diff --git a/.env b/.env index 578f2fc7..81c05678 100644 --- a/.env +++ b/.env @@ -141,7 +141,10 @@ SAMPLE_DATA=true GOOGLE_FONTS_NAMES= FORCE_DOWNLOAD_STABLE_EXTENSIONS=false FORCE_DOWNLOAD_COMMUNITY_EXTENSIONS=false - +# Controls stdout logging values, It can be set to INFO,SEVER,WARNING,CONFIG,FINE,FINER,FINEST,ALL +CONSOLE_HANDLER_LEVEL=WARNING +# Controls if you need to log to stdout or file, true for stdout and false to activate file +LOGGING_STDOUT=true # #################################################################### # Database Env variables # Based of [https://github.com/kartoza/docker-postgis](kartoza/postgis) diff --git a/Dockerfile b/Dockerfile index 9758001f..ac4c287b 100755 --- a/Dockerfile +++ b/Dockerfile @@ -39,7 +39,7 @@ ADD \ build_data/plugin_download.sh \ /work/ -RUN echo $GS_VERSION > /tmp/pass.txt && chmod 0755 /work/extensions.sh && /work/extensions.sh +RUN echo ${GS_VERSION} > /tmp/pass.txt && chmod 0755 /work/extensions.sh && /work/extensions.sh RUN /work/plugin_download.sh @@ -59,7 +59,7 @@ RUN set -eux; \ apt-get update; \ apt-get -y --no-install-recommends install \ locales gnupg2 ca-certificates software-properties-common iputils-ping \ - apt-transport-https gettext fonts-cantarell fonts-liberation lmodern ttf-aenigma \ + apt-transport-https fonts-cantarell fonts-liberation lmodern ttf-aenigma \ ttf-bitstream-vera ttf-sjfonts tv-fonts libapr1-dev libssl-dev git \ zip unzip curl xsltproc certbot cabextract gettext postgresql-client figlet gosu gdal-bin; \ dpkg-divert --local --rename --add /sbin/initctl \ @@ -102,12 +102,12 @@ COPY --from=geoserver-plugin-downloader /work/stable_plugins/*.zip ${STABLE_PLUG COPY --from=geoserver-plugin-downloader /work/community_plugins/*.zip ${COMMUNITY_PLUGINS_DIR}/ COPY --from=geoserver-plugin-downloader /work/geoserver_war/geoserver.* ${REQUIRED_PLUGINS_DIR}/ -RUN echo $GS_VERSION > /scripts/geoserver_version.txt && echo $STABLE_PLUGIN_BASE_URL > /scripts/geoserver_gs_url.txt ;\ +RUN echo ${GS_VERSION} > /scripts/geoserver_version.txt && echo ${STABLE_PLUGIN_BASE_URL} > /scripts/geoserver_gs_url.txt ;\ chmod +x /scripts/*.sh;/scripts/setup.sh \ && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* -EXPOSE $HTTPS_PORT +EXPOSE ${HTTPS_PORT} RUN echo 'figlet -t "Kartoza Docker GeoServer"' >> ~/.bashrc diff --git a/README.md b/README.md index ee8b95ba..636a0602 100755 --- a/README.md +++ b/README.md @@ -195,7 +195,12 @@ will be enabled : [list of default plugins](https://github.com/kartoza/docker-ge #### Activate stable extensions during the contain startup The environment variable `STABLE_EXTENSIONS` is used to activate extensions listed in -[stable_plugins.txt](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.2/extensions/) +[stable_plugins](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.2/extensions/) + +**Note:** The plugins listed in the url is of the format `geoserver-2.25.2-wps-plugin.zip`, but the env +variable expects the env to be of the format `wps-plugin`. Always consult the url to see which plugins +are available. The text file [stable_plugins.txt](https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt) +contains a curated list of plugins but might be out of date in some cases. Example @@ -211,6 +216,11 @@ You can pass any comma-separated extensions as defined in [stable_plugins](https The environment variable `COMMUNITY_EXTENSIONS` can be used to activate extensions listed in [community_plugins](https://build.geoserver.org/geoserver/2.25.x/community-latest/) +**Note:** The plugins listed in the url is of the format `geoserver-2.25-SNAPSHOT-cog-http-plugin.zip `, but the env +variable expects the env to be of the format `cog-http-plugin`. Always consult the url to see which plugins +are available. The text file [community_plugins.txt](https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt) +contains a curated list