steve
/
geoserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: steve:master
Branches Tags
steve:renovate/tomcat-9.x
steve:renovate/github-codeql-action-digest
steve:renovate/tomcat-9.0.98-jdk17-temurin-jammy
steve:master
steve:jdk17
steve:gs-2.25.3
..
compare: steve:gs-2.25.3
Branches Tags
steve:renovate/tomcat-9.x
steve:renovate/github-codeql-action-digest
steve:renovate/tomcat-9.0.98-jdk17-temurin-jammy
steve:master
steve:jdk17
steve:gs-2.25.3

No commits in common. "master" and "gs-2.25.3" have entirely different histories.
master ... gs-2.25.3

9 changed files with 61 additions and 171 deletions
Show Stats Expand all files Collapse all files

4
.github/workflows/trivy.yml vendored
View File

@ -9,7 +9,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: Build image
run: docker build -t geoserver-docker.osgeo.org/geoserver:${{ github.sha }} .
- name: Run trivy
@ -22,6 +22,6 @@ jobs:
severity: 'CRITICAL,HIGH'
vuln-type: 'os,library'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@dd746615b3b9d728a6a37ca2045b68ca76d4841a # v3
uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3
with:
sarif_file: 'trivy-results.sarif'

18
BUILD.md
View File

@ -65,14 +65,14 @@ Override these arguments to make use of build.geoserver.org nightly releases:
* ``--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/ext-latest/``
* ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/${GS_VERSION}/community-latest/``
Here is a working example for building 2.26.x nightly build::
Here is a working example for building 2.25.x nightly build::
```
docker build --no-cache-filter download,install \
--build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.26.x/geoserver-2.26.x-latest-war.zip \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.26.x/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.26.x/community-latest/ \
--build-arg WAR_ZIP_URL=https://build.geoserver.org/geoserver/2.25.x/geoserver-2.25.x-latest-war.zip \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/2.25.x/community-latest/ \
--build-arg GS_VERSION=2.24-SNAPSHOT \
-t 2.26.x .
-t 2.25.x .
```
When running both stable extensions and community modules can be included:
@ -82,7 +82,7 @@ docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true \
--env STABLE_EXTENSIONS="ysld" \
--env COMMUNITY_EXTENSIONS="ogcapi" \
-t 2.26.x
-t 2.25.x
```
Community modules are only available for nightly builds as they have not yet met the requirements for production use. Developers have shared these to attract participation, feedback and funding.
@ -96,7 +96,7 @@ The build.geoserver.org output for the ``main`` branch requires the following:
* ``--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/``
Here is a working example for building main branch as 2.26.x build:
Here is a working example for building main branch as 2.25.x build:
```
docker build --no-cache-filter download,install \
@ -104,7 +104,7 @@ docker build --no-cache-filter download,install \
--build-arg STABLE_PLUGIN_URL=https://build.geoserver.org/geoserver/main/ext-latest/ \
--build-arg COMMUNITY_PLUGIN_URL=https://build.geoserver.org/geoserver/main/community-latest/ \
--build-arg GS_VERSION=2.24-SNAPSHOT \
-t 2.26.x .
-t 2.25.x .
