Tomcat is a free and open-source web server and servlet container in which Java code can run. It consists of several components: Catalina (a servlet container), Coyote (an HTTP connector) and Jasper (a Jakarta Server Pages engine). Tomcat is released under the Apache 2.0 License.


For this guide you should be familiar with the basic concepts of


After logging in with ssh, check which Java version you are running and where it is located:

[isabell@stardust ~]$ java --version
openjdk 17 2021-09-14
OpenJDK Runtime Environment 21.9 (build 17+35)
OpenJDK 64-Bit Server VM 21.9 (build 17+35, mixed mode, sharing)
[isabell@stardust ~]$ which java
[isabell@stardust ~]$

Also check your URL and, if you like, set up additional domains:

[isabell@stardust ~]$ uberspace web domain list
[isabell@stardust ~]$


Create application directory and files

First create a folder called tomcat:

[isabell@stardust ~]$ mkdir ~/tomcat
[isabell@stardust ~]$

Next, look for the latest version of Tomcat and unpack it into your new folder:

[isabell@stardust ~]$ wget
Resolving (, 2a04:4e42::644
Connecting to (||:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11906902 (11M) [application/x-gzip]
Saving to: ‘apache-tomcat-10.0.16.tar.gz’
[isabell@stardust ~]$ tar --extract --file=apache-tomcat-10.0.16.tar.gz --directory=tomcat/ --strip-components=1
[isabell@stardust ~]$ rm apache-tomcat-10.0.16.tar.gz
[isabell@stardust ~]$


Set up service

Create the service file ~/etc/services.d/tomcat.ini and fill it with:

command=%(ENV_HOME)s/tomcat/bin/ run

You could explicitly set further environment variables like JAVA_HOME (required for debugging) or CATALINA_BASE (specify directories for multiple instances). These are documented in the initial comment block of ~/tomcat/bin/ but are not required for a minimal installation.

After creating the configuration, tell supervisord to refresh its configuration and start the service:

[isabell@stardust ~]$ supervisorctl reread
SERVICE: available
[isabell@stardust ~]$ supervisorctl update
SERVICE: added process group
[isabell@stardust ~]$ supervisorctl status
SERVICE                            RUNNING   pid 26020, uptime 0:03:14
[isabell@stardust ~]$

For your convenience, you may also want to create a symbolic link to the log file. Note the differences between catalina.out and catalina.YYYY-MM-DD.log explained here .

[isabell@stardust ~]$ ln -s ~/tomcat/logs/catalina.out ~/logs/tomcat.log

Tomcat is now up and running as a service. To make it accessible from the outside, we need to configure a web backend.

Set up web backend


Tomcat is running on port 8080. This is only relevant for the server but can nevertheless be changed in ~/tomcat/conf/server.xml.

To make the application accessible from the outside, configure a web backend:

[isabell@stardust ~]$ uberspace web backend set / --http --port <port>
Set backend for / to port <port>; please make sure something is listening!
You can always check the status of your backend using "uberspace web backend list".
[isabell@stardust ~]$

At this point, Tomcat should be visible at However, to really make use of the management interface you still need to give yourself access.

Set up web management users

To make the management interface usable, edit ~/tomcat/conf/tomcat-users.xml. You will find several blocks of comments that you may want to delete or simply uncomment. Make sure to add or uncomment the following line within the <tomcat-users>...</tomcat-users> tag and set an appropriate password:

<user username="admin" password="SET-YOUR-PASSWORD" roles="manager-gui,admin-gui"/>

By default, Tomcat only allows connections coming from the server itself to access the Manager and Host Manager apps. Since it is installed on a remote machine, you will probably want to remove this restriction. Open the files at ~/tomcat/webapps/manager/META-INF/context.xml and ~/tomcat/webapps/host-manager/META-INF/context.xml and comment out the IP restrictions in both of them by adding <!-- ... --> like this:

<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
        allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->

Afterwards, restart the supervisord service:

[isabell@stardust ~]$ supervisorctl restart tomcat
[isabell@stardust ~]$

Tomcat should now be fully usable!

Tested with Uberspace 7.11.5 and Tomcat 10.0.16 on OpenJDK 17.

Written by: Christian Macht <>