12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

Installation and Configuration > Installing ThingWorx > Ubuntu Installation > PostgreSQL > Install Java and Apache
Tomcat (Ubuntu)

Install Java and Apache Tomcat (Ubuntu)

1. If you are using AzureSQL for your database, go to Using Azure SQL Server as the
Persistence Provider. Perform the steps in that section to set up the database, and you will
be referred back to this section.
2. If you are using MSSQL for your database, go to Using MSSQL as the Persistence Provider .
Perform the steps in that section to set up the database, and you will be referred back to
this section.
3. Update Ubuntu packages:
$ sudo apt-get update
4. Install and Configure Network Time Protocol (NTP) settings for time synchronization:
$ sudo apt-get install ntp

  The default configuration for NTP is sufficient. For additional configuration

information about NTP (beyond the scope of this documentation), refer to the
following resources:
• Time Synchronization with NTP
• How do I use pool.ntp.org?

5. Edit AUTHBIND properties to allow Tomcat to bind to ports below 1024:

$ sudo apt-get install authbind
6. Download the Java JDK tar file from Oracle’s website, or run the following
wget -c --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.orac

7. Extract tar file:

$ tar -xf jdk-8uxxx-linux-x64.tar.gz

8. Create the directory by moving the JDK to /usr/lib/jvm:

  If the directory is not empty, a warning message will display.

$ sudo mkdir -p /usr/lib/jvm

$ sudo mv jdk1.8.0_xxx/ /usr/lib/jvm/
9. Add alternatives to the system:
$ sudo update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk1.8.0_xxx/b
$ sudo update-alternatives --install "/usr/bin/keytool" "keytool" "/usr/lib/jvm/jdk1.8.0

10. Change access permissions:

$ sudo chmod a+x /usr/bin/java
$ sudo chmod a+x /usr/bin/keytool
11. Change owner:
$ sudo chown -R root:root /usr/lib/jvm/jdk1.8.0_xxx/
12. Configure master links:

https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 1/6
12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

$ sudo update-alternatives --config java

$ sudo update-alternatives --config keytool

  Nothing to configure is a normal response to this command and is not an error.

Additional executables in /usr/lib/jvm/jdk1.8.0_xxx/bin/ can be
installed using the previous set of steps.

13. Verify Java version:

$ java -version
This should return something similar to the following (build specifics may be different):
java version "1.8.0_xxx"
Java(TM) SE Runtime Environment (build 1.8.0_xxx-bxx)
Java HotSpot(TM) 64-Bit Server VM (build xx.xx-bxx, mixed mode)

14. Download Apache Tomcat: The steps in this process use Tomcat 8.5.xx, where xx is
replaced with the version you are using.
$ wget http://archive.apache.org/dist/tomcat/tomcat-8/v8.5.xx/bin/apache-tomcat-8.5.xx.t

  Best practice includes verifying the integrity of the Tomcat file by using the
signatures or checksums for each release. Refer to Apache’s documentation for
more information.

15. Extract tar file:

$ tar -xf apache-tomcat-8.5.xx.tar.gz

16. Create and change the owner for /usr/share/tomcat8.5 and move Tomcat to the
following location. Add user and group to the system:
$ sudo mkdir -p /usr/share/tomcat8.5
$ sudo mv apache-tomcat-8.5.xx /usr/share/tomcat8.5/8.5.xx
$ sudo addgroup --system tomcat8.5 --quiet -force-badname
$ sudo adduser --system --home /usr/share/tomcat8.5/ --no-create-home --ingroup tomcat8.
$ sudo chown -R tomcat8.5:tomcat8.5 /usr/share/tomcat8.5

17. Define environment variables in /etc/environment:

$ export JAVA_HOME=/usr/lib/jvm/jdk1.8.0_xxx
$ export CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx
18. Change directory to $CATALINA_HOME:
$ cd $CATALINA_HOME

19. Change owner and access permissions of bin/, lib/, and webapps/:
$ sudo chown -Rh tomcat8.5:tomcat8.5 bin/ lib/ webapps/
$ sudo chmod 775 bin/ lib/ webapps/

20. Change owner and access permissions of usr/share/tomcat8.5/8.5xx:

sudo chown -R tomcat8.5:tomcat8.5 /usr/share/tomcat8.5/8.5.xx
sudo chmod -R 775 /usr/share/tomcat8.5/8.5.xx

21. Change owner and access permissions of conf/:

$ sudo chown -Rh root:tomcat8.5 conf/
$ sudo chmod -R 650 conf/

22. Change access permissions of logs/, temp/, and work/:

https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 2/6
12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