```
When running both [stable extensions](https://build.geoserver.org/geoserver/main/ext-latest/) and [community modules](https://build.geoserver.org/geoserver/main/community-latest/) can be included:
@ -114,6 +114,6 @@ docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true \
--env STABLE_EXTENSIONS="wps,css" \
--env COMMUNITY_EXTENSIONS="ogcapi-coverages,ogcapi-dggs,ogcapi-features,ogcapi-images,ogcapi-maps,ogcapi-styles,ogcapi-tiled-features,ogcapi-tiles" \
-t 2.26.x
-t 2.25.x
```

49
Dockerfile
View File

@ -1,18 +1,18 @@
FROM tomcat:9.0.98-jdk17-temurin-jammy@sha256:4cce4376204e1b73ec6864988d6a7da3f7648fd5209442323fabaa00fbe6c335
FROM tomcat:9.0.95-jdk11-temurin-jammy@sha256:8e90c21d9feb8b6d03706200de17670d0e202aa623a78958c1971a8fd4c58613
LABEL vendor="osgeo.org"
# Build arguments
ARG ADDITIONAL_FONTS_PATH=./additional_fonts/
ARG ADDITIONAL_LIBS_PATH=./additional_libs/
ARG COMMUNITY_PLUGIN_URL=''
ARG CORS_ALLOWED_HEADERS=Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
ARG CORS_ALLOWED_HEADERS=*
ARG CORS_ALLOWED_METHODS=GET,POST,PUT,DELETE,HEAD,OPTIONS
ARG CORS_ALLOWED_ORIGINS=*
ARG CORS_ALLOW_CREDENTIALS=false
ARG CORS_ENABLED=false
ARG GS_BUILD=release
ARG GS_DATA_PATH=./geoserver_data/
ARG GS_VERSION=2.26.2
ARG GS_VERSION=2.25.3
ARG STABLE_PLUGIN_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/extensions
ARG WAR_ZIP_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip
@ -33,43 +33,20 @@ ENV EXTRA_JAVA_OPTS="-Xms256m -Xmx1g"
ENV GEOSERVER_BUILD=$GS_BUILD
ENV GEOSERVER_DATA_DIR=/opt/geoserver_data/
ENV GEOSERVER_LIB_DIR=$CATALINA_HOME/webapps/geoserver/WEB-INF/lib/
ENV SET_GEOSERVER_REQUIRE_FILE=true
ENV GEOSERVER_REQUIRE_FILE=$GEOSERVER_DATA_DIR/global.xml
ENV GEOSERVER_VERSION=$GS_VERSION
ENV HEALTHCHECK_URL=''
ENV INSTALL_EXTENSIONS=false
ENV POSTGRES_JNDI_ENABLED=false
ENV ROOT_WEBAPP_REDIRECT=false
ENV RUN_UNPRIVILEGED=false
ENV RUN_WITH_USER_UID=
ENV RUN_WITH_USER_GID=
ENV CHANGE_OWNERSHIP_ON_FOLDERS="/opt $GEOSERVER_DATA_DIR"
ENV SKIP_DEMO_DATA=false
ENV STABLE_EXTENSIONS=''
ENV STABLE_PLUGIN_URL=$STABLE_PLUGIN_URL
ENV WAR_ZIP_URL=$WAR_ZIP_URL
ENV WEBAPP_CONTEXT=geoserver
# ENV JDK_JAVA_OPTIONS=--add-exports=java.desktop/sun.awt.image=ALL-UNNAMED \
# --add-opens=java.base/java.lang=ALL-UNNAMED \
# --add-opens=java.base/java.util=ALL-UNNAMED \
# --add-opens=java.base/java.lang.reflect=ALL-UNNAMED \
# --add-opens=java.base/java.text=ALL-UNNAMED \
# --add-opens=java.desktop/java.awt.font=ALL-UNNAMED \
# --add-opens=java.desktop/sun.awt.image=ALL-UNNAMED \
# --add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED \
# --add-opens=java.desktop/sun.java2d.pipe=ALL-UNNAMED
# see https://docs.geoserver.org/stable/en/user/production/container.html
ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \
--add-exports=java.desktop/sun.awt.image=ALL-UNNAMED \
--add-opens=java.base/java.lang=ALL-UNNAMED \
--add-opens=java.base/java.util=ALL-UNNAMED \
--add-opens=java.base/java.lang.reflect=ALL-UNNAMED \
--add-opens=java.base/java.text=ALL-UNNAMED \
--add-opens=java.desktop/java.awt.font=ALL-UNNAMED \
--add-opens=java.desktop/sun.awt.image=ALL-UNNAMED \
--add-opens=java.naming/com.sun.jndi.ldap=ALL-UNNAMED \
--add-opens=java.desktop/sun.java2d.pipe=ALL-UNNAMED \
-Djava.awt.headless=true -server \
-Dfile.encoding=UTF-8 \
-Djavax.servlet.request.encoding=UTF-8 \
@ -81,23 +58,19 @@ ENV CATALINA_OPTS="\$EXTRA_JAVA_OPTS \
WORKDIR /tmp
# Install dependencies
# Install dependencies and download geoserver
RUN set -eux \
&& export DEBIAN_FRONTEND=noninteractive \
&& apt-get update \
