diff --git a/BUILD.md b/BUILD.md index a711ff9..d952e89 100644 --- a/BUILD.md +++ b/BUILD.md @@ -65,14 +65,14 @@ Override these arguments to make use of build.geoserver.org nightly releases: * ``--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/ext-latest/`` * ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/community-latest/`` -Here is a working example for building 2.24.x nightly build:: +Here is a working example for building 2.25.x nightly build:: ``` docker build --no-cache-filter download,install \ - --build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.24.x/geoserver-2.24.x-latest-war.zip \ - --build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.24.x/ext-latest/ \ - --build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.24.x/community-latest/ \ + --build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.25.x/geoserver-2.25.x-latest-war.zip \ + --build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/ext-latest/ \ + --build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/community-latest/ \ --build-arg GS_VERSION=2.24-SNAPSHOT \ - -t 2.24.x . + -t 2.25.x . ``` When running both stable extensions and community modules can be included: @@ -82,7 +82,7 @@ docker run -it -p 80:8080 \ --env INSTALL_EXTENSIONS=true \ --env STABLE_EXTENSIONS="ysld" \ --env COMMUNITY_EXTENSIONS="ogcapi" \ - -t 2.24.x + -t 2.25.x ``` Community modules are only available for nightly builds as they have not yet met the requirements for production use. Developers have shared these to attract participation, feedback and funding. @@ -96,7 +96,7 @@ The build.geoserver.org output for the ``main`` branch requires the following: * ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/`` -Here is a working example for building main branch as 2.24.x build: +Here is a working example for building main branch as 2.25.x build: ``` docker build --no-cache-filter download,install \ @@ -104,7 +104,7 @@ docker build --no-cache-filter download,install \ --build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/main/ext-latest/ \ --build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/ \ --build-arg GS_VERSION=2.24-SNAPSHOT \ - -t 2.24.x . + -t 2.25.x . ``` When running both [stable extensions](https://build.geoserver.org/geoserver/main/ext-latest/) and [community modules](https://build.geoserver.org/geoserver/main/community-latest/) can be included: @@ -114,6 +114,6 @@ docker run -it -p 80:8080 \ --env INSTALL_EXTENSIONS=true \ --env STABLE_EXTENSIONS="wps,css" \ --env COMMUNITY_EXTENSIONS="ogcapi-coverages,ogcapi-dggs,ogcapi-features,ogcapi-images,ogcapi-maps,ogcapi-styles,ogcapi-tiled-features,ogcapi-tiles" \ - -t 2.24.x + -t 2.25.x ``` diff --git a/Dockerfile b/Dockerfile index 61f7a0f..8baf048 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,22 +1,49 @@ -FROM ubuntu:22.04 as tomcat +FROM tomcat:9.0.91-jdk11-temurin-jammy +LABEL vendor="osgeo.org" -ARG TOMCAT_VERSION=9.0.89 -ARG CORS_ENABLED=false -ARG CORS_ALLOWED_ORIGINS=* -ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS +# Build arguments +ARG ADDITIONAL_FONTS_PATH=./additional_fonts/ +ARG ADDITIONAL_LIBS_PATH=./additional_libs/ +ARG COMMUNITY_PLUGIN_URL='' ARG CORS_ALLOWED_HEADERS=* +ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS +ARG CORS_ALLOWED_ORIGINS=* ARG CORS_ALLOW_CREDENTIALS=false +ARG CORS_ENABLED=false +ARG GS_BUILD=release +ARG GS_DATA_PATH=./geoserver_data/ +ARG GS_VERSION=2.25.2 +ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions +ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip # Environment variables -ENV TOMCAT_VERSION=$TOMCAT_VERSION -ENV