/docker

GeoServer docker image

Primary LanguageShellOtherNOASSERTION

A GeoServer docker image

This Dockerfile can be used to create images for all geoserver versions since 2.5.

  • Based on the official tomcat docker image, in particular:
    • Tomcat 9
    • JDK11 (eclipse temurin)
    • Ubuntu Jammy (22.04 LTS)
  • GeoServer installation is configurable and supports
    • Dynamic installation of extensions
    • Custom fonts (e.g. for SLD styling)
    • CORS
    • Additional libraries
    • PostgreSQL JNDI
    • HTTPS

This README.md file covers use of official docker image, additional build and release instructions are available.

How to run official release?

To pull an official image use docker.osgeo.org/geoserver:{{VERSION}}, e.g.:

docker pull docker.osgeo.org/geoserver:2.26.0

All the images can be found at: https://repo.osgeo.org and the latest stable and maintenance version numbers can be obtained from https://geoserver.org/download/

Afterwards you can run the pulled image locally with:

docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.26.0

Or if you want to start the container daemonized, use e.g.:

docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.26.0

Check http://localhost/geoserver to see the geoserver page, and login with geoserver default admin:geoserver credentials.

IMPORTANT NOTE: Please change the default geoserver and master passwords.

For more information see the user-guide docker installation instructions.

How to mount an external folder for use as a data directory

To use an external folder as your geoserver data directory.

docker run -it -p 80:8080 \
  --mount src="/absolute/path/on/host",target=/opt/geoserver_data/,type=bind \
  docker.osgeo.org/geoserver:2.26.0

An empty data directory will be populated on first use. You can easily update GeoServer while using the same data directory.

How to start a GeoServer without sample data?

This image populates /opt/geoserver_data/ with demo data by default. For production scenarios this is typically not desired.

The environment variable SKIP_DEMO_DATA can be set to true to create an empty data directory.

docker run -it -p 80:8080 \
  --env SKIP_DEMO_DATA=true \
  docker.osgeo.org/geoserver:2.26.0

How to set the application context path?

By default, GeoServer is served from http://localhost/geoserver. Use the environment variable WEBAPP_CONTEXT to change the context path.

examples:

The following will serve GeoServer from the root (http://localhost/):

docker run -it -p 80:8080 \
  --env WEBAPP_CONTEXT="" \
  docker.osgeo.org/geoserver:2.26.0

The following will serve GeoServer from http://localhost/my_context_path:

docker run -it -p 80:8080 \
  --env WEBAPP_CONTEXT="my_context_path" \
  docker.osgeo.org/geoserver:2.26.0

How to issue a redirect from the root ("/") to GeoServer web interface ("/geoserver/web")?

By default, the ROOT webapp is not available which makes requests to the root endpoint "/" return a 404 error. The environment variable ROOT_WEBAPP_REDIRECT can be set to true to issue a permanent redirect to the web interface.

How to download and install additional extensions on startup?

The startup.sh script allows some customization on startup:

  • INSTALL_EXTENSIONS to true to download and install extensions
  • STABLE_EXTENSIONS list of extensions to download and install
  • CORS_ENABLED to true to enable CORS support. The following environment variables can be used to customize the CORS configuration.
    • CORS_ALLOWED_ORIGINS (default *)
    • CORS_ALLOWED_METHODS (default GET,POST,PUT,DELETE,HEAD,OPTIONS)
    • CORS_ALLOWED_HEADERS (default Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers)
    • CORS_ALLOW_CREDENTIALS (default false) Setting this to true will only have the desired effect if CORS_ALLOWED_ORIGINS defines explicit origins (not *)
  • PROXY_BASE_URL to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example: https://example.com/geoserver.

The CORS variables customize tomcat's web.xml file. If you need more customization, you can provide your own customized web.xml file to tomcat by mounting it into the container at /opt/config_overrides/web.xml.