of community plugins but might be out of date in some cases. + Example ``` @@ -419,6 +429,7 @@ Always consult the `.env` file to check possible values. * XFRAME_OPTIONS=`"true"` - Based on [Xframe-options](https://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy) * INITIAL_MEMORY=`size`: Initial Memory that Java can allocate, default `2G` * MAXIMUM_MEMORY=`size`: Maximum Memory that Java can allocate, default `4G` +* ### Control flow properties @@ -526,6 +537,7 @@ The configs that can be mounted are * broker.xml * users.xml - for Geoserver users. * roles.xml - To define roles users should have in GeoServer +* logging.properties - Controls logging to sdtout parameters Example diff --git a/build_data/community_plugins.txt b/build_data/community_plugins.txt new file mode 100644 index 00000000..7e921a65 --- /dev/null +++ b/build_data/community_plugins.txt @@ -0,0 +1,72 @@ +activeMQ-broker-plugin +backup-restore-plugin +cog-azure-plugin +cog-google-plugin +cog-http-plugin +cog-s3-plugin +colormap-plugin +cov-json-plugin +datadir-catalog-loader-plugin +dds-plugin +dyndimension-plugin +elasticsearch-plugin +features-autopopulate-plugin +features-templating-plugin +flatgeobuf-plugin +gdal-wcs-plugin +gdal-wps-plugin +geopkg-plugin +gpx-plugin +graticule-plugin +gsr-plugin +gwc-azure-blobstore-plugin +gwc-distributed-plugin +gwc-mbtiles-plugin +gwc-sqlite-plugin +hz-cluster-plugin +imagemap-plugin +importer-jdbc-plugin +jdbcconfig-plugin +jdbc-metrics-plugin +jdbcstore-plugin +jms-cluster-plugin +jwt-headers-plugin +libdeflate-plugin +mbtiles-plugin +mbtiles-store-plugin +mongodb-schemaless-plugin +monitor-kafka-plugin +ncwms-plugin +netcdf-ghrsst-plugin +notification-plugin +ogcapi-coverages-plugin +ogcapi-dggs-plugin +ogcapi-features-plugin +ogcapi-images-plugin +ogcapi-maps-plugin +ogcapi-styles-plugin +ogcapi-tiled-features-plugin +ogcapi-tiles-plugin +ogr-datastore-plugin +opensearch-eo-plugin +pgraster-plugin +proxy-base-ext-plugin +s3-geotiff-plugin +sec-keycloak-plugin +sec-oauth2-geonode-plugin +sec-oauth2-github-plugin +sec-oauth2-google-plugin +sec-oauth2-openid-connect-plugin +smart-data-loader-plugin +solr-plugin +spatialjson-plugin +stac-datastore-plugin +taskmanager-core-plugin +taskmanager-s3-plugin +vector-mosaic-plugin +vsi-plugin +webp-plugin +wfs-freemarker-plugin +wps-longitudinal-profile-plugin +wps-remote-plugin +xslt-plugin \ No newline at end of file diff --git a/build_data/logging.properties b/build_data/logging.properties index 29e4843b..65b9d012 100644 --- a/build_data/logging.properties +++ b/build_data/logging.properties @@ -22,7 +22,7 @@ handlers = java.util.logging.ConsoleHandler .handlers = java.util.logging.ConsoleHandler -java.util.logging.ConsoleHandler.level = FINE +java.util.logging.ConsoleHandler.level = ${CONSOLE_HANDLER_LEVEL} java.util.logging.ConsoleHandler.formatter = java.util.logging.OneLineFormatter org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO diff --git a/build_data/stable_plugins.txt b/build_data/stable_plugins.txt new file mode 100644 index 00000000..77f93ad8 --- /dev/null +++ b/build_data/stable_plugins.txt @@ -0,0 +1,42 @@ +app-schema-plugin +authkey-plugin +cas-plugin +charts-plugin +css-plugin +db2-plugin +dxf-plugin +excel-plugin +feature-pregeneralized-plugin +geofence-plugin +geofence-server-plugin +geofence-wps-plugin +geopkg-output-plugin +grib-plugin +gwc-s3-plugin +h2-plugin +iau-plugin +importer-plugin +jp2k-plugin +mapml-plugin +mbstyle-plugin +metadata-plugin +mongodb-plugin +mysql-plugin +netcdf-out-plugin +netcdf-plugin +ogr-wfs-plugin +ogr-wps-plugin +oracle-plugin +params-extractor-plugin +printing-plugin +querylayer-plugin +rat-plugin +sldservice-plugin +sqlserver-plugin +wcs2_0-eo-plugin +web-resource-plugin +wmts-multi-dimensional-plugin +wps-cluster-hazelcast-plugin +wps-download-plugin +wps-jdbc-plugin +ysld-plugin \ No newline at end