$ sudo chown -R tomcat8.5:adm logs/ temp/ work/

$ sudo chmod 760 logs/ temp/ work/
23. Create self-signed certificate:
$ sudo $JAVA_HOME/bin/keytool -genkey -alias tomcat8.5 -keyalg RSA -keystore $CATALINA_H

24. Follow the instructions to complete the certificate creation process.

◦ Set the keystore password.
◦ Follow the prompts to set up your security certificate.
◦ Set the tomcat8.5 user password to the same as the keystore password:
$ sudo chown root:tomcat8.5 $CATALINA_HOME/conf/.keystore
$ sudo chmod 640 $CATALINA_HOME/conf/.keystore

25. Uncomment the Manager element in $CATALINA_HOME/conf/context.xml to prevent

sessions from persisting across restarts:
<Manager pathname="" />

  For security reasons, it is critical that you disable the AJP connector, if not already
done so by default, by performing the following step.

26. In the location of the Tomcat installation, open conf/server.xml and search for the
following line. If found, comment it out and save the file:
<Connector port ="8009" protocol="AJP/1.3" redirectPort="8443"/>

  In Apache Tomcat 9.0 and later, the rejectIllegalHeader attribute defaults

to true. Manually modifying the conf/web.xml file to set this attribute to false is
not recommended or supported by PTC.

If you receive an error that the directory doesn’t exist, use the following commands to
ensure port 443 works:
sudo touch /etc/authbind/byport/443
sudo chmod 700 /etc/authbind/byport/443
sudo chown tomcat8.5:tomcat8.5 /etc/authbind/byport/443

27. Define a user in $CATALINA_HOME/conf/tomcat-users.xml:

sudo vi $CATALINA_HOME/conf/tomcat-users.xml

<user username="<Tomcat user name> " password="<Tomcat password> " roles="manager"/>

28. Determine uid of tomcat8.5 user:
$ id -u tomcat8.5

29. Using this number, create an ID file in /etc/authbind/byuid/:

  Change the <uid> to the number that was returned in the previous step.

$ sudo touch /etc/authbind/byuid/<uid>

sudo vi /etc/authbind/byuid/<uid>
30. Edit the file from the step above and paste in the following:
0.0.0.0/0:1,1023

31. Change owner and access permissions of /etc/authbind/byuid/<uid>:

https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 3/6
12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

$ sudo chown tomcat8.5:tomcat8.5 /etc/authbind/byuid/<uid>

$ sudo chmod 700 /etc/authbind/byuid/<uid>

32. Modify $CATALINA_HOME/bin/startup.sh to always use authbind:

sudo vi $CATALINA_HOME/bin/startup.sh
Comment the following in the file:
#exec "$PRGDIR"/"$EXECUTABLE" start "$@"
33. Add the following to the end of the file:
exec authbind --deep "$PRGDIR"/"$EXECUTABLE" start "$@"

34. In /etc/init.d, create tomcat8.5 file:

$ sudo touch /etc/init.d/tomcat8.5
35. Edit the file and enter the following contents:
$ sudo vi /etc/init.d/tomcat8.5

CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx

case $1 in
start)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/startup.sh
;;

stop)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/shutdown.sh
;;

restart)
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/shutdown.sh
/bin/su -p -s /bin/sh tomcat8.5 $CATALINA_HOME/bin/startup.sh
;;

esac
exit 0

36. Change access permissions of etc/init.d/tomcat8.5 and create symbolic links:

$ sudo chmod 755 /etc/init.d/tomcat8.5
$ sudo ln -s /etc/init.d/tomcat8.5 /etc/rc1.d/K99tomcat
$ sudo ln -s /etc/init.d/tomcat8.5 /etc/rc2.d/S99tomcat
37. Set up Tomcat as a service to start on boot. Build JSVC if it is not already installed on your
system. If it is already installed, skip and go to the next step:
$ sudo apt-get install gcc
38. Set up the Tomcat service on boot:
$ cd /usr/share/tomcat8.5/8.5.xx/bin/
$ sudo tar xvfz commons-daemon-native.tar.gz
$ cd commons-daemon-*-native-src/unix
$ sudo ./configure --with-java=$JAVA_HOME
$ sudo apt-get install make
$ sudo make
$ sudo cp jsvc ../..
39. Create the Tomcat service file:
sudo touch /etc/systemd/system/tomcat8.5.service

40. Open /etc/systemd/system/tomcat8.5.service in a text editor (as root):

sudo vi /etc/systemd/system/tomcat8.5.service

https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 4/6
12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

a. Paste the following in the Tomcat service file:

  In the example below, set values for -Xms and -Xmx to 75% of the available
OS memory (for example, 12GB for a 16GB RAM system). Refer to JVM Tuning
for additional information.

