Pick the latest Tomcat 11.0.x from https://tomcat.apache.org/.
As ownsona:
cd /home/ownsona curl -L -O https://dlcdn.apache.org/tomcat/tomcat-11/v11.0.X/bin/apache-tomcat-11.0.X.tar.gz tar xf apache-tomcat-11.0.X.tar.gz mv apache-tomcat-11.0.X tomcat rm apache-tomcat-11.0.X.tar.gz
The heap defaults shipped with Tomcat are too aggressive for a 2 GB VM. Create or edit /home/ownsona/tomcat/bin/setenv.sh:
#!/bin/sh
# Heap sized for a 2 GB VM. Larger boxes can raise -Xmx.
export CATALINA_OPTS="-Xms256M -Xmx768M -Djava.awt.headless=true \
-XX:+UseG1GC -XX:+DisableExplicitGC \
-Djava.library.path=/usr/local/apr/lib"
Application secrets and URLs go in application.ini — see Configure application.ini. Don’t put them in setenv.sh.
chmod +x /home/ownsona/tomcat/bin/setenv.sh
Edit /home/ownsona/tomcat/conf/server.xml and make four changes:
<Connector port="80" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="443" />
SSLHostConfig blocks:
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true">
<UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
<SSLHostConfig hostName="ownsona.example.com">
<Certificate certificateKeystoreFile="conf/tomcat.p12"
certificateKeystoreType="PKCS12"
certificateKeystorePassword="<keystore-pw>"
type="RSA" />
</SSLHostConfig>
</Connector>
<Host> element with autoDeploy and unpackWARs:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
Both must be true. With unpackWARs="false" the Kiss
webapp NPEs at startup because ServletContext.getRealPath("/")
returns null.
AccessLogValve with retention:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b"
maxDays="90" />
Without maxDays, daily access log files accumulate forever.
sudo chown -R ownsona:ownsona /home/ownsona/tomcat