&& apt-get install -y --no-install-recommends openssl unzip curl locales gettext gosu \
&& apt-get install -y --no-install-recommends openssl unzip curl locales gettext \
&& apt-get clean \
&& rm -rf /var/cache/apt/* \
&& rm -rf /var/lib/apt/lists/*
# Download geoserver
RUN set -eux \
&& rm -rf /var/lib/apt/lists/* \
&& echo "Downloading GeoServer ${GS_VERSION} ${GS_BUILD}" \
&& wget -q -O /tmp/geoserver.zip $WAR_ZIP_URL \
&& unzip geoserver.zip geoserver.war -d /tmp/ \
&& unzip -q /tmp/geoserver.war -d /tmp/geoserver \
&& rm /tmp/geoserver.war \
&& rm geoserver.zip \
&& echo "Installing GeoServer $GS_VERSION $GS_BUILD" \
&& mv /tmp/geoserver $CATALINA_HOME/webapps/geoserver \
&& mv $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/marlin-*.jar $CATALINA_HOME/lib/marlin.jar \
@ -143,14 +116,6 @@ RUN apt purge -y \
RUN chmod +x /opt/*.sh && sed -i 's/\r$//' /opt/startup.sh
# # Create a non-privileged tomcat user
# ARG USER_GID=999
# ARG USER_UID=999
# RUN addgroup --gid ${USER_GID} tomcat && \
# adduser --system -u ${USER_UID} --gid ${USER_GID} --no-create-home tomcat && \
# chown -R tomcat:tomcat /opt && \
# chown tomcat:tomcat $GEOSERVER_DATA_DIR
ENTRYPOINT ["bash", "/opt/startup.sh"]
WORKDIR /opt

55
README.md
View File

@ -21,20 +21,20 @@ This README.md file covers use of official docker image, additional [build](BUIL
To pull an official image use ``docker.osgeo.org/geoserver:{{VERSION}}``, e.g.:
```shell
docker pull docker.osgeo.org/geoserver:2.26.2
docker pull docker.osgeo.org/geoserver:2.25.3
```
All the images can be found at: [https://repo.osgeo.org](https://repo.osgeo.org/#browse/browse:geoserver-docker:v2/geoserver/tags) and the latest stable and maintenance version numbers can be obtained from [https://geoserver.org/download/](https://geoserver.org/download/)
Afterwards you can run the pulled image locally with:
```shell
docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.26.2
docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.25.3
```
Or if you want to start the container daemonized, use e.g.:
```shell
docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.26.2
docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.25.3
```
Check <http://localhost/geoserver> to see the geoserver page,
@ -51,7 +51,7 @@ To use an external folder as your geoserver data directory.
```shell
docker run -it -p 80:8080 \
--mount src="/absolute/path/on/host",target=/opt/geoserver_data/,type=bind \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
An empty data directory will be populated on first use. You can easily update GeoServer while
@ -66,7 +66,7 @@ The environment variable `SKIP_DEMO_DATA` can be set to `true` to create an empt
```shell
docker run -it -p 80:8080 \
--env SKIP_DEMO_DATA=true \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
## How to set the application context path?
@ -79,14 +79,14 @@ The following will serve GeoServer from the root (<http://localhost/>):
```shell
docker run -it -p 80:8080 \
--env WEBAPP_CONTEXT="" \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.1
```
The following will serve GeoServer from <http://localhost/my_context_path>:
```shell
docker run -it -p 80:8080 \
--env WEBAPP_CONTEXT="my_context_path" \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.1
```
## How to issue a redirect from the root ("/") to GeoServer web interface ("/geoserver/web")?
@ -103,7 +103,7 @@ The ``startup.sh`` script allows some customization on startup:
* ``CORS_ENABLED`` to ``true`` to enable CORS support. The following environment variables can be used to customize the CORS configuration.
