From e04f1ed17d056093b42f3f4d472c0d3b9358e6b0 Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Fri, 12 Jan 2024 10:25:43 -0500 Subject: [PATCH 01/16] added env variable to specify which tomcat context GeoServer should be deployed at, including ROOT. added logic to ignore ROOT_WEBAPP_REDIRECT if context is ROOT added logic to choose the correct url for the healthcheck --- Dockerfile | 15 ++++++++------- startup.sh | 15 +++++++-------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/Dockerfile b/Dockerfile index c142667..e41e0d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,6 +16,7 @@ ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS ENV DEBIAN_FRONTEND=noninteractive +ENV WEBAPP_CONTEXT=geoserver # see https://docs.geoserver.org/stable/en/user/production/container.html ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ @@ -81,7 +82,7 @@ ENV GEOSERVER_VERSION=$GS_VERSION ENV GEOSERVER_BUILD=$GS_BUILD ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml -ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ +ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ ENV INSTALL_EXTENSIONS=false ENV WAR_ZIP_URL=$WAR_ZIP_URL ENV STABLE_EXTENSIONS='' @@ -95,20 +96,20 @@ ENV ROOT_WEBAPP_REDIRECT=false ENV POSTGRES_JNDI_ENABLED=false ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides -ENV HEALTHCHECK_URL=http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png - +ENV HEALTHCHECK_URL=http://localhost:8080/$WEBAPP_CONTEXT/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png +ENV ROOT_HEALTHCHECK_URL=http://localhost:8080/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png EXPOSE 8080 WORKDIR /tmp RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" -COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver +COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/$WEBAPP_CONTEXT -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ +RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ && mkdir -p $GEOSERVER_DATA_DIR -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ +RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR @@ -129,4 +130,4 @@ ENTRYPOINT ["/opt/startup.sh"] WORKDIR /opt HEALTHCHECK --interval=1m --timeout=20s --retries=3 \ - CMD curl --fail $HEALTHCHECK_URL || exit 1 + CMD if [ $WEBAPP_CONTEXT == "ROOT" ];then (curl --fail ROOT_HEALTHCHECK_URL || exit 1); else (curl --fail HEALTHCHECK_URL || exit 1);fi diff --git a/startup.sh b/startup.sh index 9195d26..99d7874 100755 --- a/startup.sh +++ b/startup.sh @@ -7,25 +7,24 @@ if [ "${SKIP_DEMO_DATA}" = "true" ]; then fi ## Add a permanent redirect (HTTP 301) from the root webapp ("/") to geoserver web interface ("/geoserver/web") -if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ]; then +if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "ROOT" ]; then if [ ! -d $CATALINA_HOME/webapps/ROOT ]; then mkdir $CATALINA_HOME/webapps/ROOT fi cat > $CATALINA_HOME/webapps/ROOT/index.jsp << EOF <% - final String redirectURL = "/geoserver/web/"; + final String redirectURL = "/${WEBAPP_CONTEXT}/web/"; response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY); response.setHeader("Location", redirectURL); %> EOF fi - ## install release data directory if needed before starting tomcat if [ ! -z "$GEOSERVER_REQUIRE_FILE" ] && [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war" - cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR + cp -r $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/data/* $GEOSERVER_DATA_DIR fi ## install GeoServer extensions before starting the tomcat @@ -35,7 +34,7 @@ fi # we also count whether at least one file with the extensions exists count=`ls -1 $ADDITIONAL_LIBS_DIR/*.jar 2>/dev/null | wc -l` if [ -d "$ADDITIONAL_LIBS_DIR" ] && [ $count != 0 ]; then - cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ + cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ echo "Installed $count JAR extension file(s) from the additional libs folder" fi @@ -52,8 +51,8 @@ fi # to the end of the web.xml # (this will only happen if our filter has not yet been added before) if [ "${CORS_ENABLED}" = "true" ]; then - if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then - echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml" + if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; then + echo "Enable CORS for $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml" # Add support for access-control-allow-credentials when the origin is not a wildcard when specified via env var if [ "${CORS_ALLOWED_ORIGINS}" != "*" ] && [ "${CORS_ALLOW_CREDENTIALS}" = "true" ]; then @@ -86,7 +85,7 @@ if [ "${CORS_ENABLED}" = "true" ]; then \n\ DockerGeoServerCorsFilter\n\ /*\n\ - " "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; + " "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; fi fi From ce561ff777f64756e4f0ed4692e2782005b0e11b Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Tue, 13 Feb 2024 13:50:05 -0500 Subject: [PATCH 02/16] Added context element to config/server.xml and set autoDeploy and deployOnStartup to false url in HEALTHCHECK written to file so that it can be set on startup updated README with usage info --- Dockerfile | 18 ++++++++++-------- README.md | 20 ++++++++++++++++++++ config/context.xml | 20 -------------------- config/server.xml | 22 +++++++++++++++++++++- startup.sh | 19 +++++++++++++------ 5 files changed, 64 insertions(+), 35 deletions(-) delete mode 100644 config/context.xml diff --git a/Dockerfile b/Dockerfile index 50cb2b3..92b7bc1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -8,6 +8,7 @@ ARG