feat: allow EXTRA_JAVA_OPTS to also be configured at runtime

Dockerfile

@@ -60,7 +60,8 @@ ENV WEBAPP_CONTEXT=geoserver
 #    --add-opens=java.desktop/sun.java2d.pipe=ALL-UNNAMED
 
 # see https://docs.geoserver.org/stable/en/user/production/container.html
-ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \
+# `EXTRA_JAVA_OPTS` will be prepended during runtime by startup.sh
+ENV CATALINA_OPTS=" \
     --add-exports=java.desktop/sun.awt.image=ALL-UNNAMED \
     --add-opens=java.base/java.lang=ALL-UNNAMED \
     --add-opens=java.base/java.util=ALL-UNNAMED \

README.md

@@ -106,6 +106,7 @@ The ``startup.sh`` script allows some customization on startup:
   * ``CORS_ALLOWED_HEADERS`` (default ``Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers``)
   * ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)**
 * ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``.
+* ``EXTRA_JAVA_OPTS`` to pass params to the JAVA environment.
 
 The CORS variables customize tomcat's `web.xml` file. If you need more customization,
 you can provide your own customized `web.xml` file to tomcat by mounting it into the container

startup.sh

@@ -153,6 +153,9 @@ if [ "${HTTPS_ENABLED}" = "true" ]; then
   envsubst < "${CONFIG_DIR}"/server-https.xml > "${CATALINA_HOME}/conf/server.xml"
 fi
 
+# Add configurable runtime options via EXTRA_JAVA_OPTS
+export CATALINA_OPTS="${EXTRA_JAVA_OPTS} ${CATALINA_OPTS}"
+
 # start the tomcat
 # CIS - Tomcat Benchmark recommendations:
 # * Turn off session facade recycling