Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Chapter 2. Installing JBoss Web Server on Red Hat Enterprise Linux from archive files

You can install JBoss Web Server on Red Hat Enterprise Linux (RHEL) from archive files or RPM packages. If you want to install JBoss Web Server from archive files, you can download and extract the JBoss Web Server archive files from the Red Hat Customer Portal.

When you install JBoss Web Server from an archive file, you can manage the product in different ways. For example, you can use a system daemon at system startup or manage JBoss Web Server from a command line.

Note

You can install JBoss Web Server on RHEL versions 8, 9, and 10. Red Hat does not provide a distribution of JBoss Web Server 6.x for RHEL 7 systems.

2.1. Prerequisites
Copy link

  • You have installed a supported Java Development Kit (JDK) by using the DNF package manager or from a compressed archive.
  • Your system is compliant with Red Hat Enterprise Linux package requirements.

You can use the DNF package manager to install a Java Development Kit (JDK). For a full list of supported JDKs, see JBoss Web Server operating systems and configurations.

Note

This procedure describes how to install OpenJDK. If you want to install the Oracle JDK, see the Oracle documentation for more information.

Procedure

  1. Subscribe your Red Hat Enterprise Linux system to the appropriate channel:

    • rhel-8-for-x86_64-appstream-rpms
    • rhel-9-for-x86_64-appstream-rpms
    • rhel-10-for-x86_64-appstream-rpms

  2. To install a supported JDK version, enter the following command as the root user: 

    # dnf install java-<version>-openjdk-headless
    Copy to Clipboard Toggle word wrap

    In the preceding command, replace java-<version> with java-11, java-17, or java-21.

    Note

    JBoss Web Server 6.x does not support OpenJDK 8.

  3. To ensure the correct JDK is in use, enter the following command as the root user: 

    # alternatives --config java
    Copy to Clipboard Toggle word wrap

    The preceding command returns a list of available JDK versions with the selected version marked with a plus (+) sign. If the selected JDK is not the desired one, change to the desired JDK as instructed in the shell prompt.

    Important

    All software that uses the java command uses the JDK set by alternatives. Changing Java alternatives might impact on the running of other software.

2.1.2. Installing a JDK from a compressed archive
Copy link

You can install a Java Development Kit (JDK) from a compressed archive such as a .zip or .tar file. For a full list of supported JDKs, see JBoss Web Server operating systems and configurations.

Procedure

  1. If you downloaded the JDK from the vendor’s website (Oracle or OpenJDK), use the installation instructions provided by the vendor and set the JAVA_HOME environment variable.

  2. If you installed the JDK from a compressed archive, set the JAVA_HOME environment variable for Tomcat:

    1. In the bin directory of Tomcat (<JWS_HOME>/tomcat/bin), create a file named setenv.sh.

    2. In the setenv.sh file, enter the JAVA_HOME path definition. For example: 

      $ cat <JWS_HOME>/tomcat/bin/setenv.sh

export JAVA_HOME=/usr/lib/jvm/jre-<version>-openjdk.x86_64
      Copy to Clipboard Toggle word wrap

      In the preceding example, replace jre-<version> with jre-11, jre-17, or jre-21.

Before you install JBoss Web Server on Red Hat Enterprise Linux, you must ensure that your system is compliant with the following package requirements.

  • On Red Hat Enterprise Linux version 8, 9, or 10, if you want to use OpenSSL or Apache Portable Runtime (APR), you must install the openssl and apr packages that Red Hat Enterprise Linux provides.

    • To install the openssl package, enter the following command as the root user: 

      # dnf install openssl
      Copy to Clipboard Toggle word wrap

    • To install the apr package, enter the following command as the root user: 

      # dnf install apr
      Copy to Clipboard Toggle word wrap

A base release is the initial release of a specific product version (for example, 6.2.0 is the base release of version 6.2). You can download the JBoss Web Server archive files from the Software Downloads page on the Red Hat Customer Portal.

Prerequisites

Procedure

  1. Open a browser and log in to the Red Hat Customer Portal.
  2. Click the Downloads tab.
  3. From the Product Downloads list, select Red Hat JBoss Web Server.
  4. On the Software Downloads page, from the Version drop-down list, select the appropriate JBoss Web Server version.

  5. Click Download next to the Red Hat JBoss Web Server 6.2.0 Application Server file.

    The downloaded file is named jws-6.2.0-application-server.zip on your local host.