of file diff --git a/docker-compose.yml b/docker-compose.yml index 0b86bb53..9ba8ba4d 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -41,6 +41,7 @@ services: - COMMUNITY_EXTENSIONS=${COMMUNITY_EXTENSIONS} - GEOSERVER_CONTEXT_ROOT=${GEOSERVER_CONTEXT_ROOT} - ROOT_WEBAPP_REDIRECT=true + - CONSOLE_HANDLER_LEVEL=${CONSOLE_HANDLER_LEVEL} depends_on: db: condition: service_healthy diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh index 175a9d8a..1de43542 100644 --- a/scripts/entrypoint.sh +++ b/scripts/entrypoint.sh @@ -59,7 +59,7 @@ log MONITOR_AUDIT_PATH="${MONITOR_AUDIT_PATH}" export GEOSERVER_OPTS="-Djava.awt.headless=true -server -Xms${INITIAL_MEMORY} -Xmx${MAXIMUM_MEMORY} \ -XX:PerfDataSamplingInterval=500 -Dorg.geotools.referencing.forceXY=true \ - -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:NewRatio=2 \ + -XX:SoftRefLRUPolicyMSPerMB=36000 \ -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:ParallelGCThreads=20 -XX:ConcGCThreads=5 \ -XX:InitiatingHeapOccupancyPercent=${INITIAL_HEAP_OCCUPANCY_PERCENT} \ -Djts.overlay=ng \ diff --git a/scripts/env-data.sh b/scripts/env-data.sh index 63e37671..241abdd4 100644 --- a/scripts/env-data.sh +++ b/scripts/env-data.sh @@ -431,4 +431,15 @@ fi if [ -z "${GEOSERVER_DISABLE_STATIC_WEB_FILES}" ];then GEOSERVER_DISABLE_STATIC_WEB_FILES=true +fi + + +# Values can be INFO,SEVER,WARNING,CONFIG,FINE,FINER,FINEST,ALL +if [ -z "${CONSOLE_HANDLER_LEVEL}" ];then + CONSOLE_HANDLER_LEVEL=INFO +fi + +# Allows loging to files, default is to stdout +if [ -z "${LOGGING_STDOUT}" ];then + LOGGING_STDOUT=true fi \ No newline at end of file diff --git a/scripts/functions.sh b/scripts/functions.sh index 65706e8b..19e8cf9f 100644 --- a/scripts/functions.sh +++ b/scripts/functions.sh @@ -264,7 +264,7 @@ function install_plugin() { if [[ -f "${DATA_PATH}/${EXT}.zip" ]]; then unzip -qq "${DATA_PATH}/${EXT}.zip" -d /tmp/gs_plugin - echo -e "\e[32m Enabling ${EXT} for GeoServer \033[0m" + echo -e "\e[32m [Entrypoint] Enabling extension :\033[0m \e[1;31m ${EXT} \033[0m" GEOSERVER_INSTALL_DIR="$(detect_install_dir)" cp -r -u -p /tmp/gs_plugin/*.jar "${GEOSERVER_INSTALL_DIR}/webapps/${GEOSERVER_CONTEXT_ROOT}/WEB-INF/lib/" rm -rf /tmp/gs_plugin @@ -325,7 +325,7 @@ function setup_control_flow() { } -function setup_logging() { +function log4j_logging() { if [[ ! -f "${CATALINA_HOME}"/log4j.properties ]]; then # If it doesn't exists, copy from ${EXTRA_CONFIG_DIR} directory if exists if [[ -f "${EXTRA_CONFIG_DIR}"/log4j.properties ]]; then @@ -364,6 +364,18 @@ function geoserver_logging() { fi } + +function tomcat_logging() { + # If it doesn't exists, copy from /settings directory if exists + if [[ -f "${EXTRA_CONFIG_DIR}"/logging.properties ]]; then + envsubst < "${EXTRA_CONFIG_DIR}"/logging.properties > "${CATALINA_HOME}"/conf/logging.properties + else + # default value + envsubst < /build_data/logging.properties > "${CATALINA_HOME}"/conf/logging.properties + fi + +} + # Function to read env variables from secrets function file_env() { local var="$1" @@ -461,25 +473,25 @@ function gwc_file_perms() { GWC_USER_PERM=$(stat -c '%U' "${GEOWEBCACHE_CACHE_DIR}") GWC_GRP_PERM=$(stat -c '%G' "${GEOWEBCACHE_CACHE_DIR}") case "${GEOWEBCACHE_CACHE_DIR}" in ${GEOSERVER_DATA_DIR}/*) - echo "${GEOWEBCACHE_CACHE_DIR} is nested in ${GEOSERVER_DATA_DIR}" + echo -e " \e[32m [Entrypoint] \033[0m \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m \e[32m is nested in \033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" if [[ ${CHOWN_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then if [[ ${GEO_USER_PERM} != "${USER_NAME}" ]] && [[ ${GEO_GRP_PERM} != "${GEO_GROUP_NAME}" ]];then - echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" + echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOSERVER_DATA_DIR}" fi fi ;; *) - echo "${GEOWEBCACHE_CACHE_DIR} is not nested in ${GEOSERVER_DATA_DIR}" + echo -e "\e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m is not nested in \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" if [[ ${CHOWN_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then if [[ ${GEO_USER_PERM} != "${USER_NAME}" ]] && [[ ${GEO_GRP_PERM} != "${GEO_GROUP_NAME}" ]];then - echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" + echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m" chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOSERVER_DATA_DIR}" fi fi if [[ ${CHOWN_GWC_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then if [[ ${GWC_USER_PERM} != "${USER_NAME}" ]] && [[ ${GWC_GRP_PERM} != "${GEO_GROUP_NAME}" ]];then - echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m" + echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m" chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOWEBCACHE_CACHE_DIR}" fi fi diff --git a/scripts/setup.sh b/scripts/setup.sh index c37139bc..70e130d6 100644 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -26,7 +26,6 @@ package_geoserver cp /build_data/stable_plugins.txt "${STABLE_PLUGINS_DIR}" cp /build_data/community_plugins.txt "${COMMUNITY_PLUGINS_DIR}" cp /build_data/letsencrypt-tomcat.xsl "${CATALINA_HOME}"/conf/ssl-tomcat.xsl -cp /build_data/logging.properties "${CATALINA_HOME}/conf/logging.properties" pushd "${STABLE_PLUGINS_DIR}" || exit @@ -132,6 +131,4 @@ pushd /scripts || exit rm -rf /tmp/resources # Delete resources which will be setup on first run - -delete_file "${CATALINA_HOME}"/conf/tomcat-users.xml delete_file "${CATALINA_HOME}"/conf/web.xml \ No newline at end of file diff --git a/scripts/start.sh b/scripts/start.sh index 26f595a8..1c529dd0 100644 --- a/scripts/start.sh +++ b/scripts/start.sh @@ -56,6 +56,10 @@ if [[ ! -z ${GOOGLE_FONTS_NAMES} ]];then rm -rf fonts fi +if [[ ${LOGGING_STDOUT} =~ [Tt][Rr][Uu][Ee] ]];then + export CONSOLE_HANDLER_LEVEL + tomcat_logging +fi # Add custom espg properties file or the default one create_dir "${GEOSERVER_DATA_DIR}"/user_projections @@ -164,14 +168,14 @@ export S3_SERVER_URL S3_USERNAME S3_PASSWORD S3_ALIAS # Pass an additional startup argument i.e -Ds3.properties.location=${GEOSERVER_DATA_DIR}/s3.properties if [[ -z "${S3_SERVER_URL}" || -z "${S3_USERNAME}" || -z "${S3_PASSWORD}" || -z "${S3_ALIAS}" ]]; then echo -e "\e[32m -------------------------------------------------------------------------------- \033[0m" - echo -e "[Entrypoint] One or more variables needed for S3 community extensions are empty, skipping configuration of: \e[1;31m s3.properties \033[0m" + echo -e "\e[32m [Entrypoint] One or more variables needed for S3 community extensions are empty, skipping configuration of:\033[0m \e[1;31m s3.properties \033[0m" else if [[ "${ADDITIONAL_JAVA_STARTUP_OPTIONS}" == *"-Ds3.properties.location"* ]]; then s3_config else echo -e "\e[32m -------------------------------------------------------------------------------- \033[0m" - echo -e "[Entrypoint] -Ds3.properties.location is not setup in: \e[1;31m ${ADDITIONAL_JAVA_STARTUP_OPTIONS} \033[0m" + echo -e "\e[32m [Entrypoint] -Ds3.properties.location is not setup in:\033[0m \e[1;31m ${ADDITIONAL_JAVA_STARTUP_OPTIONS} \033[0m" fi @@ -342,6 +346,7 @@ if [[ "${TOMCAT_EXTRAS}" =~ [Tt][Rr][Uu][Ee] ]]; then fi echo "${TOMCAT_PASSWORD}" >"${GEOSERVER_DATA_DIR}"/tomcat_pass.txt # Setup tomcat apps manager + delete_file "${CATALINA_HOME}"/conf/tomcat-users.xml tomcat_user_config # Unset random generated password unset TOMCAT_PASSWORD @@ -587,6 +592,10 @@ else fi + +# Security hardening of tomcat +sed -i 's/8005/-1/g' "${CATALINA_HOME}"/conf/server.xml + # Cleanup temp file delete_file "${CATALINA_HOME}"/conf/ssl-tomcat_no_https.xsl @@ -604,5 +613,5 @@ fi # Run some extra bash script to fix issues i.e missing dependencies in lib caused by community extensions entry_point_script -setup_logging +log4j_logging