3.11 Install the systemd service ¶

Deploy the production WAR and install the unit. As ownsona:

cp /home/ownsona/ownsona/work/Kiss.war /home/ownsona/tomcat/webapps/ROOT.war

Then as root:

sudo /home/ownsona/ownsona/sql/install_systemd.sh

The script:

• stops any manually-launched Tomcat;
• removes the stale /etc/systemd/system/tomcat.service if present;
• installs /etc/systemd/system/ownsona.service from sql/ownsona.service;
• runs daemon-reload, then enable --nows the unit.

The unit runs catalina.sh run as the ownsona user with AmbientCapabilities=CAP_NET_BIND_SERVICE. That capability is granted by systemd at exec time, which means apt-upgrading openjdk does not break port-binding — unlike the older setcap path, where every JDK upgrade silently strips cap_net_bind_service from the binary.