charm icon


Apache Tomcat 6 or 7 Servlet and JSP engine

Apache Tomcat is an open source implementation of the Java Servlet and JavaServer Pages (JSP) specifications, and provides a "pure Java" HTTP web server environment for Java web applications to run.

Charm Store

juju deploy cs:precise/tomcat










  • Matthew Bruzek


In past 7 days: 0
In past 30 days: 0
In past half year: 31
All time: 87


# Overview

Apache Tomcat is an open source implementation of the Java Servlet and 
JavaServer Pages (JSP) specifications, and provides a "pure Java" HTTP 
web server environment for Java web applications to run.

Apache Tomcat 7 implements the Java Servlet 3.0 and JSP 2.0 specification
from Sun Microsystems/Oracle.


# Usage

## General

A tomcat deployment consists of a Tomcat service:

  juju deploy tomcat

By default, this is Tomcat version 7.  You can deploy Tomcat 6 by specifying 
the version at deployment.  First create a [YAML]( file 
with the contents:

      tomcat_version: tomcat6

Then deploy:

    juju deploy --config config.yaml tomcat

Once deployed, you can specify what http port to use:

    # use port 80 for http
    juju set tomcat http_port=80

(NOTE: You could also do this at deployment with the `--config` switch)

The Tomcat manager applications, enabled by default, are protected by HTTP basic
password protection.  To access the applications you must set a password for
either the `admin` or `status` roles.  The admin role has full access to
configure Tomcat whereas the status role may only see server status.  To set

    juju set tomcat admin_password=<password>
    juju set tomcat status_password=<password>

To expose Tomcat to the Internet:

    juju expose tomcat

    Open web browser to http://<host>/manager or http://<host>/manager/status
    using your admin or status username/password respectively.

(Note: Passwords will be sent to the manager in plain text, so it is 
recommended to enable HTTPS as follows)

To enable HTTPS:

    # enable https connector
    juju set tomcat https_enabled=True
    # use port 443 for https
    juju set tomcat https_port=443

    Open web browser to https://<host>/manager or https://<host>/manager/status.

A self-signed certificate will be generated for HTTPS use by default.  You can
specify your own private key and certificate as a PKCS12 file as follows:

    # set pkcs12 file
    juju set tomcat keystore=`base64 < <pkcs12 file>`
    # set pkcs12 file password
    juju set tomcat keystore_password=<password>

The PKCS12 file is transmitted securely to your Juju cluster and subsequently
used by all service units (added with `juju add-unit`) for easy certificate
management.  Should you remove your certificate by setting `keystore` to an
empty string, a new self-signed certificate will be generated for use.

While the manager applications are a useful way of testing a Tomcat
installation there is no real usage for them when deploying applications using
a Juju subordinate charm like `j2ee-deployer`.  Therefore as a security
precaution, it is recommended you disable them in a production environment:

    # disable manager applications
    juju set tomcat manager_enabled=False

Tomcat offers two pure Java HTTP connectors, Blocking I/O ("bio") and
Non-Blocking I/O ("nio").

- **bio** is the default connector and uses a thread per connection.
- **nio** uses a single thread to read connections asynchronously.

If you have enough traffic to be concerned about performance of each,
it is recommended you benchmark both.  Better performance can be achieved with
either depending on conditions.  Traditionally, Java application traffic favors
the bio connector and serving of static content with the nio connector.

You may set either as follows:

    # set nio connector
    juju set tomcat http_connector=nio

    # set bio connector
    juju set tomcat http_connector=bio

## Deploying a WebApp to Tomcat

A webapp can be deployed with the Tomcat charm in one of two ways: it can
be provided by another charm, or you can manually upload it.

For another charm to provide a webapp, it must be a subordinate charm that
supports the `java-webapp` relation.

To upload a webapp to Tomcat, simply use the following:

    juju scp webapp.war tomcat/0:
    juju ssh tomcat/0 'sudo mv webapp.war /var/lib/tomcat7/webapps'

(If you changed the version of tomcat being deployed, you will need to adjust
the path appropriately.)

## Java Debugger (JDB)

Remote debugging can be useful for application development and diagnosing 
problems with a deployed application.  There are many debugging tools, 
including jdb, and most Integrated Development Environments (IDEs) provide
the ability to attach to remote servers and step through code line by line.  
The tomcat charm provides the ability to attach remote debuggers by using the 
`debug_enabled` configuration option.  The default port 8000 is open when 
`True` and closed when `False` (default).

## Java Management Extensions (JMX)

JMX monitoring is disabled by default, but you can enable it with the 
following commands:

    juju set tomcat jmx_enabled=True
    juju set tomcat jmx_control_password=<password>
    juju set tomcat jmx_monitor_password=<password>

The control role (username = `controlRole`) allows read/write access, the
monitor role (username = `monitorRole`) read only access.  If a password is
empty, it disables access for that role.