CATALINA_HOME=/opt/apache-tomcat-${TOMCAT_VERSION} -ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g" -ENV CORS_ENABLED=$CORS_ENABLED -ENV CORS_ALLOWED_ORIGINS=$CORS_ALLOWED_ORIGINS -ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS +ENV ADDITIONAL_FONTS_DIR=/opt/additional_fonts/ +ENV ADDITIONAL_LIBS_DIR=/opt/additional_libs/ +ENV CATALINA_HOME=$CATALINA_HOME +ENV COMMUNITY_EXTENSIONS='' +ENV COMMUNITY_PLUGIN_URL=$COMMUNITY_PLUGIN_URL +ENV CONFIG_DIR=/opt/config +ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS +ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS +ENV CORS_ALLOWED_ORIGINS=$CORS_ALLOWED_ORIGINS ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS -ENV DEBIAN_FRONTEND=noninteractive +ENV CORS_ENABLED=$CORS_ENABLED +ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g" +ENV GEOSERVER_BUILD=$GS_BUILD +ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ +ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ +ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml +ENV GEOSERVER_VERSION=$GS_VERSION +ENV HEALTHCHECK_URL='' +ENV INSTALL_EXTENSIONS=false +ENV POSTGRES_JNDI_ENABLED=false +ENV ROOT_WEBAPP_REDIRECT=false +ENV SKIP_DEMO_DATA=false +ENV STABLE_EXTENSIONS='' +ENV STABLE_PLUGIN_URL=$STABLE_PLUGIN_URL +ENV WAR_ZIP_URL=$WAR_ZIP_URL +ENV WEBAPP_CONTEXT=geoserver # see https://docs.geoserver.org/stable/en/user/production/container.html ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ @@ -29,107 +56,32 @@ ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ -Dsun.java2d.renderer=sun.java2d.marlin.DMarlinRenderingEngine \ -Dorg.geotools.coverage.jaiext.enabled=true" -# init -RUN apt update \ - && apt -y upgrade \ - && apt install -y --no-install-recommends locales openssl unzip gdal-bin wget curl openjdk-11-jdk gettext \ - && apt clean \ - && rm -rf /var/cache/apt/* \ - && rm -rf /var/lib/apt/lists/* - -WORKDIR /opt/ - -RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz \ - && tar xf apache-tomcat-${TOMCAT_VERSION}.tar.gz \ - && rm apache-tomcat-${TOMCAT_VERSION}.tar.gz \ - && rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/ROOT \ - && rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/docs \ - && rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/examples \ - && rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/host-manager \ - && rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/manager - -# cleanup -RUN apt purge -y \ - && apt autoremove --purge -y \ - && rm -rf /var/lib/apt/lists/* \ - && rm -rf /tmp/* - -FROM tomcat as download - -ARG GS_VERSION=2.25.2 -ARG GS_BUILD=release -ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip -ENV GEOSERVER_VERSION=$GS_VERSION -ENV GEOSERVER_BUILD=$GS_BUILD - WORKDIR /tmp -RUN echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \ +# Install dependencies and download geoserver +RUN set -eux \ + && export DEBIAN_FRONTEND=noninteractive \ + && apt-get update \ + && apt-get install -y --no-install-recommends openssl unzip curl locales gettext \ + && apt-get clean \ + && rm -rf /var/cache/apt/* \ + && rm -rf /var/lib/apt/lists/* \ + && echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \ && wget -q -O /tmp/geoserver.zip $WAR_ZIP_URL \ && unzip geoserver.zip geoserver.war -d /tmp/ \ && unzip -q /tmp/geoserver.war -d /tmp/geoserver \ - && rm /tmp/geoserver.war - -FROM tomcat as install - -ARG GS_VERSION=2.25.2 -ARG GS_BUILD=release -ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions -ARG COMMUNITY_PLUGIN_URL='' - -ARG GS_DATA_PATH=./geoserver_data/ -ARG ADDITIONAL_LIBS_PATH=./additional_libs/ -ARG ADDITIONAL_FONTS_PATH=./additional_fonts/ - -ENV GEOSERVER_VERSION=$GS_VERSION -ENV GEOSERVER_BUILD=$GS_BUILD -ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ -ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml -ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ -ENV INSTALL_EXTENSIONS=false -ENV WAR_ZIP_URL=$WAR_ZIP_URL -ENV STABLE_EXTENSIONS='' -ENV STABLE_PLUGIN_URL=$STABLE_PLUGIN_URL -ENV COMMUNITY_EXTENSIONS='' -ENV COMMUNITY_PLUGIN_URL=$COMMUNITY_PLUGIN_URL -ENV ADDITIONAL_LIBS_DIR=/opt/additional_libs/ -ENV ADDITIONAL_FONTS_DIR=/opt/additional_fonts/ -ENV SKIP_DEMO_DATA=false -ENV ROOT_WEBAPP_REDIRECT=false -ENV POSTGRES_JNDI_ENABLED=false -ENV CONFIG_DIR=/opt/config -ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides -ENV WEBAPP_CONTEXT=geoserver -ENV HEALTHCHECK_URL='' - -ENV HTTPS_ENABLED=false -ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks -ENV HTTPS_KEYSTORE_PASSWORD=changeit -ENV HTTPS_KEY_ALIAS=server - -EXPOSE 8080 -EXPOSE 8443 - -WORKDIR /tmp - -RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen - -RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" - -COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver - -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ -&& mkdir -p $GEOSERVER_DATA_DIR - -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ + && rm /tmp/geoserver.war \ + && echo "Installing GeoServer $GS_VERSION $GS_BUILD" \ + && mv /tmp/geoserver $CATALINA_HOME/webapps/geoserver \ + && mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ + && mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ \ + && mkdir -p $GEOSERVER_DATA_DIR +# Copy data and additional libs / fonts COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR COPY $ADDITIONAL_FONTS_PATH /usr/share/fonts/truetype/ -# cleanup -RUN rm -rf /tmp/* - # Add default configs COPY config $CONFIG_DIR @@ -149,13 +101,26 @@ COPY *.sh /opt/ # CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers. RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true +# cleanup +RUN apt purge -y \ + && apt autoremove --purge -y \ + && rm -rf /tmp/ \ + && rm -rf $CATALINA_HOME/webapps/ROOT \ + && rm -rf $CATALINA_HOME/webapps/docs \ + && rm -rf $CATALINA_HOME/webapps/examples \ + && rm -rf $CATALINA_HOME/webapps/host-manager \ + && rm -rf $CATALINA_HOME/webapps/manager + # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # See also CIS Docker benchmark and docker best practices + RUN chmod +x /opt/*.sh && sed -i 's/\r$//' /opt/startup.sh ENTRYPOINT ["bash", "/opt/startup.sh"] WORKDIR /opt +EXPOSE 8080 + HEALTHCHECK --interval=1m --timeout=20s --retries=3 \ - CMD curl --fail --url "$(cat $CATALINA_HOME/conf/healthcheck_url.txt)" || exit 1 \ No newline at end of file + CMD curl --fail --url "$(cat $CATALINA_HOME/conf/healthcheck_url.txt)" || exit 1 diff --git a/README.md b/README.md index 9378cb4..ad70306 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,18 @@ -# A geoserver docker image +# A GeoServer docker image This Dockerfile can be used to create images for all geoserver versions since 2.5. -* Debian based Linux -* OpenJDK 11 -* Tomcat 9 -* GeoServer - * Support of custom fonts (e.g. for SLD styling) - * CORS support - * Support extensions - * Support additional libraries - * Support for PostgreSQL JNDI - * Support for HTTPS +* Based on the official [`tomcat` docker image](https://hub.docker.com/_/tomcat), in particular: + * Tomcat 9 + * JDK11 (eclipse temurin) + * Ubuntu Jammy (22.04 LTS) +* GeoServer installation is configurable and supports + * Dynamic installation of extensions + * Custom fonts (e.g. for SLD styling) + * CORS + * Additional libraries + * PostgreSQL JNDI + * HTTPS This README.md file covers use of official docker image, additional [build](BUILD.md) and [release](RELEASE.md) instructions are available. @@ -67,6 +68,7 @@ docker run -it -p 80:8080 \ --env SKIP_DEMO_DATA=true \ docker.osgeo.org/geoserver:2.25.2 ``` + ## How to set the application context path? By default, GeoServer is served from . Use the environment variable `WEBAPP_CONTEXT` to change the context path. @@ -87,7 +89,6 @@ docker run -it -p 80:8080 \ docker.osgeo.org/geoserver:2.25.1 ``` - ## How to issue a redirect from the root ("/") to GeoServer web interface ("/geoserver/web")? By default, the ROOT webapp is not available which makes requests to the root endpoint "/" return a 404 error. @@ -215,7 +216,7 @@ Following is the list of the all the environment variables that can be passed do | VAR NAME | DESCRIPTION | SAMPLE VALUE | |--------------|-----------|------------| | PATH | Used by geoserver internally to find all the libs | `/usr/local/sbin:/usr/local/bin:` | -| CATALINA_HOME | CATALINA home path | `/opt/apache-tomcat-9.0.89` | +| CATALINA_HOME | CATALINA home path | `/usr/local/tomcat` (see also [here](https://github.com/docker-library/tomcat/blob/master/9.0/jdk11/temurin-jammy/Dockerfile)) | | EXTRA_JAVA_OPTS | Used to pass params to the JAVA environment. Check [ref](https://docs.oracle.com/en/java/javase/11/tools/java.html) | `-Xms256m -Xmx1g` | | CORS_ENABLED | CORS enabled configuration | `false` | | CORS_ALLOWED_ORIGINS | CORS origins configuration | `*` | @@ -223,14 +224,14 @@ Following is the list of the all the environment variables that can be passed do | CORS_ALLOWED_HEADERS | CORS headers configuration | `*` | | DEBIAN_FRONTEND | Configures the Debian package manager frontend | `noninteractive`| | CATALINA_OPTS | Catalina options. Check [ref](https://www.baeldung.com/tomcat-catalina_opts-vs-java_opts) | `-Djava.awt.headless=true` | -| GEOSERVER_DATA_DIR | Geosever data directory location | `/opt/geoserver_data/` | +| GEOSERVER_DATA_DIR | Geoserver data directory location | `/opt/geoserver_data/` | | GEOSERVER_REQUIRE_FILE | Geoserver configuration used interally | `/opt/geoserver_data/global.xml` | | INSTALL_EXTENSIONS | Indicates whether additional GeoServer extensions should be installed | `false` | | WAR_ZIP_URL | Specifies the URL for a GeoServer Web Archive (WAR) file | | | STABLE_EXTENSIONS | Specifies stable GeoServer extensions | | -| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.24.x/ext-latest` | +| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/ext-latest` | | COMMUNITY_EXTENSIONS | Specifies community-contributed GeoServer extensions | | -| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.24.x/community-latest` | +| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/community-latest` | | ADDITIONAL_LIBS_DIR | Sets the directory for additional libraries used by GeoServer | `/opt/additional_libs/` | | ADDITIONAL_FONTS_DIR | Sets the directory for additional fonts used by GeoServer | `/opt/additional_fonts/` | | SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | `false` | @@ -243,7 +244,7 @@ The following values cannot really be safely changed (as they are used to downlo | VAR NAME | DESCRIPTION | SAMPLE VALUE | |--------------|-----------|------------| | GEOSERVER_VERSION | Geoserver version (used internally) | `2.24-SNAPSHOT`| -| GEOSERVER_BUILD | Geosever build (used internally) | `1628` | +| GEOSERVER_BUILD | Geoserver build (used internally) | `1628` | ## Troubleshooting diff --git a/RELEASE.md b/RELEASE.md index 952d955..849ceb9 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -40,4 +40,4 @@ Examples: `./release.sh buildandpublish 2.25.2` -`./release.sh buildandpublish 2.24-SNAPSHOT 1234` +`./release.sh buildandpublish 2.25-SNAPSHOT 1234`