcat Project is proud to announce the release of version 10.1.0-M6 of Apache Tomcat. This release is a milestone release and is targeted at Jakarta EE 10.

Applications that run on Tomcat 9 and earlier will not run on Tomcat 10 without changes. Java EE based applications designed for Tomcat 9 and earlier may be placed in the $CATALINA_BASE/webapps-javaee directory and Tomcat will automatically convert them to Jakarta EE and copy them to the webapps directory. This conversion is performed using the Apache Tomcat migration tool for Jakarta EE tool which is also available as a separate download for off-line use.

The notable changes in this release are:

• Servlet API updates for Servlet 6 including removal of all deprecated code, updated schemas and a new API for connection and request IDs.
• EL API updates for EL 5.0 including deprecation of the use of FeatureDescriptor, improvements to BeanELResolver and the addition of MethodReference.
• Further robustness improvements to HTTP/2 flow control window management

Full details of these changes, and all the other changes, are available in the Tomcat 10.1 (alpha) changelog.

2021-09-01 Tomcat Native 1.2.31 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.31 of Tomcat Native. The notable changes since 1.2.30 include:

• Windows binaries built with OpenSSL 1.1.1l.
• Correct an issue when building with OpenSSl 3.0.0.

2021-05-07 Tomcat Migration Tool for Jakarta EE 1.0.0 Released

The Apache Tomcat Project is proud to announce the release of 1.0.0 of the Apache Tomcat Migration Tool for Jakarta EE. This release contains a number of bug fixes and improvements compared to version 0.2.0.

The notable changes in this release are:

• Further fixes to exclude javax.xml packages that are not part of Java EE from the migration.
• The class transformer now validates that the target classes in the Jakarta namespace exist in the runtime environment.

Full details of these changes, and all the other changes, are available in the changelog.

2020-03-06 Tomcat Connectors 1.2.48 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.48 of Apache Tomcat Connectors. This version fixes a number of bugs found in previous releases.

2015-03-17 Apache Standard Taglib 1.2.5 Released

The Apache Tomcat Project is proud to announce the release of version 1.2.5 of the Standard Taglib. This tag library provides Apache’s implementation of the JSTL 1.2 specification.

Version 1.2.5 is a minor bug fix release reverting a change made in 1.2.1 where modified the HTTP method during POST operations, and fixing an issues that resulted in an AccessControlException during startup unless permission was granted to read the accessExternalEntity property.

Please see the Taglibs section for more details.

2013-11-11 Tomcat Maven Plugin 2.2 Released

The Apache Tomcat team is pleased to announce the release of Tomcat Maven Plugin 2.2. Changelog available here.

The Apache Tomcat Maven Plugin provides goals to manipulate WAR projects within the Apache Tomcat servlet container.

The binaries are available from Maven repositories. You should specify the version in your project’s plugin configuration:

Источник

Tomcat

Tomcat is an open source Java Servlet container developed by the Apache Software Foundation. For more information about basic configuration, see:Tomcat and Apache

Contents

Installation

If deploying Tomcat onto a production environment, consider installing tomcat-native . The native library for Tomcat configures the server to use the Apache Portable Runtime (APR) library’s network connection (socket) and RNG implementations. It uses native 32- or 64-bit code to enhance performance and is sometimes used in production environments where speed is crucial. No configuration is necessary for default Tomcat installations. More information is available in the official Tomcat docs. To install Tomcat in version 9 witch is needed for servlet specification 4.0 is at the moment missing and will come soon as possible. To install tomcat in version 9 follow the instructions in the official Tomcat 9 docs.

Using tomcat-native will remove the following warning in catalina.err :

Filesystem hierarchy

Replace the * with your installed version (7 or 8).

