steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #106 from pi-geosolutions/document_unprivileged_user 

Document the unprivileged user mode
pull/107/head
Nils Bühner 2024-10-08 11:39:53 +02:00 committed by GitHub
parent c737e45ea5 8e7913946c
commit 9b9daba7e4
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
README.md
View File

@ -199,6 +199,15 @@ variables:
* ``HTTPS_KEYSTORE_PASSWORD`` (defaults to `changeit`) * ``HTTPS_KEYSTORE_PASSWORD`` (defaults to `changeit`)
* ``HTTPS_KEY_ALIAS`` (defaults to `server`) * ``HTTPS_KEY_ALIAS`` (defaults to `server`)
## How to run it as a non-privileged user ?
It is usually considered a good practice to run the containers as a non-privileged user (not `root`).
While it runs by default as root, for backwards compatibility reasons, several environment variables allow you to change this behaviour:
- `RUN_UNPRIVILEGED=true`: run as unprivileged user `tomcat`. Default uid:gid are 999:999
- `RUN_WITH_USER_UID` allows you to set `tomcat`'s uid. By default this is 999.
- `RUN_WITH_USER_GID` allows you to set `tomcat`'s gid. By default this is the same as the uid.
- `CHANGE_OWNERSHIP_ON_FOLDERS` sets a space-separated list of folders on which a `chmod -R` will be run, changing the ownership of those folders to the `tomcat` user (defaults to `"/opt $GEOSERVER_DATA_DIR"`).
## How to use the docker-compose demo? ## How to use the docker-compose demo?
The ``docker-compose-demo.yml`` to build with your own data directory and extensions. The ``docker-compose-demo.yml`` to build with your own data directory and extensions.
@ -239,6 +248,10 @@ Following is the list of the all the environment variables that can be passed do
| HEALTHCHECK_URL | URL to the resource / endpoint used for `docker` health checks | `http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png` | | HEALTHCHECK_URL | URL to the resource / endpoint used for `docker` health checks | `http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png` |
| GEOSERVER_ADMIN_USER | Admin username | | | GEOSERVER_ADMIN_USER | Admin username | |
| GEOSERVER_ADMIN_PASSWORD | Admin password | | | GEOSERVER_ADMIN_PASSWORD | Admin password | |
| RUN_UNPRIVILEGED | If set to `true`, runs as an unprivileged user `tomcat` instead of `root`. | `true` |
| RUN_WITH_USER_UID | When running as unprivileged user, sets the uid of this user. Defaults to `999` | `999` |
| RUN_WITH_USER_GID | When running as unprivileged user, sets the gid of this user. Defaults to the same as the uid | `999` |
| CHANGE_OWNERSHIP_ON_FOLDERS | When running as unprivileged user, changes the ownership to this user to these folders | `"/opt /opt/geoserver_data/ /mnt/geoserver_geodata"` |
The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up). The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up).
| VAR NAME | DESCRIPTION | SAMPLE VALUE | | VAR NAME | DESCRIPTION | SAMPLE VALUE |