* ``CORS_ALLOWED_ORIGINS`` (default ``*``)
* ``CORS_ALLOWED_METHODS`` (default ``GET,POST,PUT,DELETE,HEAD,OPTIONS``)
* ``CORS_ALLOWED_HEADERS`` (default ``Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers``)
* ``CORS_ALLOWED_HEADERS`` (default ``*``)
* ``CORS_ALLOW_CREDENTIALS`` (default ``false``) **Setting this to ``true`` will only have the desired effect if ``CORS_ALLOWED_ORIGINS`` defines explicit origins (not ``*``)**
* ``PROXY_BASE_URL`` to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: ``https://example.com/geoserver``.
@ -116,7 +116,7 @@ Example installing wps and ysld extensions:
```shell
docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true --env STABLE_EXTENSIONS="wps,ysld" \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
The list of extensions (taken from SourceForge download page):
@ -141,7 +141,7 @@ If you want to add geoserver extensions/libs, place the respective jar files in
```shell
docker run -it -p 80:8080 \
--mount src="/dir/with/libs/on/host",target=/opt/additional_libs,type=bind \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
## How to add additional fonts to the docker image (e.g. for SLD styling)?
@ -151,7 +151,7 @@ If you want to add custom fonts (the base image only contains 26 fonts) by using
```shell
docker run -it -p 80:8080 \
--mount src="/dir/with/fonts/on/host",target=/opt/additional_fonts,type=bind \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
**Note:** Do not change the target value!
@ -171,15 +171,12 @@ To enable a PostgreSQL JNDI resource, provide the following environment variable
In geoserver, you can then reference this JNDI resource using the name `java:comp/env/jdbc/postgres` (if using default).
Note: previously you could tweak the JNDI settings in a custom `context.xml` (see below), but its contents are now included in `server.xml`.
## How to use custom (tomcat) configuration files
This image provides default (tomcat) configurations that are located in the `./config/` subdir.
* `context.xml` (see/compare JNDI feature from above)
* `server.xml` (security hardened version by default)
* ~context.xml~ (now included into `server.xml`, previously used for JNDI settings)
In case you want to fully overwrite such a config file, you can do so by mounting it to the `/opt/config_overrides/` directory of a container.
The `startup.sh` script will then copy (and overwrite) these files to the catalina conf directory before starting tomcat.
@ -189,7 +186,7 @@ Example:
```shell
docker run -it -p 80:8080 \
--mount src="/path/to/my/server.xml",target=/opt/config_overrides/server.xml,type=bind \
docker.osgeo.org/geoserver:2.26.2
docker.osgeo.org/geoserver:2.25.3
```
## How to enable HTTPS?
@ -202,15 +199,6 @@ variables:
* ``HTTPS_KEYSTORE_PASSWORD`` (defaults to `changeit`)
* ``HTTPS_KEY_ALIAS`` (defaults to `server`)
## How to run it as a non-privileged user ?
It is usually considered a good practice to run the containers as a non-privileged user (not `root`).
While it runs by default as root, for backwards compatibility reasons, several environment variables allow you to change this behaviour:
- `RUN_UNPRIVILEGED=true`: run as unprivileged user `tomcat`. Default uid:gid are 999:999
- `RUN_WITH_USER_UID` allows you to set `tomcat`'s uid. By default this is 999.
- `RUN_WITH_USER_GID` allows you to set `tomcat`'s gid. By default this is the same as the uid.
- `CHANGE_OWNERSHIP_ON_FOLDERS` sets a space-separated list of folders on which a `chmod -R` will be run, changing the ownership of those folders to the `tomcat` user (defaults to `"/opt $GEOSERVER_DATA_DIR"`).
## How to use the docker-compose demo?
The ``docker-compose-demo.yml`` to build with your own data directory and extensions.