CORS_ALLOWED_HEADERS=* ARG CORS_ALLOW_CREDENTIALS=false # Environment variables +ENV TOMCAT_VERSION=$TOMCAT_VERSION ENV CATALINA_HOME=/opt/apache-tomcat-${TOMCAT_VERSION} ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g" ENV CORS_ENABLED=$CORS_ENABLED @@ -16,7 +17,6 @@ ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS ENV DEBIAN_FRONTEND=noninteractive -ENV WEBAPP_CONTEXT=geoserver # see https://docs.geoserver.org/stable/en/user/production/container.html ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ @@ -85,7 +85,7 @@ ENV GEOSERVER_VERSION=$GS_VERSION ENV GEOSERVER_BUILD=$GS_BUILD ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml -ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ +ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ ENV INSTALL_EXTENSIONS=false ENV WAR_ZIP_URL=$WAR_ZIP_URL ENV STABLE_EXTENSIONS='' @@ -99,20 +99,19 @@ ENV ROOT_WEBAPP_REDIRECT=false ENV POSTGRES_JNDI_ENABLED=false ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides -ENV HEALTHCHECK_URL=http://localhost:8080/$WEBAPP_CONTEXT/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png -ENV ROOT_HEALTHCHECK_URL=http://localhost:8080/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png + EXPOSE 8080 WORKDIR /tmp RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" -COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/$WEBAPP_CONTEXT +COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver -RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ +RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ && mkdir -p $GEOSERVER_DATA_DIR -RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ +RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR @@ -152,9 +151,12 @@ RUN chmod +x /opt/*.sh \ USER geoserver +ENV WEBAPP_CONTEXT=geoserver +ENV HEALTHCHECK_URL='' + ENTRYPOINT ["/opt/startup.sh"] WORKDIR /opt HEALTHCHECK --interval=1m --timeout=20s --retries=3 \ - CMD if [ $WEBAPP_CONTEXT == "ROOT" ];then (curl --fail ROOT_HEALTHCHECK_URL || exit 1); else (curl --fail HEALTHCHECK_URL || exit 1);fi + CMD curl --fail --url "$(cat $CATALINA_HOME/conf/healthcheck_url.txt)" || exit 1 \ No newline at end of file diff --git a/README.md b/README.md index 01a809e..a9585e8 100644 --- a/README.md +++ b/README.md @@ -65,6 +65,26 @@ docker run -it -p 80:8080 \ --env SKIP_DEMO_DATA=true \ docker.osgeo.org/geoserver:2.24.1 ``` +## How to set the application context path? + +By default, GeoServer is served from . Use the environment variable `WEBAPP_CONTEXT` to change the context path. + +examples: + +The following will serve GeoServer from the root (): +```shell +docker run -it -p 80:8080 \ + --env WEBAPP_CONTEXT="" \ + docker.osgeo.org/geoserver:2.24.1 +``` + +The following will serve GeoServer from : +```shell +docker run -it -p 80:8080 \ + --env WEBAPP_CONTEXT="my_context_path" \ + docker.osgeo.org/geoserver:2.24.1 +``` + ## How to issue a redirect from the root ("/") to GeoServer web interface ("/geoserver/web")? diff --git a/config/context.xml b/config/context.xml deleted file mode 100644 index 157fb73..0000000 --- a/config/context.xml +++ /dev/null @@ -1,20 +0,0 @@ - - - diff --git a/config/server.xml b/config/server.xml index 5ade9f9..3c04e93 100644 --- a/config/server.xml +++ b/config/server.xml @@ -166,7 +166,7 @@ + unpackWARs="true" autoDeploy="false" deployOnStartup="false"> @@ -181,6 +181,26 @@ prefix="localhost_access_log" suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> + + + diff --git a/startup.sh b/startup.sh index 8bbaeeb..bd8a801 100755 --- a/startup.sh +++ b/startup.sh @@ -21,7 +21,7 @@ if [ "${SKIP_DEMO_DATA}" = "true" ]; then fi ## Add a permanent redirect (HTTP 301) from the root webapp ("/") to geoserver web interface ("/geoserver/web") -if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "ROOT" ]; then +if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then if [ ! -d $CATALINA_HOME/webapps/ROOT ]; then mkdir $CATALINA_HOME/webapps/ROOT fi @@ -35,10 +35,17 @@ if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "ROOT" ]; EOF fi +# Set the HEALTHCHECK URL depending on the webapp context +# remove duplicate forward slashes +DEFAULT_HEALTHCHECK_URL=$(echo "localhost:8080/${WEBAPP_CONTEXT}/ows?service=wms&version=1.3.0&request=GetCapabilities" | tr -s /) +DEFAULT_HEALTHCHECK_URL="http://${DEFAULT_HEALTHCHECK_URL}" +# write the healthcheck URL to a file that user geoserver has access to but is not served by tomcat +echo "${HEALTHCHECK_URL:-$DEFAULT_HEALTHCHECK_URL}" > $CATALINA_HOME/conf/healthcheck_url.txt + ## install release data directory if needed before starting tomcat if [ ! -z "$GEOSERVER_REQUIRE_FILE" ] && [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war" - cp -r $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/data/* $GEOSERVER_DATA_DIR + cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR fi ## install GeoServer extensions before starting the tomcat @@ -48,7 +55,7 @@ fi # we also count whether at least one file with the extensions exists count=`ls -1 $ADDITIONAL_LIBS_DIR/*.jar 2>/dev/null | wc -l` if [ -d "$ADDITIONAL_LIBS_DIR" ] && [ $count != 0 ]; then - cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ + cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ echo "Installed $count JAR extension file(s) from the additional libs folder" fi @@ -65,8 +72,8 @@ fi # to the end of the web.xml # (this will only happen if our filter has not yet been added before) if [ "${CORS_ENABLED}" = "true" ]; then - if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; then - echo "Enable CORS for $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml" + if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then + echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml" # Add support for access-control-allow-credentials when the origin is not a wildcard when specified via env var if [ "${CORS_ALLOWED_ORIGINS}" != "*" ] && [ "${CORS_ALLOW_CREDENTIALS}" = "true" ]; then @@ -99,7 +106,7 @@ if [ "${CORS_ENABLED}" = "true" ]; then \n\ DockerGeoServerCorsFilter\n\ /*\n\ - " "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; + " "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; fi fi From a2643b4d001e9f77335bbc502498409a7233b342 Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Tue, 13 Feb 2024 15:13:40 -0500 Subject: [PATCH 03/16] manually deploy ROOT context when ROOT_WEBAPP_REDIRECT is true and WEBAPP_CONTEXT is not '' --- startup.sh | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/startup.sh b/startup.sh index bd8a801..b1ea25f 100755 --- a/startup.sh +++ b/startup.sh @@ -12,6 +12,12 @@ function copy_custom_config() { # Otherwise use the default echo "Installing default ${CONFIG_FILE} with substituted environment variables" envsubst < "${CONFIG_DIR}"/"${CONFIG_FILE}" > "${CATALINA_HOME}/conf/${CONFIG_FILE}" + + # since autodeploy is disabled by default, we need to enable it if the user has not provided a custom server.xml + if [ "${CONFIG_FILE}" = "server.xml" ] && [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then + echo "Deploying ROOT context to allow for redirect to ${WEBAPP_CONTEXT}" + sed -i '\::i\' $CATALINA_HOME/conf/server.xml + fi fi } @@ -121,11 +127,11 @@ if [ "${POSTGRES_JNDI_ENABLED}" = "true" ]; then fi # Use a custom "context.xml" if the user mounted one into the container - copy_custom_config context.xml + copy_custom_config "context.xml" fi # Use a custom "server.xml" if the user mounted one into the container -copy_custom_config server.xml +copy_custom_config "server.xml" # start the tomcat # CIS - Tomcat Benchmark recommendations: From f41ecf84fc68d47fcfcdf5cb2eea21c9cb1276e6 Mon Sep 17 00:00:00 2001 From: Andreas Schmitz Date: Tue, 14 May 2024 15:45:04 +0200 Subject: [PATCH 04/16] fix: allow unicode filenames --- Dockerfile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 2b5ae24..232a952 100644 --- a/Dockerfile +++ b/Dockerfile @@ -32,7 +32,7 @@ ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ # init RUN apt update \ && apt -y upgrade \ - && apt install -y --no-install-recommends openssl unzip gdal-bin wget curl openjdk-11-jdk gettext \ + && apt install -y --no-install-recommends locales openssl unzip gdal-bin wget curl openjdk-11-jdk gettext \ && apt clean \ && rm -rf /var/cache/apt/* \ && rm -rf /var/lib/apt/lists/* @@ -104,6 +104,8 @@ EXPOSE 8080 WORKDIR /tmp +RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen + RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver From 97749438f8a95aa97548a565f1142b0192d1c0e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20B=C3=BChner?= Date: Wed, 29 May 2024 12:54:11 +0200 Subject: [PATCH 05/16] feat: ignore pg data when using compose example --- .dockerignore | 1 + .gitignore | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.dockerignore b/.dockerignore index 567609b..9f878ab 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1,2 @@ build/ +postgis/ diff --git a/.gitignore b/.gitignore index 92bc551..99ff525 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,3 @@ *.iml *.idea - +postgis/ From cb4e2d2eb62e9d77123e5182588a273cb5a2844b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nils=20B=C3=BChner?= Date: Wed, 29 May 2024 13:17:17 +0200 Subject: [PATCH 06/16] chore: use latest tomcat and geoserver versions --- Dockerfile | 6 +++--- README.md | 24 ++++++++++++------------ RELEASE.md | 10 +++++----- build/release.sh | 2 +- docker-compose-demo.yml | 2 +- 5 files changed, 22 insertions(+), 22 deletions(-) diff --git a/Dockerfile b/Dockerfile index 232a952..0d1cd15 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ FROM ubuntu:22.04 as tomcat -ARG TOMCAT_VERSION=9.0.86 +ARG TOMCAT_VERSION=9.0.89 ARG CORS_ENABLED=false ARG CORS_ALLOWED_ORIGINS=* ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS @@ -56,7 +56,7 @@ RUN apt purge -y \ FROM tomcat as download -ARG GS_VERSION=2.24.1 +ARG GS_VERSION=2.25.1 ARG GS_BUILD=release ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip ENV GEOSERVER_VERSION=$GS_VERSION @@ -72,7 +72,7 @@ RUN echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \ FROM tomcat as install -ARG GS_VERSION=2.24.1 +ARG GS_VERSION=2.25.1 ARG GS_BUILD=release ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions ARG COMMUNITY_PLUGIN_URL='' diff --git a/README.md b/README.md index 33ac5c4..e7d754a 100644 --- a/README.md +++ b/README.md @@ -18,20 +18,20 @@ This README.md file covers use of official docker image, additional [build](BUIL To pull an official image use ``docker.osgeo.org/geoserver:{{VERSION}}``, e.g.: ```shell -docker pull docker.osgeo.org/geoserver:2.24.1 +docker pull docker.osgeo.org/geoserver:2.25.1 ``` All the images can be found at: [https://repo.osgeo.org](https://repo.osgeo.org/#browse/browse:geoserver-docker:v2/geoserver/tags) and the latest stable and maintenance version numbers can be obtained from [https://geoserver.org/download/](https://geoserver.org/download/) Afterwards you can run the pulled image locally with: ```shell -docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.24.1 +docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.25.1 ``` Or if you want to start the container daemonized, use e.g.: ```shell -docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.24.1 +docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.25.1 ``` Check to see the geoserver page, @@ -48,7 +48,7 @@ To use an external folder as your geoserver data directory. ```shell docker run -it -p 80:8080 \ --mount src="/absolute/path/on/host",target=/opt/geoserver_data/,type=bind \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` An empty data directory will be populated on first use. You can easily update GeoServer while @@ -63,7 +63,7 @@ The environment variable `SKIP_DEMO_DATA` can be set to `true` to create an empt ```shell docker run -it -p 80:8080 \ --env SKIP_DEMO_DATA=true \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` ## How to set the application context path? @@ -104,8 +104,8 @@ The ``startup.sh`` script allows some customization on startup: * ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)** * ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``. -The CORS variables customize tomcat's `web.xml` file. If you need more customization, -you can provide your own customized `web.xml` file to tomcat by mounting it into the container +The CORS variables customize tomcat's `web.xml` file. If you need more customization, +you can provide your own customized `web.xml` file to tomcat by mounting it into the container at `/opt/config_overrides/web.xml`. Example installing wps and ysld extensions: @@ -113,7 +113,7 @@ Example installing wps and ysld extensions: ```shell docker run -it -p 80:8080 \ --env INSTALL_EXTENSIONS=true --env STABLE_EXTENSIONS="wps,ysld" \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` The list of extensions (taken from SourceForge download page): @@ -138,7 +138,7 @@ If you want to add geoserver extensions/libs, place the respective jar files in ```shell docker run -it -p 80:8080 \ --mount src="/dir/with/libs/on/host",target=/opt/additional_libs,type=bind \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` ## How to add additional fonts to the docker image (e.g. for SLD styling)? @@ -148,7 +148,7 @@ If you want to add custom fonts (the base image only contains 26 fonts) by using ```shell docker run -it -p 80:8080 \ --mount src="/dir/with/fonts/on/host",target=/opt/additional_fonts,type=bind \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` **Note:** Do not change the target value! @@ -183,7 +183,7 @@ Example: ```shell docker run -it -p 80:8080 \ --mount src="/path/to/my/server.xml",target=/opt/config_overrides/server.xml,type=bind \ - docker.osgeo.org/geoserver:2.24.1 + docker.osgeo.org/geoserver:2.25.1 ``` ## How to use the docker-compose demo? @@ -203,7 +203,7 @@ Following is the list of the all the environment variables that can be passed do | VAR NAME | DESCRIPTION | SAMPLE VALUE | |--------------|-----------|------------| | PATH | Used by geoserver internally to find all the libs | `/usr/local/sbin:/usr/local/bin:` | -| CATALINA_HOME | CATALINA home path | `/opt/apache-tomcat-9.0.86` | +| CATALINA_HOME | CATALINA home path | `/opt/apache-tomcat-9.0.89` | | EXTRA_JAVA_OPTS | Used to pass params to the JAVA environment. Check [ref](https://docs.oracle.com/en/java/javase/11/tools/java.html) | `-Xms256m -Xmx1g` | | CORS_ENABLED | CORS enabled configuration | `false` | | CORS_ALLOWED_ORIGINS | CORS origins configuration | `*` | diff --git a/RELEASE.md b/RELEASE.md index ec50fa8..806b83d 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -7,7 +7,7 @@ OSGeo maintains geoserver-docker.osgeo.org repository for publishing. The result Build locally: ```shell -docker build -t geoserver-docker.osgeo.org/geoserver:2.24.1 . +docker build -t geoserver-docker.osgeo.org/geoserver:2.25.1 . ``` Login using with osgeo user id: @@ -19,7 +19,7 @@ docker login geoserver-docker.osgeo.org Push to osgeo repository: ```shell -docker push geoserver-docker.osgeo.org/geoserver:2.24.1 +docker push geoserver-docker.osgeo.org/geoserver:2.25.1 ``` ## How to automate release? @@ -34,10 +34,10 @@ The third, optional, is used to supply the jenkins build number - triggering a n Examples: -`./release.sh build 2.24.1` +`./release.sh build 2.25.1` -`./release.sh publish 2.24.1` +`./release.sh publish 2.25.1` -`./release.sh buildandpublish 2.24.1` +`./release.sh buildandpublish 2.25.1` `./release.sh buildandpublish 2.24-SNAPSHOT 1234` diff --git a/build/release.sh b/build/release.sh index a946b43..b740716 100755 --- a/build/release.sh +++ b/build/release.sh @@ -9,7 +9,7 @@ function usage() { echo "$0 []" echo "" echo " mode : The mode. Choose one of 'build', 'publish' or 'buildandpublish'" - echo " version : The released version to build an docker image for (eg: 2.24.1, ${MAIN}-SNAPSHOT, ${MAIN}-RC)" + echo " version : The released version to build an docker image for (eg: 2.25.1, ${MAIN}-SNAPSHOT, ${MAIN}-RC)" echo " build : Build number (optional)" } diff --git a/docker-compose-demo.yml b/docker-compose-demo.yml index 8de1fc4..d5f49db 100644 --- a/docker-compose-demo.yml +++ b/docker-compose-demo.yml @@ -4,7 +4,7 @@ services: build: context: . args: - - GEOSERVER_VERSION=2.24.1 + - GEOSERVER_VERSION=2.25.1 - CORS_ENABLED=true - CORS_ALLOWED_METHODS=GET,POST,PUT,HEAD,OPTIONS ports: From 701203821a2c1659f3f3387132e95a120305af68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mitchell=20B=C3=B6secke?