  6. If you also want to download the native JBoss Web Server components for your operating system, click Download next to the Red Hat JBoss Web Server 6.2.0 Optional Native Components for <platform> <architecture> file. In this situation, ensure that you select the correct file that matches the platform and architecture for your system.

    The downloaded file is named jws-6.2.0-optional-native-components-<platform>-<architecture>.zip (for example, jws-6.2.0-optional-native-components-RHEL8-x86_64.zip).

  7. Extract the downloaded archive files to your installation directory.

    For example: 

    # unzip jws-6.2.0-application-server.zip -d /opt/
# unzip -o jws-6.2.0-optional-native-compoonents-<platform>-<architecture>.zip -d /opt/
    Copy to Clipboard Toggle word wrap

    The top-level directory for JBoss Web Server is created when you extract the archive. This document refers to the top-level directory for JBoss Web Server as <JWS_HOME>.

If product patch updates are available for the appropriate JBoss Web Server version, you can install the archive files for the latest cumulative patches. You can download the JBoss Web Server archive files from the Software Downloads page on the Red Hat Customer Portal.

Important

You cannot use cumulative patch updates to install the base (X.X.0) release of a product version. For example, the installation of a 6.2.2 patch would install the 6.2.1 and 6.2.2 releases but cannot install the base 6.2.0 release.

Service pack releases are cumulative. By downloading the latest service pack release, you also install any previous service pack releases automatically.

Prerequisites

Procedure

  1. Open a browser and log in to the Red Hat Customer Portal.
  2. Click the Downloads tab.
  3. From the Product Downloads list, select Red Hat JBoss Web Server.
  4. On the Software Downloads page, from the Version drop-down list, select the appropriate JBoss Web Server version.
  5. Click the Patches tab.

  6. Click Download next to the latest Red Hat JBoss Web Server 6.2 Update XX Application Server file.

    The downloaded file is named jws-6.2.x-application-server.zip on your local host.

  7. If you also want to download the native JBoss Web Server components for your operating system, click Download next to the latest Red Hat JBoss Web Server 6.2 Update XX Optional Native Components for <platform> <architecture> file. In this situation, ensure that you select the correct file that matches the platform and architecture for your system.

    The downloaded file is named jws-6.2.x-optional-native-components-<platform>-<architecture>.zip (for example, jws-6.2.x-optional-native-components-RHEL8-x86_64.zip).

  8. Extract the downloaded archive files to your installation directory.

    For example: 

    # unzip jws-6.2.x-application-server.zip -d /opt/
# unzip -o jws-6.2.x-optional-native-compoonents-<platform>-<architecture>.zip -d /opt/
    Copy to Clipboard Toggle word wrap

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can use a system daemon to perform management tasks. Using the JBoss Web Server with a system daemon provides a method of starting the JBoss Web Server services at system startup. The system daemon also provides start, stop and status check functions.

On Red Hat Enterprise Linux versions 8, 9, and 10, the default system daemon is systemd.

Prerequisites

Procedure

  1. To set up the JBoss Web Server for systemd, run the .postinstall.systemd script as the root user: 

    # cd <JWS_HOME>/tomcat
# sh .postinstall.systemd
    Copy to Clipboard Toggle word wrap

  2. To control the JBoss Web Server with systemd, you can perform any of the following steps as the root user:

    • To enable the JBoss Web Server services to start at system startup by using systemd: 

      # systemctl enable jws6-tomcat.service
      Copy to Clipboard Toggle word wrap

    • To start the JBoss Web Server by using systemd: 

      # systemctl start jws6-tomcat.service
      Copy to Clipboard Toggle word wrap
      Note

      The SECURITY_MANAGER variable is now deprecated for JBoss Web Server configurations that are based on archive file installations. Consider the following deprecation comment: 

      # SECURITY_MANAGER has been deprecated. To run tomcat under the Java Security Manager use:
  JAVA_OPTS="-Djava.security.manager -Djava.security.policy==\"$CATALINA_BASE/conf/"catalina.policy\"""
      Copy to Clipboard Toggle word wrap

    • To stop the JBoss Web Server by using systemd: 

      # systemctl stop jws6-tomcat.service
      Copy to Clipboard Toggle word wrap

    • To verify the status of the JBoss Web Server by using systemd: 

      # systemctl status jws6-tomcat.service
      Copy to Clipboard Toggle word wrap
      Note

      Any user can run the status operation.

