How to deploy multiple Tomcat instances

…Well, the most obvious option would be containers, right? But let say we want to do this the old fashion way. Here’s what we can do

Prereqs

First, let’s install java on the box, if we haven’t already:

surfer@M5-NY-2:~$ sudo apt install default-jre

Create a directory structure for the tomcat installs:

surfer@M5-NY-2:~$ sudo mkdir /opt/tomcat

Download and extract the most recent tar.gz package of Tomcat 9.x you can find:

surfer@M5-NY-2:~$ sudo tar zxvf apache-tomcat-9.0.45.tar.gz --directory=/opt/tomcat/

Let say that we need two tomcat instances, one for public facing API, so we name it public:

surfer@M5-NY-2:~$ sudo cp -R /opt/tomcat/apache-tomcat-9.0.45/ /opt/tomcat/wspublic/

And the second one private:

surfer@M5-NY-2:~$ sudo cp -R /opt/tomcat/apache-tomcat-9.0.45/ /opt/tomcat/wsprivate/

Let’s get rid of the original, extracted directory:

surfer@M5-NY-2:~$ sudo rm -rf /opt/tomcat/apache-tomcat-9.0.45/

Configuring each instances

Each of these instances must use different ports. A minimum 2 ports are required for each instances, 3 if  we are publishing with TLS/HTTPS. We will let our first instance, wspublic use the default ports, and modify the second instance wsprivate to use altered ports. Open the following config file

surfer@M5-NY-2:~$ sudo nano /opt/tomcat/wsprivate/conf/server.xml

First is the shutdown port which uses 8005 as the default. Locate the port on the following snippet:

<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />

Change 8005 to a port that is not used by another service, ie:

<Server port="7005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<!-- Security listener. Documentation at /docs/config/listeners.html
<Listener className="org.apache.catalina.security.SecurityListener" />

The second and the third ports are the default HTTP and HTTPS ports, by default assigned to 8080 and 8443

<Connector port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />

and

<Connector port="8443" server=" " protocol="org.apache.coyote.http11.Http11NioProtocol"
                       sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
                       connectionTimeout="180000"
                       maxThreads="150" SSLEnabled="true">
   <SSLHostConfig protocols="TLSv1.2"
       <Certificate certificateKeystoreFile="/etc/ssl/certs/keystore.jks"
                    certificateKeystorePassword="8349fjke"
                    type="RSA" />
   </SSLHostConfig>
</Connector>

Just like the shutdown port, change it to ports that aren’t used on the box, ie:

<Connector port="7080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="7443" />

and

<Connector port="7443" server=" " protocol="org.apache.coyote.http11.Http11NioProtocol"
                       sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
                       connectionTimeout="180000"   
                       maxThreads="150" SSLEnabled="true">
   <SSLHostConfig protocols="TLSv1.2"
        <Certificate certificateKeystoreFile="/etc/ssl/certs/keystore.jks"
                     certificateKeystorePassword="8349fjke"
                     type="RSA" />
   </SSLHostConfig>
</Connector>

SystemD Unit files

Here’s how the unit files for both instances are configured

wspublic

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat
Restart=always

Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/wspublic"
Environment="CATALINA_HOME=/opt/tomcat/wspublic"
Environment="CATALINA_PID=/opt/tomcat/wspublic/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/wspublic/bin/startup.sh
ExecStop=/opt/tomcat/wspublic/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

wsprivate

[Unit]
Description=Tomcat 9 servlet container
After=network.target

[Service]
Type=forking

User=tomcat
Group=tomcat
Restart=always

Environment="JAVA_HOME=/usr/lib/jvm/default-java"
Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djava.awt.headless=true"

Environment="CATALINA_BASE=/opt/tomcat/wsprivate"
Environment="CATALINA_HOME=/opt/tomcat/wsprivate"
Environment="CATALINA_PID=/opt/tomcat/wsprivate/temp/tomcat.pid"
Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"

ExecStart=/opt/tomcat/wsprivate/bin/startup.sh
ExecStop=/opt/tomcat/wsprivate/bin/shutdown.sh

[Install]
WantedBy=multi-user.target

As you can see, unit file for each instance must be tweaked according to the path for each instance. The last thing that we need to do is to reload SystemD Daemon list

sudo systemctl daemon-reload

Both instances should now can be started, restarted, and stopped with SystemD commands. For example, to start WSPrivate do:

sudo systemctl start wsprivate

..and we are done