= Date: Wed, 15 Nov 2023 15:47:00 -0700 Subject: [PATCH 07/16] Added basic HTTPS support by mounting a JKS file and providing some environment variables. --- Dockerfile | 6 ++ README.md | 12 +++ config/server-https.xml | 181 ++++++++++++++++++++++++++++++++++++++++ startup.sh | 9 ++ 4 files changed, 208 insertions(+) create mode 100644 config/server-https.xml diff --git a/Dockerfile b/Dockerfile index 0d1cd15..8f2cb11 100644 --- a/Dockerfile +++ b/Dockerfile @@ -100,7 +100,13 @@ ENV POSTGRES_JNDI_ENABLED=false ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides +ENV HTTPS_ENABLED=false +ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks +ENV HTTPS_KEYSTORE_PASSWORD=changeit +ENV HTTPS_KEY_ALIAS=server + EXPOSE 8080 +EXPOSE 8443 WORKDIR /tmp diff --git a/README.md b/README.md index e7d754a..e37f111 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,8 @@ This Dockerfile can be used to create images for all geoserver versions since 2. * CORS support * Support extensions * Support additional libraries + * Support for PostgreSQL JNDI + * Support for HTTPS This README.md file covers use of official docker image, additional [build](BUILD.md) and [release](RELEASE.md) instructions are available. @@ -186,6 +188,16 @@ docker run -it -p 80:8080 \ docker.osgeo.org/geoserver:2.25.1 ``` +## How to enable HTTPS? + +To enable HTTPS, mount a JKS file to the container (ex. `/opt/keystore.jks`) and provide the following environment +variables: + +* ``HTTPS_ENABLED`` to `true` +* ``HTTPS_KEYSTORE_FILE`` (defaults to `/opt/keystore.jks`) +* ``HTTPS_KEYSTORE_PASSWORD`` (defaults to `changeit`) +* ``HTTPS_KEY_ALIAS`` (defaults to `server`) + ## How to use the docker-compose demo? The ``docker-compose-demo.yml`` to build with your own data directory and extensions. diff --git a/config/server-https.xml b/config/server-https.xml new file mode 100644 index 0000000..23c84cf --- /dev/null +++ b/config/server-https.xml @@ -0,0 +1,181 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/startup.sh b/startup.sh index 5be4084..23f9af9 100755 --- a/startup.sh +++ b/startup.sh @@ -144,6 +144,15 @@ if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/web.xml" ]; envsubst < "${CONFIG_OVERRIDES_DIR}"/web.xml > "${CATALINA_HOME}/webapps/geoserver/WEB-INF/web.xml" fi +if [ "${HTTPS_ENABLED}" = "true" ]; then + if [ ! -f "${HTTPS_KEYSTORE_FILE}" ]; then + echo "ERROR: HTTPS was enabled but keystore file was not mounted to container [${HTTPS_KEYSTORE_FILE}]" + exit 1 + fi + echo "Installing [${CATALINA_HOME}/conf/server.xml] with HTTPS support using substituted environment variables" + envsubst < "${CONFIG_DIR}"/server-https.xml > "${CATALINA_HOME}/conf/server.xml" +fi + # start the tomcat # CIS - Tomcat Benchmark recommendations: # * Turn off session facade recycling From f6b80ad40db0ba96e14156adb23315e9c3a9c239 Mon Sep 17 00:00:00 2001 From: Dirk Mennecke Date: Fri, 24 May 2024 15:06:12 +0200 Subject: [PATCH 08/16] Replace line breaks and run startup script with bash --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 8f2cb11..afbd00d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -149,12 +149,12 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true # GeoServer user => restrict access to $CATALINA_HOME and GeoServer directories # See also CIS Docker benchmark and docker best practices -RUN chmod +x /opt/*.sh +RUN chmod +x /opt/*.sh && sed -i 's/\r$//' /opt/startup.sh ENV WEBAPP_CONTEXT=geoserver ENV HEALTHCHECK_URL='' -ENTRYPOINT ["/opt/startup.sh"] +ENTRYPOINT ["bash", "/opt/startup.sh"] WORKDIR /opt From e4263e6d1cb73c0f36d66c0048400b4302453a74 Mon Sep 17 00:00:00 2001 From: Dirk Mennecke Date: Fri, 24 May 2024 15:08:01 +0200 Subject: [PATCH 09/16] Edit startup.sh to handle credentials update --- startup.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/startup.sh b/startup.sh index 23f9af9..e7c9041 100755 --- a/startup.sh +++ b/startup.sh @@ -163,4 +163,8 @@ if [ ! "${ENABLE_DEFAULT_SHUTDOWN}" = "true" ]; then REPLACEMENT= fi +if [ -n "$GEOSERVER_ADMIN_PASSWORD" ] && [ -n "$GEOSERVER_ADMIN_USER" ]; then + /bin/sh /opt/update_credentials.sh +fi + exec $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true From 33a221ac413071a53f22930f1fe246014ffb5050 Mon Sep 17 00:00:00 2001 From: Dirk Mennecke Date: Fri, 24 May 2024 15:10:05 +0200 Subject: [PATCH 10/16] Add update_credentials script --- update_credentials.sh | 71 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 update_credentials.sh diff --git a/update_credentials.sh b/update_credentials.sh new file mode 100644 index 0000000..599ae9f --- /dev/null +++ b/update_credentials.sh @@ -0,0 +1,71 @@ +#!/bin/bash + +# Credits to https://github.com/meggsimum/geoserver-docker/ and https://github.com/kartoza/docker-geoserver + +echo "Updating GeoServer Credentials ..." + +if [ ${DEBUG} ]; then + set -e + set -x +fi; + +# copy over default security folder to data dir (if not existing) +if [ ! -d "${GEOSERVER_DATA_DIR}security" ]; then + cp -r ${CATALINA_HOME}"/webapps/"$APP_PATH_PREFIX"geoserver/data/security" ${GEOSERVER_DATA_DIR} +fi + +GEOSERVER_ADMIN_USER=${GEOSERVER_ADMIN_USER:-admin} +GEOSERVER_ADMIN_PASSWORD=${GEOSERVER_ADMIN_PASSWORD:-geoserver} + +# templates to use as base for replacement +USERS_XML_ORIG=${CATALINA_HOME}"/webapps/"$APP_PATH_PREFIX"geoserver/data/security/usergroup/default/users.xml" +echo "USING USERS XML ORIGINAL:" $USERS_XML_ORIG +ROLES_XML_ORIG=${CATALINA_HOME}"/webapps/"$APP_PATH_PREFIX"geoserver/data/security/role/default/roles.xml" +echo "USING ROLES XML ORIGINAL:" $ROLES_XML_ORIG + +# final users.xml file GeoServer data dir +USERS_XML=${USERS_XML:-${GEOSERVER_DATA_DIR}security/usergroup/default/users.xml} +echo "SETTING USERS XML:" $USERS_XML +# final roles.xml file GeoServer data dir +ROLES_XML=${ROLES_XML:-${GEOSERVER_DATA_DIR}security/role/default/roles.xml} +echo "SETTING ROLES XML:" . $ROLES_XML + +CLASSPATH=$CATALINA_HOME/webapps/$APP_PATH_PREFIX"geoserver/WEB-INF/lib/" + +# tmp files +TMP_USERS=/tmp/users.xml +TMP_ROLES=/tmp/roles.xml + +make_hash(){ + NEW_PASSWORD=$1 + (echo "digest1:" && java -classpath $(find $CLASSPATH -regex ".