@ -233,31 +221,24 @@ Following is the list of the all the environment variables that can be passed do
| CORS_ENABLED | CORS enabled configuration | `false` |
| CORS_ALLOWED_ORIGINS | CORS origins configuration | `*` |
| CORS_ALLOWED_METHODS | CORS method configuration | `GET,POST,PUT,DELETE,HEAD,OPTIONS` |
| CORS_ALLOWED_HEADERS | CORS headers configuration | `Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers` |
| CORS_ALLOWED_HEADERS | CORS headers configuration | `*` |
| DEBIAN_FRONTEND | Configures the Debian package manager frontend | `noninteractive`|
| CATALINA_OPTS | Catalina options. Check [ref](https://www.baeldung.com/tomcat-catalina_opts-vs-java_opts) | `-Djava.awt.headless=true` |
| GEOSERVER_DATA_DIR | Geoserver data directory location | `/opt/geoserver_data/` |
| GEOSERVER_REQUIRE_FILE | Path to a file that will be passed to GeoServer. If this file does not exist, GeoServer won't start. | |
| SET_GEOSERVER_REQUIRE_FILE | If set to true, the GEOSERVER_REQUIRE_FILE will be automatically set to `$GEOSERVER_DATA_DIR/global.xml` on startup. If GEOSERVER_REQUIRE_FILE is set it will take precedence. | `true` |
| GEOSERVER_REQUIRE_FILE | Geoserver configuration used interally | `/opt/geoserver_data/global.xml` |
| INSTALL_EXTENSIONS | Indicates whether additional GeoServer extensions should be installed | `false` |
| WAR_ZIP_URL | Specifies the URL for a GeoServer Web Archive (WAR) file | |
| STABLE_EXTENSIONS | Specifies stable GeoServer extensions | |
| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.26.x/ext-latest` |
| STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/ext-latest` |
| COMMUNITY_EXTENSIONS | Specifies community-contributed GeoServer extensions | |
| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.26.x/community-latest` |
| COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | `https://build.geoserver.org/geoserver/2.25.x/community-latest` |
| ADDITIONAL_LIBS_DIR | Sets the directory for additional libraries used by GeoServer | `/opt/additional_libs/` |
| ADDITIONAL_FONTS_DIR | Sets the directory for additional fonts used by GeoServer | `/opt/additional_fonts/` |
| SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer. GEOSERVER_REQUIRE_FILE will be ignored if set to true. | `false` |
| SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | `false` |
| ROOT_WEBAPP_REDIRECT | Indicates whether to issue a permanent redirect to the web interface | `false` |
| HEALTHCHECK_URL | URL to the resource / endpoint used for `docker` health checks | `http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png` |
| GEOSERVER_ADMIN_USER | Admin username | |
| GEOSERVER_ADMIN_PASSWORD | Admin password | |
| RUN_UNPRIVILEGED | If set to `true`, runs as an unprivileged user `tomcat` instead of `root`. | `true` |
| RUN_WITH_USER_UID | When running as unprivileged user, sets the uid of this user. Defaults to `999` | `999` |
| RUN_WITH_USER_GID | When running as unprivileged user, sets the gid of this user. Defaults to the same as the uid | `999` |
| CHANGE_OWNERSHIP_ON_FOLDERS | When running as unprivileged user, changes the ownership to this user to these folders | `"/opt /opt/geoserver_data/ /mnt/geoserver_geodata"` |
After the initial setup, it's recommended to remove the `GEOSERVER_ADMIN_USER` and `GEOSERVER_ADMIN_PASSWORD` variable. Otherwise, newly added roles and users may be overwritten by the next time the container is restarted.
The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up).
| VAR NAME | DESCRIPTION | SAMPLE VALUE |

12
RELEASE.md
View File

@ -7,7 +7,7 @@ OSGeo maintains geoserver-docker.osgeo.org repository for publishing. The result
Build locally:
```shell
docker build -t geoserver-docker.osgeo.org/geoserver:2.26.2 .
docker build -t geoserver-docker.osgeo.org/geoserver:2.25.3 .
