diff --git a/Dockerfile b/Dockerfile index 970d367..49f1feb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM tomcat:9.0.86-jdk11-temurin-jammy +FROM tomcat:9.0.85-jdk11-temurin-jammy LABEL vendor="osgeo.org" # Build arguments @@ -100,7 +100,6 @@ COPY *.sh /opt/ # CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers. RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true - # cleanup RUN apt purge -y \ && apt autoremove --purge -y \ @@ -111,7 +110,6 @@ RUN apt purge -y \ && rm -rf $CATALINA_HOME/webapps/host-manager \ && rm -rf $CATALINA_HOME/webapps/manager - # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # See also CIS Docker benchmark and docker best practices RUN chmod +x /opt/*.sh \ diff --git a/README.md b/README.md index f758390..acf8aff 100644 --- a/README.md +++ b/README.md @@ -85,6 +85,10 @@ The ``startup.sh`` script allows some customization on startup: * ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)** * ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``. +The CORS variables customize tomcat's `web.xml` file. If you need more customization, +you can provide your own customized `web.xml` file to tomcat by mounting it into the container +at `/opt/config_overrides/web.xml`. + Example installing wps and ysld extensions: ```shell diff --git a/startup.sh b/startup.sh index 182e9c0..5e76d30 100755 --- a/startup.sh +++ b/startup.sh @@ -121,6 +121,17 @@ fi # Use a custom "server.xml" if the user mounted one into the container copy_custom_config server.xml +# Use a custom "web.xml" if the user mounted one into the container +if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/web.xml" ]; then + echo "Installing configuration override for web.xml with substituted environment variables" + + if [ "${CORS_ENABLED}" = "true" ]; then + echo "Warning: the CORS_ENABLED's changes will be overwritten!" + fi + + envsubst < "${CONFIG_OVERRIDES_DIR}"/web.xml > "${CATALINA_HOME}/webapps/geoserver/WEB-INF/web.xml" +fi + # start the tomcat # CIS - Tomcat Benchmark recommendations: # * Turn off session facade recycling