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can start and stop JBoss Web Server directly from the command line. Before you can run JBoss Web Server from the command line, you must perform the following series of configuration tasks:

  • Set the JAVA_HOME environment variable for Tomcat.
  • Create a tomcat user and its parent group.
  • Grant the tomcat user access to JBoss Web Server.
Note

When you manage JBoss Web Server by using a system daemon rather than from the command line, the .postinstall.systemd script performs these configuration steps automatically.

When managing JBoss Web Server from the command line, before you run JBoss Web Server for the first time, you must set the JAVA_HOME environment variable for Apache Tomcat.

Note

If you prefer to manage JBoss Web Server by using a system daemon rather than from the command line, the .postinstall.systemd script performs this configuration task automatically.

Prerequisites

Procedure

  1. On a command line, go to the <JWS_HOME>/tomcat/bin directory.
  2. Create a file named setenv.sh.

  3. In the setenv.sh file, enter the JAVA_HOME path definition.

    For example: 

    export JAVA_HOME=/usr/lib/jvm/jre-11-openjdk.x86_64
    Copy to Clipboard Toggle word wrap

2.5.2. Creating a Tomcat user and group
Copy link

When managing JBoss Web Server from the command line, before you run JBoss Web Server for the first time, you must create a tomcat user account and user group to enable simple and secure user management. On Red Hat Enterprise Linux, the user identifer (UID) for the tomcat user and the group identifier (GID) for the tomcat group both have a reserved value of 53.

Note

You must perform all steps in this procedure as the root user.

If you prefer to manage JBoss Web Server by using a system daemon rather than from the command line, the .postinstall.systemd script performs this configuration task automatically.

Prerequisites

Procedure

  1. On a command line, go to the <JWS_HOME> directory.

  2. Create the tomcat user group: 

    # groupadd -g 53 -r tomcat
    Copy to Clipboard Toggle word wrap

  3. Create the tomcat user in the tomcat user group: 

    # useradd -c "tomcat" -u 53 -g tomcat -s /sbin/nologin -r tomcat
    Copy to Clipboard Toggle word wrap

Result

The preceding commands set both the UID and the GID to 53. If you subsequently want to change the UID and GID values, see Changing the UID and GID for the tomcat user and group.

When managing JBoss Web Server from the command line, before you run JBoss Web Server for the first time, you must grant the tomcat user access to JBoss Web Server by assigning ownership of the Tomcat directories to the tomcat user.

Note

You must perform all steps in this procedure as the root user.

If you prefer to manage JBoss Web Server by using a system daemon rather than from the command line, the .postinstall.systemd script performs this configuration task automatically.

Prerequisites

Procedure

  1. Go to the <JWS_HOME> directory.

  2. Assign ownership of the Tomcat directories to the tomcat user: 

    # chown -R tomcat:tomcat tomcat/
    Copy to Clipboard Toggle word wrap

  3. Ensure that the tomcat user has execute permissions for all parent directories: 

    # chmod -R u+X tomcat/
    Copy to Clipboard Toggle word wrap

Verification

  • Verify that the tomcat user is the owner of the directory: 

    # ls -l
    Copy to Clipboard Toggle word wrap

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can start JBoss Web Server directly from the command line.

Prerequisites

Procedure

  • Enter the following command as the tomcat user: 

    $ sh <JWS_HOME>/tomcat/bin/startup.sh
    Copy to Clipboard Toggle word wrap

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can stop JBoss Web Server directly from the command line.

Prerequisites

Procedure

  • Enter the following command as the tomcat user: 

    $ sh <JWS_HOME>/tomcat/bin/shutdown.sh
    Copy to Clipboard Toggle word wrap

2.8. SELinux policies for JBoss Web Server
Copy link

You can use Security-Enhanced Linux (SELinux) policies to define access controls for JBoss Web Server. These policies are a set of rules that determine access rights to the product.

2.8.1. SELinux policy information for jws6-tomcat
Copy link

The SELinux security model is enforced by the kernel and ensures that applications have limited access to resources such as file system locations and ports. SELinux policies ensure that any errant processes that are compromised or poorly configured are restricted or prevented from running.

