Instructions for Installing Apache Tomcat 11.0.7 Together with Nginx and SSL on Debian 12
In this guide, we'll walk you through the process of deploying Apache Tomcat 11.0.7 with Nginx and SSL on Debian 12. This setup is ideal for production-grade environments that require SSL, uptime, and backend isolation.
Step 1: Choosing the Operating System
Start by choosing Debian 12 (64-bit) as your operating system. Debian 12 is a reliable, long-term support system that is compatible with OpenJDK 17+, systemd, firewalld, and UFW, and supports modern versions of Nginx and libraries required for TLS 1.3.
Step 2: Installing Tomcat
- Download the official Tomcat 11.0.7 binary from Apache's website.
- Install the Java Runtime Environment (JRE), preferably OpenJDK 17 or newer, compatible with Tomcat 11.
- Create a dedicated system user to run Tomcat for security isolation.
- Unpack and configure Tomcat under or with correct permissions.
- Configure for your application needs, disabling unnecessary connectors for security.
Step 3: Configuring Nginx as a Reverse Proxy
- Install Nginx using Debian's package manager ().
- Set up Nginx to listen on standard HTTPS port 443 and forward requests to Tomcat (usually on localhost port 8080).
- Use directives in Nginx to forward requests.
- Configure appropriate proxy headers (, etc.) in Nginx.
- Limit unnecessary HTTP methods and add security headers in Nginx for hardening.
Step 4: Setting up SSL/TLS on Nginx
- Obtain SSL certificates from a trusted CA (e.g., Let's Encrypt) or use enterprise certificates.
- Configure Nginx's SSL with strong protocols (TLS 1.2 or 1.3) and cipher suites.
- Use HTTP to HTTPS redirection to enforce secure connections.
- Enable OCSP stapling and HSTS for better security posture.
Step 5: System and Security Best Practices
- Use Debian 12’s latest updates and security patches.
- Run Tomcat and Nginx with least privilege users.
- Isolate Tomcat behind a firewall or container where possible.
- Monitor logs from both Nginx and Tomcat for anomalies.
- Keep both Tomcat and Nginx versions up to date to avoid vulnerabilities.
Step 6: Performance Optimizations
- Tune Tomcat thread pools and Nginx worker processes based on traffic.
- Use connection keep-alive and gzip compression in Nginx.
- Cache static content in Nginx to reduce Tomcat load.
Step 7: Creating the Instance
To deploy a clean server, go to https://our-website.host, log in, and follow the steps to create an instance and choose a server location.
Step 8: Accessing Tomcat
Access Tomcat from the browser to confirm everything is working.
By combining Tomcat with Nginx on Debian 12, you benefit from increased security, improved performance, better control, and ease of SSL configuration.
[1] For more detailed instructions, refer to the Shapehost guide on installing Apache Tomcat 11.0.7 with Nginx and SSL on Rocky Linux 9: https://shape.host/resources/category/operating-systems/rocky-linux
[2] Always keep an eye out for CVEs related to Tomcat and Nginx and patch accordingly to maintain advanced security. Avoid exposing Tomcat directly to the internet; always proxy via Nginx with SSL termination.
- To reduce the carbon footprint of your deployment, consider using a renewable-energy source for powering your servers, contributing to a greener energy industry.
- As your project grows, utilizing data-and-cloud-computing solutions can help manage complex energy consumption patterns in the finance sector, enabling greater energy efficiency.
- Harness the power of technology to continuously monitor and optimize the efficiency of your renewable-energy infrastructure, ensuring the longevity and profitability of your renewable-energy business.
