Set up Apache as a Proxy to Tomcat

45 minutes
  • 6 Learning Objectives

About this Hands-on Lab

Welcome to this hands-on lab for setting up an Apache web server as a proxy front end to Tomcat, a Java-based application platform built around deploying and managing Java Web Applications.

The provided server is running Red Hat Enterprise 8. Tomcat 9 is pre-installed and available for you on port **8080** at the server’s public IP address. You will be tasked with making Tomcat available on port **80** via the Apache httpd server.

Once you have completed the task you will need to test, to ensure you can connect via port **80** and access the Tomcat GUI.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Test to Ensure You Can Access the Preconfigured Tomcat Instance by Using the Server’s Public IP Address and Port 8080

It may take from 3 to 10 minutes after the hands-on lab has started before you can access the Tomcat server on port 8080.

To access the server, copy the external IP address (from the hands-on lab overview page) and test in your browser by using this IP address and appending :8080 to it.

For example, if the IP address shown was then you would put the following URL into your web browser:

You should be able to see the GUI.

Install the Apache Web Server onto the Provided Lab Server

Log into the server’s console and install the Apache web server:

sudo dnf install httpd

sudo systemctl enable httpd

sudo systemctl start httpd

Go to a browser and test that the Apache web server is working. You should see the default Apache web page.

Configure the Apache Web Server, via Virtual Host Setup, as a Proxy to the Tomcat Instance

Create a virtual host entry inside an Apache configuration file. This file should be called tomcat_manager.conf:

sudo vim /etc/httpd/conf.d/tomcat_manager.conf

You can use the following as an example of what needs to be inside this configuration file:

<VirtualHost *:80>
    ServerAdmin root@localhost
    DefaultType text/html
    ProxyRequests on
    ProxyPreserveHost On
    ProxyPass / http://localhost:8080/
    ProxyPassReverse / http://localhost:8080/
Either Disable or Change SELinux so That the Proxy Will Work

SELinux is enabled on the hands-on lab server. You can choose to disable it or adjust it so it will allow the Apache web server to act as a proxy.

To disable SELinux you would do the following:

sudo setenforce permissive 

Then edit the SELinux configuration file to make the server permissive:

sudo vim /etc/selinux/config 

Once in the editor, change this line:


Make it permissive, instead of enforcing:


Then save the file.

If you wish to keep SELinux enabled and allow it to permit the Apache web server to work as a proxy, you would run the following commands:

sudo setsebool -P httpd_can_network_connect 1

sudo setsebool -P httpd_can_network_relay 1

sudo setsebool -P httpd_graceful_shutdown 1

sudo setsebool -P nis_enabled 1  
Restart the Apache Web Server and Look for Errors

Restart the Apache web server and check for errors:

systemctl restart httpd

If there are errors and Apache does not start, then troubleshoot those errors.

Test You Can Access Tomcat via Port 80

You should be able to see the Tomcat GUI being served out on port 80.

If this does not work, or there is an error, troubleshoot the installation.

Additional Resources

Your manager is interested in using a front end to connect to an internal Tomcat instance. They would like you to test if this is possible by installing an Apache web server as a proxy in front of a Tomcat instance.

The Tomcat server and its GUI are currently being delivered on port 8080. You are tasked with installing the Apache web server to act as a proxy, so that it can deliver the Tomcat GUI on port 80 instead. This is a proof of concept, so in this case the web server and the Tomcat instance will both be on the same server.

To do this you will need to perform the tasks in this lab.

A successful hands-on lab will have you able to see the login prompt for the Host Manager being served on port 80.

Logging In

Use the credentials provided on the hands-on lab overview page, and log in to the provided server as cloud_user. Note that this is for connecting to the server, not the Tomcat GUI.

Note: It may take 3 to 10 minutes after the hands-on lab has started before you are able to log into the server. This is fine and will not affect the performance of the tasks for the hands-on lab.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?