```
Login using with osgeo user id:
@ -19,7 +19,7 @@ docker login geoserver-docker.osgeo.org
Push to osgeo repository:
```shell
docker push geoserver-docker.osgeo.org/geoserver:2.26.2
docker push geoserver-docker.osgeo.org/geoserver:2.25.3
```
## How to automate release?
@ -34,10 +34,10 @@ The third, optional, is used to supply the jenkins build number - triggering a n
Examples:
`./release.sh build 2.26.2`
`./release.sh build 2.25.3`
`./release.sh publish 2.26.2`
`./release.sh publish 2.25.3`
`./release.sh buildandpublish 2.26.2`
`./release.sh buildandpublish 2.25.3`
`./release.sh buildandpublish 2.26-SNAPSHOT 1234`
`./release.sh buildandpublish 2.25-SNAPSHOT 1234`

6
SECURITY.md
View File

@ -1,6 +0,0 @@
# Security Policy
Please see the [Security Policy](https://github.com/geoserver/geoserver/security/policy) or our main project for supported versions and procedures.
You may also [find pubished security advisories](https://github.com/geoserver/geoserver/security/advisories) there.

5
build/release.sh
View File

@ -3,7 +3,7 @@
# error out if any statements fail
set -e
MAIN="2.27"
MAIN="2.26"
function usage() {
echo "$0 <mode> <version> [<build>]"
@ -49,9 +49,6 @@ else
fi
fi
# Prerequisite for Multi-Arch via QEM
# docker run --privileged --rm tonistiigi/binfmt --install all
echo "Release from branch $BRANCH GeoServer $VERSION as $TAG"
# Go up one level to the Dockerfile

4
docker-compose-demo.yml
View File

@ -4,7 +4,7 @@ services:
build:
context: .
args:
- GEOSERVER_VERSION=2.26.2
- GEOSERVER_VERSION=2.25.3
- CORS_ENABLED=true
- CORS_ALLOWED_METHODS=GET,POST,PUT,HEAD,OPTIONS
ports:
@ -29,7 +29,7 @@ services:
retries: 3
timeout: 20s
postgis:
image: postgis/postgis:17-3.4-alpine@sha256:5a1dbedac34e0e6663f8b7190d393339571f1cb3ecb2ab2f724524b4f3c7956e
image: postgis/postgis:16-3.4-alpine@sha256:f785413fbe19835b9fd7db0ec3bcb215de2b4f87ffaaadd01e2e8f44d9cefbf1
ports:
- "5555:5432"
environment:

79
startup.sh
View File

@ -12,15 +12,20 @@ function copy_custom_config() {
# Otherwise use the default
echo "Installing default ${CONFIG_FILE} with substituted environment variables"
envsubst < "${CONFIG_DIR}"/"${CONFIG_FILE}" > "${CATALINA_HOME}/conf/${CONFIG_FILE}"
# since autodeploy is disabled by default, we need to enable it if the user has not provided a custom server.xml
if [ "${CONFIG_FILE}" = "server.xml" ] && [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then
echo "Deploying ROOT context to allow for redirect to ${WEBAPP_CONTEXT}"
sed -i '\:</Host>:i\<Context override="true" docBase="ROOT" path=""></Context>' $CATALINA_HOME/conf/server.xml
echo "Deploying ROOT context to allow for redirect to ${WEBAPP_CONTEXT}"
sed -i '\:</Host>:i\<Context override="true" docBase="ROOT" path=""></Context>' $CATALINA_HOME/conf/server.xml
fi
fi
}
## Skip demo data
if [ "${SKIP_DEMO_DATA}" = "true" ]; then
unset GEOSERVER_REQUIRE_FILE
fi
## Add a permanent redirect (HTTP 301) from the root webapp ("/") to geoserver web interface ("/geoserver/web")
if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then
if [ ! -d $CATALINA_HOME/webapps/ROOT ]; then
@ -43,41 +48,10 @@ DEFAULT_HEALTHCHECK_URL="http://${DEFAULT_HEALTHCHECK_URL}"
# write the healthcheck URL to a file that geoserver user has access to but is not served by tomcat
echo "${HEALTHCHECK_URL:-$DEFAULT_HEALTHCHECK_URL}" > $CATALINA_HOME/conf/healthcheck_url.txt
# ensure that GEOSERVER_DATA_DIR exists as a directory
if [ ! -e "$GEOSERVER_DATA_DIR" ]; then
mkdir -p $GEOSERVER_DATA_DIR
echo "Created new GeoServer data directory $GEOSERVER_DATA_DIR as it did not exist."
