In the development and deployment of Java Web applications, Apache Tomcat is a lightweight Servlet container and Web server. It is open source, efficient and easy to use, and is the preferred choice for enterprise-level applications. It can be used to deploy simple Java Web projects or build high-concurrency distributed systems. The installation and optimization of Tomcat are both crucial. The steps for installing Tomcat on a Linux server include environment preparation, security configuration, performance optimization, etc. The specific steps are as follows!

I. Environmental preparation before Installation

The operating system is recommended to use Linux distributions (such as CentOS 7/8, Ubuntu 20.04 LTS), and ensure that the system has been updated to the latest patch:

CentOS 
sudo yum update y 
Ubuntu 
sudo apt update && sudo apt upgrade y

Confirm that the server memory is ≥2GB (4GB or more is recommended) and the hard disk space is ≥10GB. Tomcat relies on the Java runtime environment. JDK 8 or a higher version needs to be installed first (JDK 11 is recommended) :

Install OpenJDK 11 on CentOS
sudo yum install java11openjdkdevel y
Ubuntu installs OpenJDK 11
sudo apt install openjdk11jdk y

Verify installation:

java version

The output should be similar.：openjdk 11.0.20 20230718 LTS 

Ii. Download and Installation of Tomcat
Visit the official website of Apache Tomcat, select a stable version (such as Tomcat 10.1.x), and copy the link of the binary compressed package. Download Tomcat (take 10.1.18 as an example)

wget downloads.apache.org/tomcat/tomcat10/v10.1.18/bin/apachetomcat10.1.18.tar.gz

Extract to the /opt directory

sudo tar xzvf apachetomcat10.1.18.tar.gz C /opt

Create soft links to facilitate version management

sudo ln s /opt/apachetomcat10.1.18 /opt/tomcat

For security reasons, create a dedicated user tomcat and authorize:

sudo useradd r m d /opt/tomcat s /bin/false tomcat
sudo chown R tomcat:tomcat /opt/tomcat
sudo chmod R 755 /opt/tomcat

Iii. Configure the Tomcat system service
New service file/etc/systemd/system/tomcat. The service, the content is as follows:

ini  
[Unit]  
Description=Apache Tomcat  
After=network.target  
[Service]  
Type=forking  
User=tomcat  
Group=tomcat  
Environment="JAVA_HOME=/usr/lib/jvm/java11openjdkamd64"  
Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid"  
Environment="CATALINA_HOME=/opt/tomcat"  
Environment="CATALINA_BASE=/opt/tomcat"  
ExecStart=/opt/tomcat/bin/startup.sh  
ExecStop=/opt/tomcat/bin/shutdown.sh  
Restart=onfailure  
[Install]  
WantedBy=multiuser.target

Modify JAVA_HOME according to the actual JDK path (which can be found through readlink f $(which java)). Start the service and set it to start automatically at startup

sudo systemctl daemonreload
sudo systemctl start tomcat
sudo systemctl enable tomcat

Check status

sudo systemctl status tomcat

Iv. Firewall and Security Configuration
The default HTTP port is 8080. If external access is required, it must be allowed. 

CentOS（firewalld）
sudo firewallcmd permanent addport=8080/tcp
sudo firewallcmd reload
Ubuntu（ufw）
sudo ufw allow 8080/tcp

Delete the default management user configuration to enhance security:

sudo rm /opt/tomcat/webapps/hostmanager/METAINF/context.xml
sudo rm /opt/tomcat/webapps/manager/METAINF/context.xml

Use Let's Encrypt free certificates or commercial certificates. Generate the key library (keytool needs to be installed in advance)

keytool genkey alias tomcat keyalg RSA keystore /opt/tomcat/conf/keystore.jks

Modify server.xml to enable HTTPS

sudo vi /opt/tomcat/conf/server.xml 
Add under <Service name="Catalina"> :
xml  
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"  
maxThreads="150" SSLEnabled="true">  
<SSLHostConfig>  
<Certificate certificateKeystoreFile="/opt/tomcat/conf/keystore.jks"  
certificateKeystorePassword="your_password"  
type="RSA" />  
</SSLHostConfig>  
</Connector> 

V. Performance Optimization and Monitoring
Modify/opt/tomcat/bin/the setenv. Sh (if it had no new) :

export CATALINA_OPTS="Xms512m Xmx1024m XX:MaxMetaspaceSize=256m"

Xms: Initial heap memory

Xmx: Maximum heap memory

XX:MaxMetaspaceSize: Upper limit of the metaspace

Modify the <Connector> node in server.xml:

xml 
<Connector port="8080" protocol="HTTP/1.1" 
connectionTimeout="20000" 
redirectPort="8443" 
maxThreads="200" 
minSpareThreads="10" 
acceptCount="100" 
enableLookups="false" 
compression="on" />

Configure the log format in server.xml:

xml 
<Valve className="org.apache.catalina.valves.AccessLogValve" 
directory="logs" 
prefix="localhost_access_log" 
suffix=".txt" 
pattern="%h %l %u %t "%r" %s %b %D" />

Analyze logs using tools (such as GoAccess) :

goaccess /opt/tomcat/logs/localhost_access_log..txt logformat=COMBINED

Vi. Common Problems and Solutions

Tomcat failed to start

java.net.BindException: Address already in use

Check port occupancy: sudo netstat tulnp | grep 8080, terminate conflicting processes or modify ports.

2. Memory Overflow (OOM) 

java.lang.OutOfMemoryError: Java heap space

Increase the value of the Xmx parameter or analyze memory leaks (using jmap, VisualVM).

3. Slow access speed

Optimization directions: Enable GZIP compression, adjust the size of the thread pool, upgrade hardware or use CDN to accelerate static resources.

After completing the above steps, you have successfully deployed Tomcat on the Linux server and completed the basic security reinforcement and performance optimization. For the production environment, it is recommended to update the Tomcat version regularly, monitor the usage of system resources, and further enhance concurrent capabilities in combination with Nginx reverse proxy. Mastering the management and installation of Tomcat well is the starting point of Java application deployment and also the key to building highly available Web services. Whether it is individual users or enterprise users, everyone should master this process operation method well, which is conducive to usage and deployment.