How to Optimize Tomcat for Production: JVM, Connector, and Security Settings

Introduction

Tomcat is an open‑source lightweight web application server widely used for development and debugging of Servlet/JSP programs. Its default parameters are tuned for development, not production, so memory and thread settings are often too low and become performance bottlenecks.

JVM Optimization

The Java memory model consists of the Young generation (Eden plus two equal‑sized Survivor spaces), the Tenured generation for long‑lived objects, and the Permanent generation (PermGen) that stores class metadata. Minor GC moves surviving objects between Survivor spaces, and after several collections they are promoted to Tenured. PermGen can cause OutOfMemoryError during frequent redeployments.

Edit Configuration Files

Modify

bin/catalina.sh

to set environment variables:

JAVA_HOME

,

CATALINA_HOME

,

CATALINA_OPTS

, and

CATALINA_PID

. Adjust

shutdown.sh

to replace the default stop command with

stop 10 -force

for forced termination.

JVM Options for Different Memory Sizes

Example

JAVA_OPTS

for an 8 GB server:

-Dfile.encoding=UTF-8 -server -Xms6144m -Xmx6144m -XX:NewSize=1024m -XX:MaxNewSize=2048m -XX:PermSize=512m -XX:MaxPermSize=512m -XX:MaxTenuringThreshold=10 -XX:NewRatio=2 -XX:+DisableExplicitGC

. For 16 GB and 32 GB servers, increase

-Xms

,

-Xmx

,

-XX:NewSize

, and

-XX:PermSize

accordingly. Development machines can use smaller values such as

-Xms550m -Xmx1250m -XX:PermSize=550m -XX:MaxPermSize=1250m

. Each flag controls initial and maximum heap size, new generation size, permanent generation size, tenuring threshold, and disables explicit GC calls.

Disable 8005 Shutdown Port

Change the default server entry from

<Server port="8005" shutdown="SHUTDOWN">

to

<Server port="-1" shutdown="SHUTDOWN">

to disable the remote shutdown function.

Application Security & Disable Auto‑Deployment

Set the

<Host>

element to

unpackWARs="false" autoDeploy="false" reloadable="false"

to prevent automatic unpacking and deployment of WAR files.

Increase Thread Pool

Replace the default executor configuration with higher limits:

<Executor name="tomcatThreadPool" namePrefix="catalina-exec-" maxThreads="500" minSpareThreads="100" maxIdleTime="60000" prestartminSpareThreads="true" maxQueueSize="100" />

. This raises the maximum concurrent threads and improves request handling capacity.

Connector Parameter Optimization

Switch to the NIO protocol:

protocol="org.apache.coyote.http11.Http11NioProtocol"

. Set larger values for

connectionTimeout

(40000 ms),

maxConnections

(10000), enable GZIP compression, disable DNS lookups, increase

maxPostSize

to 10485760, raise

acceptCount

to 100, and adjust

maxHttpHeaderSize

to 8192. Additional parameters such as

acceptorThreadCount

,

tcpNoDelay

, and

server

hide version information.

Disable AJP

If Apache is not used, comment out the AJP connector line

<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

.

Hide or Modify Tomcat Version

Unzip

catalina.jar

, edit

org/apache/catalina/util/ServerInfo.properties

, and change or remove entries such as

server.info

,

server.number

, and

server.built

to conceal version details.

Remove Default Manager Application

Delete all files under

/usr/local/apache-tomcat-8.5.16/webapps/*

and remove

/usr/local/apache-tomcat-8.5.16/conf/tomcat-users.xml

to eliminate the default manager UI.