fi
if [ "${SKIP_DEMO_DATA}" = "true" ]; then
# skipping demo data
if [ "$SET_GEOSERVER_REQUIRE_FILE" = true ]; then
echo "SET_GEOSERVER_REQUIRE_FILE will be ignored because SKIP_DEMO_DATA is set to true"
fi
# unset geoserver require file
if [ ! -z "$GEOSERVER_REQUIRE_FILE" ]; then
echo "GEOSERVER_REQUIRE_FILE will be ignored because SKIP_DEMO_DATA is set to true"
unset GEOSERVER_REQUIRE_FILE
fi
else
# using demo data if data dir does not contain geoserver require file
# set geoserver require file to the correct value
if [ "$SET_GEOSERVER_REQUIRE_FILE" = true ]; then
if [ -z "$GEOSERVER_REQUIRE_FILE" ]; then
export GEOSERVER_REQUIRE_FILE="$GEOSERVER_DATA_DIR/global.xml"
else
echo "SET_GEOSERVER_REQUIRE_FILE is ignored because GEOSERVER_REQUIRE_FILE is set to a value"
fi
fi
## install release data directory if needed before starting tomcat
if [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then
echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war"
cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR
fi
## install release data directory if needed before starting tomcat
if [ ! -z "$GEOSERVER_REQUIRE_FILE" ] && [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then
echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war"
cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR
fi
## install GeoServer extensions before starting the tomcat
@ -162,11 +136,11 @@ copy_custom_config "server.xml"
# Use a custom "web.xml" if the user mounted one into the container
if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/web.xml" ]; then
echo "Installing configuration override for web.xml with substituted environment variables"
if [ "${CORS_ENABLED}" = "true" ]; then
if [ "${CORS_ENABLED}" = "true" ]; then
echo "Warning: the CORS_ENABLED's changes will be overwritten!"
fi
envsubst < "${CONFIG_OVERRIDES_DIR}"/web.xml > "${CATALINA_HOME}/webapps/geoserver/WEB-INF/web.xml"
fi
@ -193,25 +167,4 @@ if [ -n "$GEOSERVER_ADMIN_PASSWORD" ] && [ -n "$GEOSERVER_ADMIN_USER" ]; then
/bin/sh /opt/update_credentials.sh
fi
# Run as non-privileged user
if [ "${RUN_UNPRIVILEGED}" = "true" ]
then
echo "The server will be run as non-privileged user 'tomcat'"
RUN_WITH_USER_UID=${RUN_WITH_USER_UID:=999}
RUN_WITH_USER_GID=${RUN_WITH_USER_GID:=${RUN_WITH_USER_UID} }
echo "creating user tomcat (${RUN_WITH_USER_UID}:${RUN_WITH_USER_GID})"
addgroup --gid ${RUN_WITH_USER_GID} tomcat && \
adduser --system -u ${RUN_WITH_USER_UID} --gid ${RUN_WITH_USER_GID} \
--no-create-home tomcat
if [ -n "$CHANGE_OWNERSHIP_ON_FOLDERS" ]; then
echo "Changing ownership accordingly ($CHANGE_OWNERSHIP_ON_FOLDERS)"
chown -R tomcat:tomcat $CHANGE_OWNERSHIP_ON_FOLDERS
fi
exec gosu tomcat $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
else
exec $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
fi
exec $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true