The jws6-tomcat-selinux packages in your JBoss Web Server installation provide a jws6_tomcat policy. The following table contains information about the supplied SELinux policy.

Expand
Table 2.1. RPMs and default SELinux policies
NamePort InformationPolicy Information

jws6_tomcat

Four ports in http_port_t (TCP ports 8080, 8005, 8009, and 8443) to allow the tomcat process to use them

The jws6_tomcat policy is installed, which sets the appropriate SELinux domain for the process when Tomcat executes. It also sets the appropriate contexts to allow Tomcat to write to the following directories:

  • /var/opt/rh/jws6/lib/tomcat
  • /var/opt/rh/jws6/log/tomcat
  • /var/opt/rh/jws6/cache/tomcat
  • /var/opt/rh/jws6/run/tomcat.pid

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, be aware of some additional considerations around the use or lack of use of SELinux policies.

Consider the following information:

  • By default, the SElinux policy that JBoss Web Server provides is not active and the Tomcat processes run in the unconfined_java_t domain. This domain does not confine the processes.

  • If you choose not to enable the SELinux policy that is provided, you can take the following security measures:

    • Restrict file access for the tomcat user, so that the tomcat user only has access to the files and directories that are necessary for the JBoss Web Server runtime.
    • Do not run Tomcat as the root user.
  • When JBoss Web Server is installed from an archive file, Red Hat does not officially support the use of network file sharing (NFS). If you want your JBoss Web Server installation to use an NFS-mounted file system, you are responsible for ensuring that SELinux policies are modified correctly to support this type of deployment.

In this release, the archive packages provide SELinux policies. The tomcat folder of the jws-6.2.0-application-server-<platform>-<architecture>.zip archive includes the .postinstall.selinux file. If required, you can run the .postinstall.selinux script.

Procedure

  1. Install the selinux-policy-devel package: 

    dnf install -y selinux-policy-devel
    Copy to Clipboard Toggle word wrap

  2. Run the .postinstall.selinux script: 

    cd <JWS_HOME>/tomcat/
sh .postinstall.selinux
    Copy to Clipboard Toggle word wrap

  3. Add access permissions to the required ports for JBoss Web Server: 

    semanage port -a -t http_port_t -p tcp <port>
    Copy to Clipboard Toggle word wrap

    JBoss Web Server has access to ports 8080, 8009, 8443 and 8005 on Red Hat Enterprise Linux systems. When additional ports are required for JBoss Web Server, use the preceding semanage command to provide the necessary permissions, and replace <port> with the required port.

  4. Start Tomcat: 

    <JWS_HOME>/tomcat/bin/startup.sh
    Copy to Clipboard Toggle word wrap

  5. Check the context of the running process expecting jws6_tomcat: 

    ps -eo pid,user,label,args | grep jws6_tomcat | head -n1
    Copy to Clipboard Toggle word wrap

  6. Verify the contexts of the Tomcat directories.

    For example: 

    ls -lZ <JWS_HOME>/tomcat/logs/
    Copy to Clipboard Toggle word wrap

On Red Hat Enterprise Linux, the user identifer (UID) for the tomcat user and the group identifier (GID) for the tomcat group both have a reserved value of 53. Depending on your setup requirements, you can change the UID and GID for the tomcat user and group to some other value.

Warning

To avoid SELinux conflicts, use UID and GID values that are less than 500. If SELinux is set to enforcing mode, UID and GID values greater than 500 might cause unexpected issues.

Prerequisites

Procedure

  1. If JBoss Web Server is already running, stop JBoss Web Server as the tomcat user. For more information, see Stopping JBoss Web Server from the command line when installed from an archive file.

  2. To view the current UID and GID for the tomcat user and group, enter the following command as the root user: 

    id tomcat
    Copy to Clipboard Toggle word wrap

    The preceding command displays the user account and group details. For example: 

    uid=53(tomcat) gid=53(tomcat) groups=53(tomcat)
    Copy to Clipboard Toggle word wrap

