Applicable Product:

Peoplefluent Learning

Applicable Release:

All

Summary:

Apache Tomcat is one of the most widely used open-source Java Servlet containers and web servers. While it is lightweight and relatively easy to set up, ongoing maintenance is essential to ensure optimal performance, security, and reliability. This article covers basic maintenance practices for Apache Tomcat that system administrators and developers should regularly perform.

Detailed Information:

Maintaining Apache Tomcat doesn't require advanced expertise but does demand regular attention. With a structured maintenance routine—covering updates, monitoring, security, and backups—you can ensure Tomcat runs securely and efficiently. Incorporating automation tools will also reduce manual workload and enhance consistency across environments.

1. Keep Tomcat Updated

Why:

Security patches and performance improvements are regularly released. Running an outdated version exposes your system to vulnerabilities.

How:

• Monitor the official Tomcat website for new releases.
• Check your current version using:

  $CATALINA_HOME/bin/version.sh
  

• Follow upgrade instructions provided by Tomcat. Ensure compatibility with your deployed applications.

2. Regular Log Review

Why:

Logs help identify issues such as memory leaks, failed deployments, or unauthorized access attempts.

What to Monitor:

• $CATALINA_HOME/logs/catalina.out
• $CATALINA_HOME/logs/localhost.*.log
• $CATALINA_HOME/logs/manager.*.log

Best Practices:

• Set up log rotation using tools like logrotate to manage disk space.
• Implement a centralized logging system for large environments (e.g., ELK Stack or Splunk).

3. Monitor Resource Usage

Key Metrics:

• CPU and Memory: Use top, htop, or jstat.
• Thread Usage: Monitor using Tomcat Manager or JMX.
• Garbage Collection (GC): Use tools like VisualVM or Java Mission Control.

Automation:

Set up monitoring tools like Prometheus with Grafana or Zabbix for real-time insights.

4. Configure Connection and Thread Pool Limits

Proper configuration of thread and connection pools can prevent bottlenecks and crashes under load.

Edit the server.xml:

<Connector port="8080"
           maxThreads="200"
           minSpareThreads="25"
           maxConnections="10000"
           connectionTimeout="20000"
           ...
/>

Adjust these values based on your traffic and hardware.

5. Secure Tomcat Configuration

Key Steps:

• Remove default applications (examples, docs, host-manager) from the webapps directory.
• Change default usernames/passwords in tomcat-users.xml.
• Disable directory listing in web.xml.
• Use HTTPS with a proper SSL certificate.
• Set secure file permissions for configuration files.

6. Backup and Disaster Recovery

Recommendations:

• Regularly back up:
  • Configuration files (server.xml, web.xml, context.xml)
  • Deployed WAR files and applications
• Automate backups with cron jobs or backup tools.
• Store backups offsite or in the cloud when possible.

7. Manage Application Deployments

Avoid hot deployment in production unless necessary. Instead:

• Use scripted deployments for consistency.
• Deploy during low-traffic periods.
• Test on staging servers before production rollouts.

8. Clean Up Old Applications and Logs

Over time, unused web applications and excessive logs can consume disk space.

Steps:

• Regularly audit and remove outdated WARs or folders in webapps/.
• Use a cleanup policy for logs (e.g., delete logs older than 30 days).