tomcat
Tomcat Overview
Secure your stack with a hardened Tomcat image freshly-built by Minimus. Minimus images always include the most up-to-date package version for all packages and dependencies contained in the image.
Use the Tomcat container built by Minimus when you need a lightweight Java application server to serve Java web applications. Apache Tomcat runs a Java virtual machine (JVM) and supports servlets, JavaServer Pages (JSP), and WebSockets.
Try It Out
Take the Minimus Tomcat image for a test run. The following command will start the Tomcat container:
docker run -it --rm \
-p 8080:8080 \
reg.mini.dev/tomcatYou should get a response similar to this:
...
Starting Servlet engine: [Apache Tomcat/11.0.7]
...
Server startup in [188] millisecondsReady to try out a Tomcat webserver?
In the next example, we will use Docker Compose to set up a Tomcat webserver using the Minimus Tomcat image and serve a simple webpage indicating that the server is up.
Save the following code to a new file compose.yaml in your project directory:
services:
tomcat:
image: reg.mini.dev/tomcat:latest
container_name: my-tomcat
ports:
- "8080:8080"
volumes:
- ./webapp:/usr/local/tomcat/webapps/ROOT
- ./conf/server.xml:/usr/local/tomcat/conf/server.xml
environment:
- CATALINA_OPTS=-Dfile.encoding=UTF-8
restart: unless-stoppedIn the same project directory, add the following files:
- Download the sample
server.xmlfile and place it under the directory:conf. - Download the sample
index.htmlfile and place it under the directory:webapp.
Your project directory should now look like this:
├── compose.yaml
├── conf
│ └── server.xml
└── webapp
└── index.htmlRun the Tomcat server from your project directory:
docker compose up -dVisit http://localhost:8080 to view the landing page.
Once ready to clean up, run the following command to remove the container and its associated volumes:
docker compose down -vTechnical Considerations
The Tomcat image provided by Minimus is a slim, security-hardened alternative to the public image from Docker Hub. The images are largely interchangeable, with a few differences as noted below.
Tomcat built by Minimus:
- Runs as non-root by default for a security-first approach that protects against privilege escalation attacks. The public image runs as root.
- Drill down on the version specification tab to see the default user, listening ports, entrypoint, volumes, environment variables, etc.
The Payoff
A hardened, minimal image that will remain more secure for the long run and accrue vulnerabilities at a slower rate.
- See the risk reduction dashboard for a detailed CVE comparison over the past 30 days.
- Review the compliance report to see the default hardening and security configurations for the image.
Terms & Info
Trademark
This catalog is published by Minimus. All product names, logos, and marks, other than those belonging to Minimus, shown are owned by their respective rights holders and appear here only to identify the open source software each image contains. Minimus claims no ownership of those marks and implies no affiliation with, endorsement by, certification by, or sponsorship by any rights holder.
Disclaimer
Images are provided "as-is" without warranty of any kind. "Hardened" refers to the security configuration applied at the time of build and does not constitute a guarantee of ongoing security or absence of vulnerabilities. The free tier is provided without support, SLA, or guaranteed patching timelines. Security updates may be applied to paid subscriptions before or instead of free tier images. By pulling or using any image you agree to our Terms of Use.