Setting up a Tomcat Container

Note. tomcat8 spits on 8080 by default, but you should also expose 8443 just in case you enable SSL on the Tomcat side (doing it on the reverse proxy might be enough).

Running the ubuntucustom container

Launch a contained based on the custom/ubuntu image,

docker ps -a | grep $app
docker run -d --name $app -h $app \
        -p 80XX:8080 -p 84XX:8443 \
        -v $volume:/$app \
        --cap-add=SYS_PTRACE \
docker ps -a | grep $app
docker logs $app
docker exec -ti $app bash
#docker exec -ti $app service tomcat8 start
#docker exec -ti $app ps aux

Note. change port 80XX & 84XX depending on what’s available (docker ps -a) e.g. 8001 & 8401 Note. --cap-add=SYS_PTRACE to make the [init script work] (

I am assuming those variables are already set, as custom/ubuntu image provides an already modified /etc/bash.bashrc,

    echo DEBIAN_FRONTEND=noninteractive
echo TERM=xterm

Installing Tomcat 8 on the custom/ubuntu container

apt -y install tomcat8 tomcat8-admin
dpkg -l | grep tomcat
dpkg -l | grep jdk

    cd ~/
    ln -s /var/lib/tomcat8/conf
    ln -s /var/lib/tomcat8/logs
    ln -s /var/lib/tomcat8/webapps
ln -s /tomcatprod

    cp -pi /var/lib/tomcat8/conf/tomcat-users.xml /var/lib/tomcat8/conf/tomcat-users.xml.dist
    vi /var/lib/tomcat8/conf/tomcat-users.xml

      <role rolename="manager-gui"/>
      <user username="tomcat" password="PASSWORD" roles="manager-gui"/>

echo "manager-gui: tomcat / PASSWORD" >> ~/README

Note. change PASSWORD accordingly.

    cd /var/lib/tomcat8/conf/
    cp -pi server.xml server.xml.dist
    grep autoDeploy server.xml
    grep unpackWARs server.xml

(Optional) Use Oracle Java instead of OpenJDK

    apt -y install software-properties-common apt-transport-https
    echo debconf shared/accepted-oracle-license-v1-1 select true | debconf-set-selections
    echo debconf shared/accepted-oracle-license-v1-1 seen true | debconf-set-selections
    echo '' | add-apt-repository ppa:webupd8team/java >/dev/null
    apt -y update
    apt -y install oracle-java8-installer
apt -y install oracle-java8-set-default

cd /etc/default/
cp -pi tomcat8 tomcat8.dist

vi tomcat8
#JAVA_OPTS="-Djava.awt.headless=true -Xmx128m -XX:+UseConcMarkSweepGC"
JAVA_OPTS="-Djava.awt.headless=true -Xms1g -Xmx3g -XX:+UseConcMarkSweepGC"

update-java-alternatives -s java-8-oracle
    #update-alternatives --config java
    ll /usr/bin/java
    ll /etc/alternatives/java

echo "export JAVA_HOME=/usr/lib/jvm/java-8-oracle" >> /etc/bash.bashrc
source /etc/bash.bashrc

Note. webupd8team/java provides Ubuntu only pkgs, no more Jessie repo available :-/

Ready to go

start the daemon (assuming the container was started with --cap-add=SYS_PTRACE),

service tomcat8 start

make sure it’s running the Java version you want (e.g. of you installed Oracle Java),

ps aux | grep java

check that the docker container listens on port 80XX, ON THE DOCKER HOST,

docker ps

check that the service responds with a web browser,


is everything’s fine? Eventually clean-up /var/log/tomcat8/ and possibly uneeded apps from webapps,

cd ~/webapps/
mkdir ~/.trash/
mv ROOT/ ~/.trash/

and backup the container as an image then, ON THE DOCKER HOST,

    docker commit -p tomcatprod tomcatprod.`date +%s`.ready

Setup tomcat-SSL

TODO (as long as it is served by a localhost reverse-proxy that provides ssl to the world, it’s not so absolutely mandatory to switch to https on the tomcat itself)

Reverse Proxy

You can now setup the reverse proxy to link to 80XX or 84XX (sslproxyengine) if you’ve already setup tomcat-SSL. See Setting up a Reverse Proxy with Apache


Prevent the stupid WARNINGs about non existent folders,

cd ~/conf/
mv -p
chown root:tomcat8


Operating a Tomcat Container