Pathname	Use
/etc/tomcat*	Configuration files. Among some: tomcat-users.xml (defines users allowed to use administration tools and their roles), server.xml (Main Tomcat configuration file), catalina.policy (security policies configuration file)
/usr/share/tomcat*	Main Tomcat folder containing scripts and links to other directories
/usr/share/java/tomcat*	Tomcat Java libraries (jars)
/var/log/tomcat*	Log files not handled by systemd (see #Logging)
/var/lib/tomcat*/webapps	Where Tomcat deploys your web applications
/var/tmp/tomcat*	Where Tomcat store your webapps’ data

Initial configuration

In order to be able to use the manager webapp and the admin webapp you need to edit the following file: /etc/tomcat7/tomcat-users.xml

Uncomment the «role and user» XML declaration and modify it to enable roles tomcat , admin-gui , admin-script and/or manager-gui , manager-script , manager-jmx , manager-status depending on your needs (see Configuring Manager Application Access). To keep it short, tomcat is the mandatory role used to run, manager-* are roles able to administer web applications and admin-* are full right administrator roles on the Tomcat server.

Here is a bare configuration file that declares some of these roles along with usernames and passwords (Be sure to change the following [CHANGE_ME] passwords to something secure):

Keep in mind that Tomcat must be restarted each time a modification is made to this file.

This blog post gives a good description of these roles.

To have read permissions on the configuration files and work well with some IDEs, you must add your user to the `tomcat7` (respectively `tomcat8`) group:

Start/stop Tomcat

Start the tomcat7 service.

Once Tomcat is started, you can visit this page to see the result: http://localhost:8080. If a nice Tomcat local home page is displayed this means your Servlet container is up and running and ready to host you web apps. If the startup script failed or you can only see a Java error displayed in you browser, have a look at startup logs using systemd’s journalctl. Google is full of answers on recurrent issues found in Tomcat logs.

Alternate «manual» way

Tomcat can also be controlled directly using upstream scripts:

This can be useful to debug applications or even debug Tomcat, but do not use it to start Tomcat for the first time as doing so can set some permissions wrongly and stop web apps from working. In order to be able to use these scripts, some further configuration may be needed. Be aware that using these scripts prevents the jsvc security advantage described above.

Deploy and handle web applications

Tomcat 7 is bundled with 5 already deployed web applications (change localhost with your server’s FQDN if needed):

The GUI way

Probably the easiest way is to use the manager webapp http://localhost:8080/manager/html. Use the username/password you defined as manager in tomcat-users.xml . Once logged in you can see five already deployed web applications. Add yours through the «Deploy» area and then stop/start/undeploy it with the «Applications» area.

The CLI way

One can also just copy the WAR file of the application to directory /usr/share/tomcat8/webapps . For that later, be sure that the autoDeploy option is still set for the right host as shown here:

Hosting files outside the webapps folder

If you want to keep your project outside the webapps folder this is possible by creating a Context . Go to /etc/tomcat /Catalina/localhost/ and create your context. A context is a simple xml file which specifies where tomcat should look for the project. The basic format of the file is

A working example is as follows. This assumes that the project is hosted somewhere in the users /home-folder.

The files can now be hosted in /home/archie/code/jsp/myProject/ . To see the project in your webbrowser, go to http://localhost:8080/myProject. If tomcat is unable to load the files, it might be an issue with permissions. chmod o+x /home/archie/code/jsp/myProject should fix the issue.

Logging

Tomcat when used with official Arch Linux packages uses systemd’s journalctl for startup log. This means that files /var/log/tomcat7/catalina.err and /var/log/tomcat7/catalina.out are not used. Other logs such as access logs and business logs defined in /etc/tomcat7/server.xml as Valve will still by default end up in /var/log/tomcat7/ .

To restore upstream style logging, copy systemd file /lib/systemd/system/tomcat7.service to /etc/systemd/system/tomcat7.service and change both SYSLOG for the absolute paths of log files.

Further setup

Basic configuration can be made through the virtual host manager web application: http://localhost:8080/host-manager/html. Provide the username/password you set in tomcat-users.xml . Other options are tweaked in configuration files in /etc/tomcat7 , the most important being server.xml . Using these files is out of the scope of this 101 wiki page. Please have a look at the official Tomcat 7 documentation for more details.