Example installing wps and ysld extensions:

docker run -it -p 80:8080 \
  --env INSTALL_EXTENSIONS=true --env STABLE_EXTENSIONS="wps,ysld" \
  docker.osgeo.org/geoserver:2.26.0

The list of extensions (taken from SourceForge download page):

app-schema   gdal            jp2k          ogr-wps          web-resource
authkey      geofence        libjpeg-turbo oracle           wmts-multi-dimensional
cas          geofence-server mapml         params-extractor wps-cluster-hazelcast
charts       geopkg-output   mbstyle       printing         wps-cluster-hazelcast
control-flow grib            mongodb       pyramid          wps-download
css          gwc-s3          monitor       querylayer       wps-jdbc
csw          h2              mysql         sldservice       wps
db2          imagemap        netcdf-out    sqlserver        xslt
dxf          importer        netcdf        vectortiles      ysld
excel        inspire         ogr-wfs       wcs2_0-eo

How to install additional extensions from local folder?

If you want to add geoserver extensions/libs, place the respective jar files in a directory and mount it like

docker run -it -p 80:8080 \
  --mount src="/dir/with/libs/on/host",target=/opt/additional_libs,type=bind \
  docker.osgeo.org/geoserver:2.26.0

How to add additional fonts to the docker image (e.g. for SLD styling)?

If you want to add custom fonts (the base image only contains 26 fonts) by using a mount:

docker run -it -p 80:8080 \
  --mount src="/dir/with/fonts/on/host",target=/opt/additional_fonts,type=bind \
  docker.osgeo.org/geoserver:2.26.0

Note: Do not change the target value!

How to enable a PostgreSQL JNDI resource?

To enable a PostgreSQL JNDI resource, provide the following environment variables:

  • POSTGRES_JNDI_ENABLED to true
  • POSTGRES_HOST
  • POSTGRES_PORT (optional; defaults to 5432)
  • POSTGRES_DB
  • POSTGRES_USERNAME
  • POSTGRES_PASSWORD
  • POSTGRES_JNDI_RESOURCE_NAME (optional; defaults to jdbc/postgres)

In geoserver, you can then reference this JNDI resource using the name java:comp/env/jdbc/postgres (if using default).

How to use custom (tomcat) configuration files

This image provides default (tomcat) configurations that are located in the ./config/ subdir.

  • context.xml (see/compare JNDI feature from above)
  • server.xml (security hardened version by default)

In case you want to fully overwrite such a config file, you can do so by mounting it to the /opt/config_overrides/ directory of a container. The startup.sh script will then copy (and overwrite) these files to the catalina conf directory before starting tomcat.

Example:

docker run -it -p 80:8080 \
  --mount src="/path/to/my/server.xml",target=/opt/config_overrides/server.xml,type=bind \
  docker.osgeo.org/geoserver:2.26.0

How to enable HTTPS?

To enable HTTPS, mount a JKS file to the container (ex. /opt/keystore.jks) and provide the following environment variables:

  • HTTPS_ENABLED to true
  • HTTPS_KEYSTORE_FILE (defaults to /opt/keystore.jks)
  • HTTPS_KEYSTORE_PASSWORD (defaults to changeit)
  • HTTPS_KEY_ALIAS (defaults to server)

How to run it as a non-privileged user ?

It is usually considered a good practice to run the containers as a non-privileged user (not root). While it runs by default as root, for backwards compatibility reasons, several environment variables allow you to change this behaviour:

  • RUN_UNPRIVILEGED=true: run as unprivileged user tomcat. Default uid:gid are 999:999
  • RUN_WITH_USER_UID allows you to set tomcat's uid. By default this is 999.
  • RUN_WITH_USER_GID allows you to set tomcat's gid. By default this is the same as the uid.
  • CHANGE_OWNERSHIP_ON_FOLDERS sets a space-separated list of folders on which a chmod -R will be run, changing the ownership of those folders to the tomcat user (defaults to "/opt $GEOSERVER_DATA_DIR").

How to use the docker-compose demo?