*jasypt-[0-9]\.[0-9]\.[0-9].*jar") org.jasypt.intf.cli.JasyptStringDigestCLI digest.sh algorithm=SHA-256 saltSizeBytes=16 iterations=100000 input="$NEW_PASSWORD" verbose=0) | tr -d '\n' +} + +# create PW hash for given password +PWD_HASH=$(make_hash $GEOSERVER_ADMIN_PASSWORD) + +# USERS.XML SETUP +# +cat $USERS_XML_ORIG | sed -e "s/ name=\".*\" / name=\"${GEOSERVER_ADMIN_USER}\" /" | sed -e "s|password=\".*\"/|password=\"${PWD_HASH}\"\/|" > $TMP_USERS +if [ $? -eq 0 ] +then + mv $TMP_USERS $USERS_XML + echo "Successfully replaced $USERS_XML" +else + echo "CAUTION: Abort update_credentials.sh due to error while creating users.xml. File at $USERS_XML keeps untouched" + exit +fi + +# ROLES.XML SETUP +# +cat $ROLES_XML_ORIG | sed -e "s/ username=\".*\"/ username=\"${GEOSERVER_ADMIN_USER}\"/" > $TMP_ROLES +if [ $? -eq 0 ] +then + mv $TMP_ROLES $ROLES_XML + echo "Successfully replaced $ROLES_XML" +else + echo "CAUTION: Abort update_credentials.sh due to error while creating roles.xml. File at $ROLES_XML keeps untouched" + exit +fi + +echo "... DONE updating GeoServer Credentials ..." \ No newline at end of file From b591a1a4c5062d7f60476ca754f133894a90138e Mon Sep 17 00:00:00 2001 From: Dirk Mennecke Date: Thu, 6 Jun 2024 09:41:36 +0200 Subject: [PATCH 11/16] Update readme --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index e37f111..6e6dcdf 100644 --- a/README.md +++ b/README.md @@ -236,6 +236,8 @@ Following is the list of the all the environment variables that can be passed do | SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | `false` | | ROOT_WEBAPP_REDIRECT | Indicates whether to issue a permanent redirect to the web interface | `false` | | HEALTHCHECK_URL | URL to the resource / endpoint used for `docker` health checks | `http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png` | +| GEOSERVER_ADMIN_USER | Admin username | | +| GEOSERVER_ADMIN_PASSWORD | Admin password | | The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up). | VAR NAME | DESCRIPTION | SAMPLE VALUE | From 7d3e39ae91b332fc144e2a2e778dc734728a7800 Mon Sep 17 00:00:00 2001 From: Dirk Mennecke Date: Thu, 6 Jun 2024 12:55:08 +0200 Subject: [PATCH 12/16] Update README environment variables --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6e6dcdf..7c5c5b0 100644 --- a/README.md +++ b/README.md @@ -236,7 +236,7 @@ Following is the list of the all the environment variables that can be passed do | SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | `false` | | ROOT_WEBAPP_REDIRECT | Indicates whether to issue a permanent redirect to the web interface | `false` | | HEALTHCHECK_URL | URL to the resource / endpoint used for `docker` health checks | `http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png` | -| GEOSERVER_ADMIN_USER | Admin username | | +| GEOSERVER_ADMIN_USER | Admin username | | | GEOSERVER_ADMIN_PASSWORD | Admin password | | The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up). From fde66168aff3e2e5e812c76031256e1009e084eb Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Fri, 12 Jan 2024 10:25:43 -0500 Subject: [PATCH 13/16] added env variable to specify which tomcat context GeoServer should be deployed at, including ROOT. added logic to ignore ROOT_WEBAPP_REDIRECT if context is ROOT added logic to choose the correct url for the healthcheck --- Dockerfile | 10 ++++++---- startup.sh | 10 +++++----- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index afbd00d..df37c88 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,6 +17,7 @@ ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS ENV DEBIAN_FRONTEND=noninteractive +ENV WEBAPP_CONTEXT=geoserver # see https://docs.geoserver.org/stable/en/user/production/container.html ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ @@ -85,7 +86,7 @@ ENV GEOSERVER_VERSION=$GS_VERSION ENV GEOSERVER_BUILD=$GS_BUILD ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml -ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ +ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ ENV INSTALL_EXTENSIONS=false ENV WAR_ZIP_URL=$WAR_ZIP_URL ENV STABLE_EXTENSIONS='' @@ -99,6 +100,7 @@ ENV ROOT_WEBAPP_REDIRECT=false ENV POSTGRES_JNDI_ENABLED=false ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides +ENV HEALTHCHECK_URL=http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png ENV HTTPS_ENABLED=false ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks @@ -114,12 +116,12 @@ RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" -COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver +COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/$WEBAPP_CONTEXT -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ +RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ && mkdir -p $GEOSERVER_DATA_DIR -RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ +RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR diff --git a/startup.sh b/startup.sh index e7c9041..d75fed0 100755 --- a/startup.sh +++ b/startup.sh @@ -51,7 +51,7 @@ echo "${HEALTHCHECK_URL:-$DEFAULT_HEALTHCHECK_URL}" > $CATALINA_HOME/conf/health ## install release data directory if needed before starting tomcat if [ ! -z "$GEOSERVER_REQUIRE_FILE" ] && [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war" - cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR + cp -r $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/data/* $GEOSERVER_DATA_DIR fi ## install GeoServer extensions before starting the tomcat @@ -61,7 +61,7 @@ fi # we also count whether at least one file with the extensions exists count=`ls -1 $ADDITIONAL_LIBS_DIR/*.jar 2>/dev/null | wc -l` if [ -d "$ADDITIONAL_LIBS_DIR" ] && [ $count != 0 ]; then - cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ + cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ echo "Installed $count JAR extension file(s) from the additional libs folder" fi @@ -78,8 +78,8 @@ fi # to the end of the web.xml # (this will only happen if our filter has not yet been added before) if [ "${CORS_ENABLED}" = "true" ]; then - if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then - echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml" + if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; then + echo "Enable CORS for $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml" # Add support for access-control-allow-credentials when the origin is not a wildcard when specified via env var if [ "${CORS_ALLOWED_ORIGINS}" != "*" ] && [ "${CORS_ALLOW_CREDENTIALS}" = "true" ]; then @@ -112,7 +112,7 @@ if [ "${CORS_ENABLED}" = "true" ]; then \n\ DockerGeoServerCorsFilter\n\ /*\n\ - " "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; + " "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; fi fi From 31aa91735c9683d620a9ee8ce7432115f9e0bb13 Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Tue, 13 Feb 2024 13:50:05 -0500 Subject: [PATCH 14/16] Added context element to config/server.xml and set autoDeploy and deployOnStartup to false url in HEALTHCHECK written to file so that it can be set on startup updated README with usage info --- Dockerfile | 16 ++++++++++------ startup.sh | 14 +++++++------- 2 files changed, 17 insertions(+), 13 deletions(-) diff --git a/Dockerfile b/Dockerfile index df37c88..06311db 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,6 @@ ENV CORS_ALLOWED_METHODS=$CORS_ALLOWED_METHODS ENV CORS_ALLOWED_HEADERS=$CORS_ALLOWED_HEADERS ENV CORS_ALLOW_CREDENTIALS=$CORS_ALLOW_CREDENTIALS ENV DEBIAN_FRONTEND=noninteractive -ENV WEBAPP_CONTEXT=geoserver # see https://docs.geoserver.org/stable/en/user/production/container.html ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \ @@ -86,7 +85,7 @@ ENV GEOSERVER_VERSION=$GS_VERSION ENV GEOSERVER_BUILD=$GS_BUILD ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/ ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml -ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ +ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ ENV INSTALL_EXTENSIONS=false ENV WAR_ZIP_URL=$WAR_ZIP_URL ENV STABLE_EXTENSIONS='' @@ -100,7 +99,12 @@ ENV ROOT_WEBAPP_REDIRECT=false ENV POSTGRES_JNDI_ENABLED=false ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides -ENV HEALTHCHECK_URL=http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png +ENV WEBAPP_CONTEXT=geoserver +ENV HEALTHCHECK_URL='' +ENV HTTPS_ENABLED=false +ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks +ENV HTTPS_KEYSTORE_PASSWORD=changeit +ENV HTTPS_KEY_ALIAS=server ENV HTTPS_ENABLED=false ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks @@ -116,12 +120,12 @@ RUN echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen RUN echo "Installing GeoServer $GS_VERSION $GS_BUILD" -COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/$WEBAPP_CONTEXT +COPY --from=download /tmp/geoserver $CATALINA_HOME/webapps/geoserver -RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ +RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \ && mkdir -p $GEOSERVER_DATA_DIR -RUN mv $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ +RUN mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/postgresql-*.jar $CATALINA_HOME/lib/ COPY $GS_DATA_PATH $GEOSERVER_DATA_DIR COPY $ADDITIONAL_LIBS_PATH $GEOSERVER_LIB_DIR diff --git a/startup.sh b/startup.sh index d75fed0..35f4ddc 100755 --- a/startup.sh +++ b/startup.sh @@ -43,15 +43,15 @@ fi # Set the HEALTHCHECK URL depending on the webapp context # remove duplicate forward slashes -DEFAULT_HEALTHCHECK_URL=$(echo "localhost:8080/${WEBAPP_CONTEXT}/ows?service=wms&version=1.3.0&request=GetCapabilities" | tr -s /) +DEFAULT_HEALTHCHECK_URL=$(echo "localhost:8080/${WEBAPP_CONTEXT}/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png" | tr -s /) DEFAULT_HEALTHCHECK_URL="http://${DEFAULT_HEALTHCHECK_URL}" -# write the healthcheck URL to a file that user geoserver has access to but is not served by tomcat +# write the healthcheck URL to a file that geoserver user has access to but is not served by tomcat echo "${HEALTHCHECK_URL:-$DEFAULT_HEALTHCHECK_URL}" > $CATALINA_HOME/conf/healthcheck_url.txt ## install release data directory if needed before starting tomcat if [ ! -z "$GEOSERVER_REQUIRE_FILE" ] && [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war" - cp -r $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/data/* $GEOSERVER_DATA_DIR + cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR fi ## install GeoServer extensions before starting the tomcat @@ -61,7 +61,7 @@ fi # we also count whether at least one file with the extensions exists count=`ls -1 $ADDITIONAL_LIBS_DIR/*.jar 2>/dev/null | wc -l` if [ -d "$ADDITIONAL_LIBS_DIR" ] && [ $count != 0 ]; then - cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/lib/ + cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/ echo "Installed $count JAR extension file(s) from the additional libs folder" fi @@ -78,8 +78,8 @@ fi # to the end