How to Optimize Tomcat for Production: JVM, Connector, and Security Settings

Introduction

Tomcat is an open‑source lightweight web application server widely used for development and debugging of Servlet/JSP programs. Its default parameters are tuned for development, not production, so memory and thread settings are often too low and become performance bottlenecks.

JVM Optimization

The Java memory model consists of the Young generation (Eden plus two equal‑sized Survivor spaces), the Tenured generation for long‑lived objects, and the Permanent generation (PermGen) that stores class metadata. Minor GC moves surviving objects between Survivor spaces, and after several collections they are promoted to Tenured. PermGen can cause OutOfMemoryError during frequent redeployments.

Edit Configuration Files

Modify bin/catalina.sh to set environment variables: JAVA_HOME, CATALINA_HOME, CATALINA_OPTS, and CATALINA_PID. Adjust shutdown.sh to replace the default stop command with stop 10 -force for forced termination.

JVM Options for Different Memory Sizes

Example JAVA_OPTS for an 8 GB server:

-Dfile.encoding=UTF-8 -server -Xms6144m -Xmx6144m -XX:NewSize=1024m -XX:MaxNewSize=2048m -XX:PermSize=512m -XX:MaxPermSize=512m -XX:MaxTenuringThreshold=10 -XX:NewRatio=2 -XX:+DisableExplicitGC

. For 16 GB and 32 GB servers, increase -Xms, -Xmx, -XX:NewSize, and -XX:PermSize accordingly. Development machines can use smaller values such as -Xms550m -Xmx1250m -XX:PermSize=550m -XX:MaxPermSize=1250m. Each flag controls initial and maximum heap size, new generation size, permanent generation size, tenuring threshold, and disables explicit GC calls.

Disable 8005 Shutdown Port

Change the default server entry from <Server port="8005" shutdown="SHUTDOWN"> to <Server port="-1" shutdown="SHUTDOWN"> to disable the remote shutdown function.

Application Security & Disable Auto‑Deployment

Set the <Host> element to unpackWARs="false" autoDeploy="false" reloadable="false" to prevent automatic unpacking and deployment of WAR files.

Increase Thread Pool

Replace the default executor configuration with higher limits:

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="500" minSpareThreads="100" maxIdleTime="60000" prestartminSpareThreads="true" maxQueueSize="100" />

. This raises the maximum concurrent threads and improves request handling capacity.

Connector Parameter Optimization

Switch to the NIO protocol: protocol="org.apache.coyote.http11.Http11NioProtocol". Set larger values for connectionTimeout (40000 ms), maxConnections (10000), enable GZIP compression, disable DNS lookups, increase maxPostSize to 10485760, raise acceptCount to 100, and adjust maxHttpHeaderSize to 8192. Additional parameters such as acceptorThreadCount, tcpNoDelay, and server hide version information.

Disable AJP

If Apache is not used, comment out the AJP connector line

<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

.

Hide or Modify Tomcat Version

Unzip catalina.jar, edit org/apache/catalina/util/ServerInfo.properties, and change or remove entries such as server.info, server.number, and server.built to conceal version details.

Remove Default Manager Application

Delete all files under /usr/local/apache-tomcat-8.5.16/webapps/* and remove /usr/local/apache-tomcat-8.5.16/conf/tomcat-users.xml to eliminate the default manager UI.