[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking
PIDFile=/var/run/tomcat.pid
Environment=CATALINA_PID=/var/run/tomcat.pid
Environment=JAVA_HOME=/usr/lib/jvm/jdk1.8.0_xxx
Environment=CATALINA_HOME=/usr/share/tomcat8.5/8.5.xx
Environment=CATALINA_BASE=/usr/share/tomcat8.5/8.5.xx
Environment=CATALINA_OPTS=

ExecStart=/usr/share/tomcat8.5/8.5.xx/bin/jsvc \
-Dcatalina.home=${CATALINA_HOME} \
-Dcatalina.base=${CATALINA_BASE} \
-Djava.awt.headless=true -Djava.net.preferIPv4Stack=tr
-XX:+UseG1GC -Dfile.encoding=UTF-8 \
-Djava.library.path=${CATALINA_BASE}/webapps/Thingworx/
-Xms=<75% of available OS memory> \
-Xmx=<75% of available OS memory> \
-cp ${CATALINA_HOME}/bin/commons-daemon.jar:${CATALINA_
-user tomcat8.5 \
-java-home ${JAVA_HOME} \
-pidfile /var/run/tomcat.pid \
-errfile ${CATALINA_HOME}/logs/catalina.out \
-outfile ${CATALINA_HOME}/logs/catalina.out \
$CATALINA_OPTS \
org.apache.catalina.startup.Bootstrap

[Install]
WantedBy=multi-user.target

b. If the Tomcat service doesn't automatically start after reboot and you receive following
error, on executing sudo systemctl enable tomcat8.5.service:
update-rc.d: error: tomcatx.x Default-Start contains no runlevels, aborting.
Then the following step is required:
Remove the tomcat8.5 file located at /etc/init.d and rerun following command:
sudo systemctl enable tomcat8.5.service

41. Create a new file in the tomcat /bin file named setenv.sh:
cd $CATALINA_HOME/bin
sudo touch setenv.sh
sudo vi setenv.sh
CATALINA_OPTS="$CATALINA_OPTS -Djava.library.path=/usr/share/tomcat8.5/8.5.xx/webapps/Th

42. In the location of the Tomcat installation, open CATALINA_HOME/conf/web.xml.

Replace the default error page (default is stacktrace) by adding the following into the
web.xml file. Place the following within the web-app tag (after the welcome-file-list
tag ). A well-configured web application will override this default in
CATALINA_HOME/webapps/APP_NAME/WEB-INF/web.xml so it won't cause problems.
<error-page><exception-type>java.lang.Throwable</exception-type><location>/error.jsp</lo

https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 5/6
12/24/21, 3:55 PM Install Java and Apache Tomcat (Ubuntu)

43. In the location of the Tomcat installation, open CATALINA_HOME/conf/server.xml.

Add the following inside the <Host> </Host> tags:
<Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showSe

44. Remove all the Tomcat webapps located in /<path_to_tomcat>/webapps/. Removing

these apps prevents unnecessary access to Tomcat, specifically in the context that would
allow users to view other users' cookies.
45. PTC strongly recommends the use of TLS when running ThingWorx. For detailed
instructions on setting up TLS, refer to this technical support article.
46. If your application requires a specific cipher suite, refer to the following documentation for
configuration information:
◦ https://www.jamf.com/jamf-nation/articles/384/configuring-supported-ciphers-for-
tomcat-https-connections
47. (OPTIONAL STEP) To increase the default cache settings that affect static file caching, add
the following line within the <context></context> tags in the
$CATALINA_HOME/conf/context.xml file:
<Resources cacheMaxSize="501200" cacheObjectMaxSize="2048" cacheTtl="60000"/>
Increasing this setting improves performance and avoids the following message in Tomcat:
WARNING: Unable to add the resource at [/Common/jquery/jquery-ui.js] to the cache becaus

48. H2 and Azure SQL: Go to Install ThingWorx.

49. PostgreSQL: Go to Install and Configure PostgreSQL.

Was this helpful?




https://support.ptc.com/help/thingworx_hc/thingworx_8_hc/en/index.html#page/ThingWorx/Help/Installation/Installation/install_java_and_apache_tomcat__ub… 6/6