steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #45 from ahennr/tomcat-base-image 

Switch to official Tomcat 9 - JDK 11 base image
pull/64/head
Nils Bühner 2024-07-26 12:24:28 +02:00 committed by GitHub
parent f4d4c819fb 177c52ee85
commit 73dcf0ea7c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 97 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
BUILD.md
View File

@ -65,14 +65,14 @@ Override these arguments to make use of build.geoserver.org nightly releases:
* ``--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/ext-latest/``
* ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/community-latest/``
Here is a working example for building 2.24.x nightly build::
Here is a working example for building 2.25.x nightly build::
```
docker build --no-cache-filter download,install \
--build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.24.x/geoserver-2.24.x-latest-war.zip \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.24.x/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.24.x/community-latest/ \
--build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.25.x/geoserver-2.25.x-latest-war.zip \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/community-latest/ \
--build-arg GS_VERSION=2.24-SNAPSHOT \
-t 2.24.x .
-t 2.25.x .
```
When running both stable extensions and community modules can be included:
@ -82,7 +82,7 @@ docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true \
--env STABLE_EXTENSIONS="ysld" \
--env COMMUNITY_EXTENSIONS="ogcapi" \
-t 2.24.x
-t 2.25.x
```
Community modules are only available for nightly builds as they have not yet met the requirements for production use. Developers have shared these to attract participation, feedback and funding.
@ -96,7 +96,7 @@ The build.geoserver.org output for the ``main`` branch requires the following:
* ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/``
Here is a working example for building main branch as 2.24.x build:
Here is a working example for building main branch as 2.25.x build:
```
docker build --no-cache-filter download,install \
@ -104,7 +104,7 @@ docker build --no-cache-filter download,install \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/main/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/ \
--build-arg GS_VERSION=2.24-SNAPSHOT \
-t 2.24.x .
-t 2.25.x .
```
When running both [stable extensions](https://build.geoserver.org/geoserver/main/ext-latest/) and [community modules](https://build.geoserver.org/geoserver/main/community-latest/) can be included:
@ -114,6 +114,6 @@ docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true \
--env STABLE_EXTENSIONS="wps,css" \
--env COMMUNITY_EXTENSIONS="ogcapi-coverages,ogcapi-dggs,ogcapi-features,ogcapi-images,ogcapi-maps,ogcapi-styles,ogcapi-tiled-features,ogcapi-tiles" \
-t 2.24.x
-t 2.25.x
```