  3. To assign a new GID to the tomcat group, enter the following command as the root user: 

    groupmod -g <new_gid> tomcat
    Copy to Clipboard Toggle word wrap

    For example: 

    groupmod -g 410 tomcat
    Copy to Clipboard Toggle word wrap

  4. To assign a new UID to the tomcat user, enter the following command as the root user: 

    usermod -u <new_uid> -g <new_gid> tomcat
    Copy to Clipboard Toggle word wrap

    For example: 

    usermod -u 401 -g 410 tomcat
    Copy to Clipboard Toggle word wrap

  5. To reassign file and directory permissions to the new UID, enter the following command as the root user: 

    # find / -not -path '/proc*' -uid <original_uid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' <new_uid>
    Copy to Clipboard Toggle word wrap

    In the preceding command, replace <original_uid> with the old UID and replace <new_uid> with the new UID. For example, to reassign file and directory permissions from UID 53 to UID 401, enter the following command: 

    # find / -not -path '/proc*' -uid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown($ug,-1,$fn);chmod($m,$fn)}' 401
    Copy to Clipboard Toggle word wrap

  6. To reassign file and directory permissions to the new GID, enter the following command as the root user: 

    # find / -not -path '/proc*' -gid <original_gid> | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' <new_gid>
    Copy to Clipboard Toggle word wrap

    In the preceding command, replace <original_gid> with the old GID and replace <new_gid> with the new GID. For example, to reassign file and directory permissions from GID 53 to GID 410, enter the following command: 

    # find / -not -path '/proc*' -gid 53 | perl -e '$ug = @ARGV[0]; foreach $fn (<STDIN>) { chomp($fn);$m = (stat($fn))[2];chown(-1,$ug,$fn);chmod($m,$fn)}' 410
    Copy to Clipboard Toggle word wrap
  7. To restart JBoss Web Server as the tomcat user, see Starting JBoss Web Server from the command line when installed from an archive file.

When you install JBoss Web Server from an archive file on Red Hat Enterprise Linux, you can subsequently uninstall JBoss Web Server by using the <JWS_HOME>/tomcat/.uninstall-jws script.

The .uninstall-jws script always attempts to perform certain tasks such as stopping the service, removing service files, removing the jws6-tomcat.conf file, and removing the SELinux module. This script also provides various options that you can use to instruct it to perform additional actions. These additional actions include deleting the <JWS_HOME> directory, deleting the tomcat user and group, stopping any remaining processes for the tomcat user, and removing the /etc/sysconfig/jws6-tomcat directory.

The usage string for the .uninstall-jws script is as follows: 

sudo ./.uninstall-jws [--yes] [--purge] [--purge-user] [--kill-user-procs] [--remove-sysconfig]
Copy to Clipboard Toggle word wrap
Note

The .uninstall-jws script is only available for use with archive file distributions on Red Hat Enterprise Linux. Use of this script requires sudo privileges.

If you have chosen to manage your JBoss Web Server installation from the command line instead of running the .postinstall/systemd script, you can still use the .uninstall-jws script. In this situation, the .uninstall-jws script can remove those parts of the installation that match the .postinstall/systemd default setup. However, the uninstallation script will skip removal of any parts of the installation that differ from the default setup.

Prerequisites

Procedure

  1. On the command line, go to the <JWS_HOME>/tomcat directory. 

    $ cd <JWS_HOME>/tomcat
    Copy to Clipboard Toggle word wrap

  2. Run the .uninstall-jws script and specify the relevant options for any additional tasks that you want it to perform: 

    $ sudo ./.uninstall-jws <options>
    Copy to Clipboard Toggle word wrap

    Consider the following guidelines:

    • If you run the .uninstall-jws script without specifying any options, it attempts to perform certain basic tasks only. These tasks include stopping the service (if found), removing service files (if found), removing the jws6-tomcat.conf file (if found), and removing the SELinux module (if found).
    • To disable confirmation prompts, specify the --yes option. This means the script does not prompt you for your approval before performing any destructive operations, such as deleting the <JWS_HOME> directory or the tomcat user and group.

    • To delete the <JWS_HOME> directory, specify the --purge option.

      Note

      Unless you also specify the --yes option, the script prompts you to confirm your approval before it performs this type of destructive operation.

    • To delete the tomcat user and group, specify the --purge-user option.

      Note

      Unless you also specify the --yes option, the script prompts you to confirm your approval before it performs this type of destructive operation.

    • To stop any remaining processes for the tomcat user before user removal, specify the --kill-user-procs option.

      Note

      This action requires that you also specify the --purge-user option.

    • To remove the /etc/sysconfig/jws6-tomcat directory (if present), specify the --remove-sysconfig option.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top