steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into tomcat-base-image

pull/45/head
Andre Henn 2024-02-20 14:32:50 +01:00
parent bba764fe9a 4eb3cdab3b
commit 81ad21afb3
No known key found for this signature in database
GPG Key ID: 776670F973DDECAA
3 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Dockerfile
View File

@ -1,4 +1,4 @@
FROM tomcat:9.0.86-jdk11-temurin-jammy FROM tomcat:9.0.85-jdk11-temurin-jammy
LABEL vendor="osgeo.org" LABEL vendor="osgeo.org"
# Build arguments # Build arguments
@ -100,7 +100,6 @@ COPY *.sh /opt/
# CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers. # CIS Docker benchmark: Remove setuid and setgid permissions in the images to prevent privilege escalation attacks within containers.
RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true
# cleanup # cleanup
RUN apt purge -y \ RUN apt purge -y \
&& apt autoremove --purge -y \ && apt autoremove --purge -y \
@ -111,7 +110,6 @@ RUN apt purge -y \
&& rm -rf $CATALINA_HOME/webapps/host-manager \ && rm -rf $CATALINA_HOME/webapps/host-manager \
&& rm -rf $CATALINA_HOME/webapps/manager && rm -rf $CATALINA_HOME/webapps/manager
# GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories
# See also CIS Docker benchmark and docker best practices # See also CIS Docker benchmark and docker best practices
RUN chmod +x /opt/*.sh \ RUN chmod +x /opt/*.sh \

4
README.md
View File

@ -85,6 +85,10 @@ The ``startup.sh`` script allows some customization on startup:
* ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)** * ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)**
* ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``. * ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``.
The CORS variables customize tomcat's `web.xml` file. If you need more customization,
you can provide your own customized `web.xml` file to tomcat by mounting it into the container
at `/opt/config_overrides/web.xml`.
Example installing wps and ysld extensions: Example installing wps and ysld extensions:
```shell ```shell

11
startup.sh
View File

@ -121,6 +121,17 @@ fi
# Use a custom "server.xml" if the user mounted one into the container # Use a custom "server.xml" if the user mounted one into the container
copy_custom_config server.xml copy_custom_config server.xml
# Use a custom "web.xml" if the user mounted one into the container
if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/web.xml" ]; then
echo "Installing configuration override for web.xml with substituted environment variables"
if [ "${CORS_ENABLED}" = "true" ]; then
echo "Warning: the CORS_ENABLED's changes will be overwritten!"
fi
envsubst < "${CONFIG_OVERRIDES_DIR}"/web.xml > "${CATALINA_HOME}/webapps/geoserver/WEB-INF/web.xml"
fi
# start the tomcat # start the tomcat
# CIS - Tomcat Benchmark recommendations: # CIS - Tomcat Benchmark recommendations:
# * Turn off session facade recycling # * Turn off session facade recycling