171
Dockerfile
View File

@ -1,22 +1,49 @@
FROM ubuntu:22.04 as tomcat
FROM tomcat:9.0.91-jdk11-temurin-jammy
LABEL vendor="osgeo.org"
ARG TOMCAT_VERSION=9.0.89
ARG CORS_ENABLED=false
ARG CORS_ALLOWED_ORIGINS=*
ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
# Build arguments
ARG ADDITIONAL_FONTS_PATH=./additional_fonts/
ARG ADDITIONAL_LIBS_PATH=./additional_libs/
ARG COMMUNITY_PLUGIN_URL=''
ARG CORS_ALLOWED_HEADERS=*
ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
ARG CORS_ALLOWED_ORIGINS=*
ARG CORS_ALLOW_CREDENTIALS=false
ARG CORS_ENABLED=false
ARG GS_BUILD=release
ARG GS_DATA_PATH=./geoserver_data/
ARG GS_VERSION=2.25.2
ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions
ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip
# Environment variables
ENV TOMCAT_VERSION=$TOMCAT_VERSION
ENV CATALINA_HOME=/opt/apache-tomcat-${TOMCAT_VERSION}
ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g"
ENV CORS_ENABLED=$CORS_ENABLED
ENV CORS_ALLOWED_ORIGINS=$CORS_ALLOWED_ORIGINS
ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS
ENV ADDITIONAL_FONTS_DIR=/opt/additional_fonts/
ENV ADDITIONAL_LIBS_DIR=/opt/additional_libs/
ENV CATALINA_HOME=$CATALINA_HOME
ENV COMMUNITY_EXTENSIONS=''
ENV COMMUNITY_PLUGIN_URL=$COMMUNITY_PLUGIN_URL
ENV CONFIG_DIR=/opt/config
ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides
ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS
ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS
ENV CORS_ALLOWED_ORIGINS=$CORS_ALLOWED_ORIGINS
ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS
ENV DEBIAN_FRONTEND=noninteractive
ENV CORS_ENABLED=$CORS_ENABLED
ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g"
ENV GEOSERVER_BUILD=$GS_BUILD
ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/
ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/
ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml
ENV GEOSERVER_VERSION=$GS_VERSION
ENV HEALTHCHECK_URL=''
ENV INSTALL_EXTENSIONS=false
ENV POSTGRES_JNDI_ENABLED=false
ENV ROOT_WEBAPP_REDIRECT=false
ENV SKIP_DEMO_DATA=false
ENV STABLE_EXTENSIONS=''
ENV STABLE_PLUGIN_URL=$STABLE_PLUGIN_URL
ENV WAR_ZIP_URL=$WAR_ZIP_URL
ENV WEBAPP_CONTEXT=geoserver
# see https://docs.geoserver.org/stable/en/user/production/container.html
ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \
@ -29,107 +56,32 @@ ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \
-Dsun.java2d.renderer=sun.java2d.marlin.DMarlinRenderingEngine \
-Dorg.geotools.coverage.jaiext.enabled=true"
# init
RUN apt update \
&& apt -y upgrade \
&& apt install -y --no-install-recommends locales openssl unzip gdal-bin wget curl openjdk-11-jdk gettext \
&& apt clean \
&& rm -rf /var/cache/apt/* \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /opt/
RUN wget -q https://archive.apache.org/dist/tomcat/tomcat-9/v${TOMCAT_VERSION}/bin/apache-tomcat-${TOMCAT_VERSION}.tar.gz \
&& tar xf apache-tomcat-${TOMCAT_VERSION}.tar.gz \
&& rm apache-tomcat-${TOMCAT_VERSION}.tar.gz \
&& rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/ROOT \
&& rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/docs \
&& rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/examples \
&& rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/host-manager \
&& rm -rf /opt/apache-tomcat-${TOMCAT_VERSION}/webapps/manager
# cleanup
RUN apt purge -y \
&& apt autoremove --purge -y \
&& rm -rf /var/lib/apt/lists/* \
&& rm -rf /tmp/*
FROM tomcat as download
ARG GS_VERSION=2.25.2
ARG GS_BUILD=release
ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip
ENV GEOSERVER_VERSION=$GS_VERSION
ENV GEOSERVER_BUILD=$GS_BUILD
WORKDIR /tmp
RUN echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \
# Install dependencies and download geoserver
RUN set -eux \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends openssl unzip curl locales gettext \
&& apt-get clean \
&& rm -rf /var/cache/apt/* \
&& rm -rf /var/lib/apt/lists/* \
&& echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \
&& wget -q -O /tmp/geoserver.zip $WAR_ZIP_URL \
&& unzip geoserver.zip geoserver.war -d /tmp/ \
&& unzip -q /tmp/geoserver.war -d /tmp/geoserver \
&& rm /tmp/geoserver.war
FROM tomcat as install
ARG GS_VERSION=2.25.2
ARG GS_BUILD=release
ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions
ARG COMMUNITY_PLUGIN_URL=''
ARG GS_DATA_PATH=./geoserver_data/
ARG ADDITIONAL_LIBS_PATH=./additional_libs/
ARG ADDITIONAL_FONTS_PATH=./additional_fonts/
ENV GEOSERVER_VERSION=$GS_VERSION
ENV GEOSERVER_BUILD=$GS_BUILD
ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/
ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml
ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/
ENV INSTALL_EXTENSIONS=false
ENV WAR_ZIP_URL=$WAR_ZIP_URL
ENV STABLE_EXTENSIONS=''
ENV STABLE_PLUGIN_URL=$STABLE_PLUGIN_URL
ENV COMMUNITY_EXTENSIONS=''
ENV COMMUNITY_PLUGIN_URL=$COMMUNITY_PLUGIN_URL
ENV ADDITIONAL_LIBS_DIR=/opt/additional_libs/
ENV ADDITIONAL_FONTS_DIR=/opt/additional_fonts/
ENV SKIP_DEMO_DATA=false
ENV ROOT_WEBAPP_REDIRECT=false
ENV POSTGRES_JNDI_ENABLED=false
ENV CONFIG_DIR=/opt/config
ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides
ENV WEBAPP_CONTEXT=geoserver
ENV HEALTHCHECK_URL=''
ENV HTTPS_ENABLED=false
ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks
ENV HTTPS_KEYSTORE_PASSWORD=changeit
ENV HTTPS_KEY_ALIAS=server
EXPOSE 8080
EXPOSE 8443
WORKDIR /tmp
RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen
RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD"
COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver
RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \
&& mkdir -p $GEOSERVER_DATA_DIR
RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/
&& rm /tmp/geoserver.war \
&& echo "Installing GeoServer $GS_VERSION $GS_BUILD" \
&& mv /tmp/geoserver $CATALINA_HOME/webapps/geoserver \
&& mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \
&& mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ \
&& mkdir -p $GEOSERVER_DATA_DIR
# Copy data and additional libs / fonts
COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR
COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR
COPY $ADDITIONAL_FONTS_PATH /usr/share/fonts/truetype/
# cleanup
RUN rm -rf /tmp/*
# Add default configs
COPY config $CONFIG_DIR
@ -149,13 +101,26 @@ COPY *.sh /opt/
# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
# cleanup
RUN apt purge -y \
&& apt autoremove --purge -y \
&& rm -rf /tmp/ \
&& rm -rf $CATALINA_HOME/webapps/ROOT \
&& rm -rf $CATALINA_HOME/webapps/docs \
&& rm -rf $CATALINA_HOME/webapps/examples \
&& rm -rf $CATALINA_HOME/webapps/host-manager \
&& rm -rf $CATALINA_HOME/webapps/manager
# GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
# See also CIS Docker benchmark and docker best practices
RUN chmod +x /opt/*.sh && sed -i 's/\r$//' /opt/startup.sh
ENTRYPOINT ["bash", "/opt/startup.sh"]
WORKDIR /opt
EXPOSE 8080
HEALTHCHECK --interval=1m --timeout=20s --retries=3 \
CMD curl --fail --url "$(cat $CATALINA_HOME/conf/healthcheck_url.txt)" || exit 1