There is a further JMX option, `jmx_localhost`.  This determines what hostname
is given to the JMX client to connect to.  If false, the internal hostname or
private IP address of the unit will be used, meaning connection is suited to 
either LXC based deployments or cloud deployments where you have VPN access:

    JConsole or VisualVM connect to <private unit address>:10001 with

For cloud deployments, setting this to `True` uses hostname `localhost`, which
allows you to connect over a ssh tunnel:

    ssh -L 10001:localhost:10001 -L 10002:localhost:10002 <public unit address>
    JConsole or VisualVM connect to localhost:10001 with username/password

The latter is much more typical of out of the box deployment, so `jmx-localhost`
defaults to True.

## Java Naming and Directory Interface (JNDI)

Tomcat supports adding arbitrary configuration parameters for JNDI lookup by
deployed applications.  This enables you to develop applications that discover
configuration details at runtime simply by referencing pre-determined JNDI
names.  This charm supports lookup of different Juju services, each of which 
may be configured using the appropriate `jndi_<type>_config` option.  Unless 
specified otherwise, options are generally a comma separated list of JNDI name,
service and type specific colon separated values:


This allows you to map Juju services to JNDI names as follows:

    # map the JNDI name 'param/Memcached' to the Juju service named 'memcached'
    juju set tomcat jndi_memcached_config="param/Memcached:memcached"

    # map the JNDI name 'param/Terracotta' to the Juju service named 'terracotta'
    juju set tomcat jndi_terracotta_config="param/Terracotta:terracotta"

The charm will take care of mapping the JNDI name with the private addresses
of the Juju services.  If you add units of memcached or terracotta the charm
will add the new addresses appropriately.  A brief description of the available 
JNDI relations is below.

Memcached (`jndi_memcached_config`) - Provides a space separated string of all
unit addresses for specified memcached service.  This can be used directly
in instantiating an instance of a Memcached client such as spymemcached
(see <> for more details).

Terracotta (`jndi_terracotta_config`) - Provides a comma separated string of all
unit addresses for the specified Terracotta service.  This can be injected
directly into EHCache or Quartz configuration (see <> for
more details).

## Scale out Usage

### Clustering

Tomcat supports session clustering, allowing a group of Tomcat units to
replicate J2EE session information to each other.  This is useful for HA
deployments where session contents are important.  To enable clustering across

    # enable clustering
    juju set tomcat cluster_enabled=True

    # add 2 more units to cluster
    juju add-unit -n 2 tomcat

By default, static membership is used over multicast based membership which
means units depend on local cluster configuration to determine cluster groups.
Multicast uses multicast UDP packets on a pre-determined address/port to
determine cluster groups.  Where a cloud provider such as EC2 disables multicast
traffic between instances, static membership must be used.  Where multicast
traffic is allowed, it is preferred and may be enabled as follows:

    # enable multicast clustering
    juju set tomcat multicast=True

    # set multicast address
    juju set tomcat multicast_address=

    # set multicast port
    juju set tomcat multicast_port=34569

For maximum performance with clustering, it is recommended you use a load
balancer in front of Tomcat that supports "sticky sessions".

# Contact Information

This charm was originally written by Robert Ayres <> 
and is maintained by Matthew Bruzek <>.  If you 
encounter a bug with the tomcat charm please open a 

## Apache Tomcat Project Information

- [Apache Tomcat home page](
- [Apache Tomcat Mailing Lists](
- [Tomcat Wiki](
- [Tomcat 7.0 Documentation](
- [Tomcat 6.0 Documentation](
- [Reporting Apache Tomcat Bugs](





  • jmx_jar_url string
  • manager_enabled boolean
  • https_port int
  • java_opts string
  • tomcat_version string
  • jmx_localhost boolean
  • status_username string
  • multicast_port int
  • status_password string
  • keystore string
  • http_port int
  • jmx_jar_md5 string
  • jmx_monitor_password string
  • jmx_enabled boolean
  • debug_enabled boolean
  • terracotta_url string
  • admin_password string
  • terracotta_md5 string
  • keystore_password string
  • cluster_enabled boolean
  • jndi_memcached_config string
  • jndi_terracotta_config string
  • https_enabled boolean
  • multicast_address string
  • admin_username string
  • jmx_control_password string
  • multicast boolean
  • http_connector string
Config details ›

Test Results

No test results.


  • 2015/01/22 Matt Bruzek [johnsca] Added explicit relation for charms to provide webapps to Tomcat. (revno 14)
  • 2014/03/31 Matt Bruzek Added ability to install the catalina jmx jar from file. (revno 13)
  • 2014/03/31 Matt Bruzek Adding apt-get update before installing packages (revno 12)
  • 2014/03/21 Matt Bruzek Fixed some spelling errors found in the file (revno 11)
  • 2014/03/21 Matt Bruzek Updating tests. (revno 10)
  • 2014/03/21 Matt Bruzek Fixed a typo in the code. (revno 9)
  • 2014/03/21 Matt Bruzek Made changes to ports. (revno 8)
  • 2014/03/21 Matt Bruzek Bug fixes and documentation updates. (revno 7)
  • 2014/03/20 Matt Bruzek Found a problem in (revno 6)
  • 2014/03/20 Matt Bruzek more fixes (revno 5)