The docker-compose-demo.yml to build with your own data directory and extensions.

Stage geoserver data directory contents into geoserver_data, and any extensions into additional_libs folder.

Run docker-compose:

docker-compose -f docker-compose-demo.yml up --build

Environment Variables

Following is the list of the all the environment variables that can be passed down to the geoserver docker image, you can check the default values for an image using docker inspect [IMAGE_NAME]

VAR NAME DESCRIPTION SAMPLE VALUE
PATH Used by geoserver internally to find all the libs /usr/local/sbin:/usr/local/bin:
CATALINA_HOME CATALINA home path /usr/local/tomcat (see also here)
EXTRA_JAVA_OPTS Used to pass params to the JAVA environment. Check ref -Xms256m -Xmx1g
CORS_ENABLED CORS enabled configuration false
CORS_ALLOWED_ORIGINS CORS origins configuration *
CORS_ALLOWED_METHODS CORS method configuration GET,POST,PUT,DELETE,HEAD,OPTIONS
CORS_ALLOWED_HEADERS CORS headers configuration Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
DEBIAN_FRONTEND Configures the Debian package manager frontend noninteractive
CATALINA_OPTS Catalina options. Check ref -Djava.awt.headless=true
GEOSERVER_DATA_DIR Geoserver data directory location /opt/geoserver_data/
GEOSERVER_REQUIRE_FILE Geoserver configuration used interally /opt/geoserver_data/global.xml
INSTALL_EXTENSIONS Indicates whether additional GeoServer extensions should be installed false
WAR_ZIP_URL Specifies the URL for a GeoServer Web Archive (WAR) file
STABLE_EXTENSIONS Specifies stable GeoServer extensions
STABLE_PLUGIN_URL Specifies the URL for downloading the latest stable GeoServer plugins https://build.geoserver.org/geoserver/2.26.x/ext-latest
COMMUNITY_EXTENSIONS Specifies community-contributed GeoServer extensions
COMMUNITY_PLUGIN_URL Specifies the URL for downloading the latest community-contributed GeoServer plugins https://build.geoserver.org/geoserver/2.26.x/community-latest
ADDITIONAL_LIBS_DIR Sets the directory for additional libraries used by GeoServer /opt/additional_libs/
ADDITIONAL_FONTS_DIR Sets the directory for additional fonts used by GeoServer /opt/additional_fonts/
SKIP_DEMO_DATA Indicates whether to skip the installation of demo data provided by GeoServer false
ROOT_WEBAPP_REDIRECT Indicates whether to issue a permanent redirect to the web interface false
HEALTHCHECK_URL URL to the resource / endpoint used for docker health checks http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png
GEOSERVER_ADMIN_USER Admin username
GEOSERVER_ADMIN_PASSWORD Admin password
RUN_UNPRIVILEGED If set to true, runs as an unprivileged user tomcat instead of root. true
RUN_WITH_USER_UID When running as unprivileged user, sets the uid of this user. Defaults to 999 999
RUN_WITH_USER_GID When running as unprivileged user, sets the gid of this user. Defaults to the same as the uid 999
CHANGE_OWNERSHIP_ON_FOLDERS When running as unprivileged user, changes the ownership to this user to these folders "/opt /opt/geoserver_data/ /mnt/geoserver_geodata"

After the initial setup, it's recommended to remove the GEOSERVER_ADMIN_USER and GEOSERVER_ADMIN_PASSWORD variable. Otherwise, newly added roles and users may be overwritten by the next time the container is restarted.

The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up).

VAR NAME DESCRIPTION SAMPLE VALUE
GEOSERVER_VERSION Geoserver version (used internally) 2.24-SNAPSHOT
GEOSERVER_BUILD Geoserver build (used internally) 1628

Troubleshooting

How to watch geoserver.log from host?

To watch geoserver.log of a running container:

docker exec -it {CONTAINER_ID} tail -f /opt/geoserver_data/logs/geoserver.log