Instructions for setting up Apache Tomcat 11.0.7 in combination with Nginx and SSL on Rocky Linux 9
In this article, we'll guide you through setting up a modern, secure, and scalable environment for Java web applications by deploying Apache Tomcat 11.0.7 with Nginx and SSL on Rocky Linux 9.
Operating System Setup (Rocky Linux 9)
Start by using Rocky Linux 9 as the stable, enterprise-grade operating system. Ensure the system is up-to-date with the latest security patches. Install required dependencies, including OpenJDK (version compatible with Tomcat 11) and utilities like , , etc.
Apache Tomcat 11.0.7 Deployment
Install Apache Tomcat 11.0.7 as the Java servlet container. Configure Java options and memory parameters suitable for your application demand. Set up Tomcat to run as a service for better process management. Enable Tomcat clustering if your setup requires session replication for scalability, ensuring cluster traffic is secured via a trusted network like VPN or private LAN to prevent security risks.
Nginx as a Reverse Proxy
Configure Nginx to proxy incoming HTTPS traffic to the backend Tomcat server running on a non-standard port (e.g., 8080). Set up Nginx to listen on port 443 for SSL connections and redirect all HTTP (port 80) requests to HTTPS to enforce encryption. Use Nginx's buffering and connection management to improve throughput and handle concurrent connections efficiently.
SSL Configuration
Obtain an SSL/TLS certificate from a trusted Certificate Authority (CA) or use a free option like Let's Encrypt. Generate private keys and CSRs on Rocky Linux, securely store private keys. Configure Nginx with SSL certificates to enable HTTPS, including recommended strong protocols (TLS 1.2 or above) and cipher suites to maximize security. Apply HTTP Strict Transport Security (HSTS) headers in Nginx to force browsers to use HTTPS and improve security.
Security Hardening
Run Tomcat behind Nginx without exposing Tomcat ports directly to the internet. Use firewalls (e.g., or ) on Rocky Linux to restrict access to Tomcat ports. Keep all components updated; monitor published CVEs such as Apache Tomcat integer overflow or DoS vulnerabilities. Disable unnecessary Tomcat services and connectors. Consider integrating monitoring and SNMP for health checks.
Scalability and High Availability
Deploy multiple Tomcat instances behind Nginx with load balancing configuration. Use Tomcat clustering for session replication via secure trusted network setups like VPN or private LAN. Employ auto-scaling and container orchestration (e.g., Kubernetes) if desired for further scalability.
Common Use Cases
Common use cases for Apache Tomcat include hosting Spring Boot or Jakarta EE-based web apps, running admin panels or dashboards in Java, deploying APIs behind HTTPS reverse proxy, and serving enterprise SaaS with role-based access.
Conclusion
By following this best practice setup, you can run Tomcat 11.0.7 on Rocky Linux 9 with Nginx as a reverse proxy managing SSL termination, enforcing HTTPS and security headers, plus ensuring session replication and clustering over secure networks for scalability. Firewall rules, regular patching, and security monitoring are key for maintaining a secure environment.
To proceed with the setup, click Create Instance at ourwebsite.host, log in, click "Create", choose "Instance", select your desired server location, choose Rocky Linux 9 (64-bit) as the operating system, and pick a plan with at least 2 CPUs, 4 GB RAM, and 20 GB SSD. The instance's IP address can be found under the "Resources" section.
Happy deploying!
In the realm of business and industry, this guide demonstrates how to set up a modern, secure, and scalable environment for Java web applications, leveraging data-and-cloud-computing technology and integrating finance aspects such as secure SSL connections. This involves deploying Apache Tomcat 11.0.7 on Rocky Linux 9, using technology like Nginx as a reverse proxy, and employing cloud computing for scalability and high availability.
To ensure the finance sector's data remains secure, it's vital to employ strategies like running Tomcat behind Nginx, restricting access with firewalls, keeping all components updated, and monitoring published security vulnerabilities. Furthermore, implementing technologies like SSL/TLS certificates for encryption and HTTP Strict Transport Security (HSTS) headers enhances the security of financial transactions and applications.