Migrating from previous versions of Tomcat

As said in the introduction, Tomcat 8 does not deprecate Tomcat 7. They are all three, implementations of Servlet/JSP standards. Hence you must first determine which version of Tomcat you need depending on the versions of Servlet/JSP your application uses. If you need to migrate, the official website gives instructions on how to handle such a process.

Using Tomcat with a different JRE/JDK

Apart from installing the desired JRE/JDK, the only requirement is to set the TOMCAT_JAVA_HOME variable in Tomcat’s systemd service file.

The variable can be overridden by a custom configuration, as described in Systemd#Editing provided units:

1. create the directory /etc/systemd/system/tomcat7.service.d
2. in that directory, save a start.conf file with this content (for the Oracle JDK package jdkAUR , use instead /usr/lib/jvm/java-8-jdk):

Alternatively, copy the service file /usr/lib/systemd/system/tomcat7.service, to /etc/systemd/system/ and replace this line:

by (e.g. for Oracle JDK)

Security configuration

This page gives the bare minimum to get your first web application to run on Tomcat. It is not intended to be the definitive guide to administering Tomcat (it is a job of its own). The official Tomcat website will provide all necessary official matter. One could also refer to this O’Reilly page and this last one. Still, here are some security tips to get you started:

• Keep your Tomcat installation up to date to get the latest fixes to security issues
• Remove unwanted default applications such as examples , docs , default home page ROOT («_» in the manager webapp). This prevents potential security holes to be exploited. Use the manager for that.

For more security you could even remove the host-manager and manager web applications. Keep in mind that the later is useful to deploy web applications.

• Disable the WAR auto-deploy option. This would prevent someone who gained restricted access to the server to copy a WAR into the /usr/share/java/webapps directory to get it running. Edit server.xml and set the autoDeploy to false :

• Anonymize Tomcat’s default error page to prevent potential attackers to retrieve Tomcat’s version. To see what Tomcat says by default, just visit an nonexistent page such as http://localhost:8080/I_dont_exist. You get a 404 error page with Tomcat’s version at the bottom.

To anonymize this, edit/open the following JAR (Editors like vim can edit zips directly)

And edit the following file

• Disable unused connectors in server.xml
• Keep restricted access to /etc/tomcat7/server.xml . Only tomcat user and/or root should be able to read and write this.
• Keep jsvc usage. Do not use upstream startup scripts unless particular reason as explained in the security note above.
• Use strong different passwords for each user in tomcat-users.xml , give roles to users who really need them and even disable usernames/roles you do not use/need.

One can even crypt tomcat-users.xml passwords using the following upstream script:

This will output something like:

Paste the hashed part in place of the clear password in tomcat-users.xml and add the following to server.xml :

Note that this may not be relevant because only root and/or tomcat is supposed to have read/write access to that file. If an intruder manages to gain root access then he would not need such passwords to mess with your applications/data anyway. Be sure to keep restricted RW access to that file!

• Always know what you are deploying

Troubleshooting

Tomcat service is started, but page is not loaded

First check /etc/tomcat7/tomcat-users.xml for any syntax error. If everything is fine and tomcat7 is correctly running, run journalctl -r as root to check the logs for any exception thrown (see Logging). If you read anything like java.lang.Exception: Socket bind failed: [98] Address already in use , this is due to some other service listening on the same port. For instance, it is possible that Apache HTTP Server and Tomcat are listening on the same port (if for example you have Apache running on port 8080 with Nginx serving it as a proxy on port 80). If this is the case, edit the /etc/tomcat7/server.xml file and change the Connector port to something else under :

Finally restart tomcat7 and httpd services.

If you have no solution and you are in a VM, it can help to delete /dev/random and create it again (cf. Solution: FUTEX_WAIT hangs Java on Linux / Ubuntu in vmware or virtual box):

Источник