35
README.md
View File

@ -1,17 +1,18 @@
# A geoserver docker image
# A GeoServer docker image
This Dockerfile can be used to create images for all geoserver versions since 2.5.
* Debian based Linux
* OpenJDK 11
* Tomcat 9
* GeoServer
* Support of custom fonts (e.g. for SLD styling)
* CORS support
* Support extensions
* Support additional libraries
* Support for PostgreSQL JNDI
* Support for HTTPS
* Based on the official [`tomcat` docker image](https://hub.docker.com/_/tomcat), in particular:
* Tomcat 9
* JDK11 (eclipse temurin)
* Ubuntu Jammy (22.04 LTS)
* GeoServer installation is configurable and supports
* Dynamic installation of extensions
* Custom fonts (e.g. for SLD styling)
* CORS
* Additional libraries
* PostgreSQL JNDI
* HTTPS
This README.md file covers use of official docker image, additional [build](BUILD.md) and [release](RELEASE.md) instructions are available.
@ -67,6 +68,7 @@ docker run -it -p 80:8080 \
--env SKIP_DEMO_DATA=true \
docker.osgeo.org/geoserver:2.25.2
```
## How to set the application context path?
By default, GeoServer is served from <http://localhost/geoserver>. Use the environment variable `WEBAPP_CONTEXT` to change the context path.
@ -87,7 +89,6 @@ docker run -it -p 80:8080 \
docker.osgeo.org/geoserver:2.25.1
```
## How to issue a redirect from the root ("/") to GeoServer web interface ("/geoserver/web")?
By default, the ROOT webapp is not available which makes requests to the root endpoint "/" return a 404 error.
@ -215,7 +216,7 @@ Following is the list of the all the environment variables that can be passed do
| VAR NAME | DESCRIPTION | SAMPLE VALUE |
|--------------|-----------|------------|
| PATH | Used by geoserver internally to find all the libs | `/usr/local/sbin:/usr/local/bin:` |
| CATALINA_HOME | CATALINA home path | `/opt/apache-tomcat-9.0.89` |
| CATALINA_HOME | CATALINA home path | `/usr/local/tomcat` (see also [here](https://github.com/docker-library/tomcat/blob/master/9.0/jdk11/temurin-jammy/Dockerfile)) |
| EXTRA_JAVA_OPTS | Used to pass params to the JAVA environment. Check [ref](https://docs.oracle.com/en/java/javase/11/tools/java.html) | `-Xms256m -Xmx1g` |
| CORS_ENABLED | CORS enabled configuration | `false` |
| CORS_ALLOWED_ORIGINS | CORS origins configuration | `*` |
@ -223,14 +224,14 @@ Following is the list of the all the environment variables that can be passed do
| CORS_ALLOWED_HEADERS | CORS headers configuration | `*` |
| DEBIAN_FRONTEND | Configures the Debian package manager frontend | `noninteractive`|
| CATALINA_OPTS | Catalina options. Check [ref](https://www.baeldung.com/tomcat-catalina_opts-vs-java_opts) | `-Djava.awt.headless=true` |
| GEOSERVER_DATA_DIR | Geosever data directory location | `/opt/geoserver_data/` |
| GEOSERVER_DATA_DIR | Geoserver data directory location | `/opt/geoserver_data/` |
| GEOSERVER_REQUIRE_FILE | Geoserver configuration used interally | `/opt/geoserver_data/global.xml` |
| INSTALL_EXTENSIONS | Indicates whether additional GeoServer extensions should be installed | `false` |
| WAR_ZIP_URL | Specifies the URL for a GeoServer Web Archive (WAR) file | |
| STABLE_EXTENSIONS | Specifies stable GeoServer extensions | |
| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.24.x/ext-latest` |
| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/ext-latest` |
| COMMUNITY_EXTENSIONS | Specifies community-contributed GeoServer extensions | |
| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.24.x/community-latest` |
| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/community-latest` |
| ADDITIONAL_LIBS_DIR | Sets the directory for additional libraries used by GeoServer | `/opt/additional_libs/` |
| ADDITIONAL_FONTS_DIR | Sets the directory for additional fonts used by GeoServer | `/opt/additional_fonts/` |
| SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | `false` |
@ -243,7 +244,7 @@ The following values cannot really be safely changed (as they are used to downlo
| VAR NAME | DESCRIPTION | SAMPLE VALUE |
|--------------|-----------|------------|
| GEOSERVER_VERSION | Geoserver version (used internally) | `2.24-SNAPSHOT`|
| GEOSERVER_BUILD | Geosever build (used internally) | `1628` |
| GEOSERVER_BUILD | Geoserver build (used internally) | `1628` |
## Troubleshooting

2
RELEASE.md
View File

@ -40,4 +40,4 @@ Examples:
`./release.sh buildandpublish 2.25.2`
`./release.sh buildandpublish 2.24-SNAPSHOT 1234`
`./release.sh buildandpublish 2.25-SNAPSHOT 1234`