of the web.xml # (this will only happen if our filter has not yet been added before) if [ "${CORS_ENABLED}" = "true" ]; then - if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; then - echo "Enable CORS for $CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml" + if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then + echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml" # Add support for access-control-allow-credentials when the origin is not a wildcard when specified via env var if [ "${CORS_ALLOWED_ORIGINS}" != "*" ] && [ "${CORS_ALLOW_CREDENTIALS}" = "true" ]; then @@ -112,7 +112,7 @@ if [ "${CORS_ENABLED}" = "true" ]; then \n\ DockerGeoServerCorsFilter\n\ /*\n\ - " "$CATALINA_HOME/webapps/$WEBAPP_CONTEXT/WEB-INF/web.xml"; + " "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; fi fi From 91846716a31e0c946f801f54c7b61e2728ae1086 Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Mon, 8 Jul 2024 21:20:52 -0400 Subject: [PATCH 15/16] fix merge errors add config in server-https.xml --- Dockerfile | 7 ------- config/server-https.xml | 23 +++++++++++++++++++++-- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/Dockerfile b/Dockerfile index 06311db..7f046be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -101,10 +101,6 @@ ENV CONFIG_DIR=/opt/config ENV CONFIG_OVERRIDES_DIR=/opt/config_overrides ENV WEBAPP_CONTEXT=geoserver ENV HEALTHCHECK_URL='' -ENV HTTPS_ENABLED=false -ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks -ENV HTTPS_KEYSTORE_PASSWORD=changeit -ENV HTTPS_KEY_ALIAS=server ENV HTTPS_ENABLED=false ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks @@ -157,9 +153,6 @@ RUN find / -perm /6000 -type f -exec chmod a-s {} \; || true # See also CIS Docker benchmark and docker best practices RUN chmod +x /opt/*.sh && sed -i 's/\r$//' /opt/startup.sh -ENV WEBAPP_CONTEXT=geoserver -ENV HEALTHCHECK_URL='' - ENTRYPOINT ["bash", "/opt/startup.sh"] WORKDIR /opt diff --git a/config/server-https.xml b/config/server-https.xml index 23c84cf..3c2e40e 100644 --- a/config/server-https.xml +++ b/config/server-https.xml @@ -160,7 +160,7 @@ + unpackWARs="true" autoDeploy="false" deployOnStartup="false"> @@ -174,7 +174,26 @@ - + + + From 56b2c66da8057751bdc2feee5e169bb1e71e33b4 Mon Sep 17 00:00:00 2001 From: Chris Barnett Date: Mon, 8 Jul 2024 23:31:01 -0400 Subject: [PATCH 16/16] Squashed commit of the following: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit c94bd75cacbf4d8991da66a787151be9d353d9d9 Merge: 7ea027c 6d965d2 Author: Nils Bühner Date: Thu Jun 6 17:33:04 2024 +0200 Merge pull request #60 from dmenneck/update-admin-credentials Update docs commit 6d965d2f6104f96fa36254a266cebc2769965a95 Author: Dirk Mennecke Date: Thu Jun 6 12:55:08 2024 +0200 Update README environment variables commit c0d6edd74d3bfe79d45f1a17a683adecdaf6a32d Author: Dirk Mennecke Date: Thu Jun 6 09:41:36 2024 +0200 Update readme commit 7ea027c7610f7492272c2203519c42b2f50b43e2 Merge: 7be6e68 119ec88 Author: Nils Bühner Date: Thu Jun 6 09:36:05 2024 +0200 Merge pull request #57 from dmenneck/update-admin-credentials Set admin credentials with environment variables commit 7be6e68b2eb06993b8e0c9b322953a523c589f9d Merge: 77945ab 41d2116 Author: Nils Bühner Date: Wed May 29 14:37:59 2024 +0200 Merge pull request #34 from mbosecke/ssl Added basic HTTPS support commit 77945ab50ddb80cc85c7dec7850eb136dc74e7f1 Merge: 6a20333 ef8d2af Author: Nils Bühner Date: Wed May 29 13:18:06 2024 +0200 Merge pull request #59 from buehner/gs-2.25.1-tomcat-9.0.89 chore: use latest tomcat and geoserver versions commit ef8d2afa959de2be189b5d97017714410fd002b6 Author: Nils Bühner Date: Wed May 29 13:17:17 2024 +0200 chore: use latest tomcat and geoserver versions commit 6a203332f50d729c19b9c7a3f4048abb8ae3e1ca Merge: d41f90b 37362a3 Author: Nils Bühner Date: Wed May 29 13:00:06 2024 +0200 Merge pull request #58 from buehner/ignore-pg-data feat: ignore pg data when using compose example commit 37362a3c43fafd297e24f60030d994b14c39a292 Author: Nils Bühner Date: Wed May 29 12:54:11 2024 +0200 feat: ignore pg data when using compose example commit d41f90b965eb4cdcc12f2deb05e7c82584a34aaf Merge: 0d4736f a8029b3 Author: Nils Bühner Date: Wed May 29 12:39:55 2024 +0200 Merge pull request #56 from hwbllmnn/allow-unicode-filenames fix: allow unicode filenames commit 119ec88b8fa1fdbf4bea0e0408f4574946b9506e Author: Dirk Mennecke Date: Fri May 24 15:10:05 2024 +0200 Add update_credentials script commit 96e081901bc75d325faeb10c26b082d88b643aae Author: Dirk Mennecke Date: Fri May 24 15:08:01 2024 +0200 Edit startup.sh to handle credentials update commit 5857fa382b677297a4dbdba3ad9d6854aae5f882 Author: Dirk Mennecke Date: Fri May 24 15:06:12 2024 +0200 Replace line breaks and run startup script with bash commit a8029b3eba77a18449c39b73b8ce655f5ab41e41 Author: Andreas Schmitz Date: Tue May 14 15:45:04 2024 +0200 fix: allow unicode filenames commit 41d2116ee2091e99bf95bf6c21cef416c10effcc Author: Mitchell Bösecke Date: Wed Nov 15 15:47:00 2023 -0700 Added basic HTTPS support by mounting a JKS file and providing some environment variables. --- Dockerfile | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Dockerfile b/Dockerfile index 7f046be..e961a0c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -107,6 +107,11 @@ ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks ENV HTTPS_KEYSTORE_PASSWORD=changeit ENV HTTPS_KEY_ALIAS=server +ENV HTTPS_ENABLED=false +ENV HTTPS_KEYSTORE_FILE=/opt/keystore.jks +ENV HTTPS_KEYSTORE_PASSWORD=changeit +ENV HTTPS_KEY_ALIAS=server + EXPOSE 8080 EXPOSE 8443