Optimize (#451)

* Install metadata plugins by default, fix some logic for some env variables and add extra env

* fix configs

* Use env file to store all variables

* fix compose file and startup options

* remove duplicated data

* Fix a bug with libraries for the geoserver printing module

* Restructure files

* WIP

* Fix build issues within the images

* Add compose file for building image

* Fix geowebcache sync issue

* Delete env file

* Optimise some logic and allow downloading extensions if they do not exists

* Upgrade to Geoserver 2.19.0 and fix building with tomcat 10-jdk11-openjdk-slim-buster

* Fix extensions to conform to version 2.19

* fix startup issues using jetty

* fix war url

* Clean some configs and sanitize running the image

* fix build using latest image - Only using jetty

* fix build using jetty

* Use same functions and add recreate dir env for testing builds

* optimise logic

* fix build logic order

* other optimisations related to configs

* Add env and optimise dockerfile and other scripts to be standard

* Small fix with clustering logic

* Verbose to check if password env is working

* some optimisations - wip

* some optimisations - wip2

* Fix proxy values for non ssl connections

* bump geoserver to 2.19.1 and install jetty staff only when running under jetty

* Add random default password if one is not provided

* fix startp env variable, password colours in logs

* add figlet and remove verbose login

* Fix logic for figlet

* readme cleanup and remove empty spaces in files

* Small fixes with scripts

* small tweak - WIP

* add build args for user and group name

* further improvements

* minor tweaks on the scripts

* add logic for publishing postgres store using jndi

* fix building iwth ssl where possible

* add table of contents

* add example for nginx reverse proxy

* Bump version to 2.19.2

* fixes #285

* only show password in logs if it's a random one and move changing permission after script setup

* WIP

* WIP changes and updates

* WIP - incremental changes

* allow tomcat-server.xml to be mounted and add readme

* fix update logic in update password and env

* revert docker-compose logic

* fix jndi pooling

* fix logging logic

* add logging info

* fix errors in readme and improve grammar etc

* switch usage of env variable ACTIVATE_ALL_COMMUNITY_EXTENTIONS and strong password for tomcat

* update resetting credentials

* upgrade version to 20.0

* fix mbstyle plugin

* fix clustering for back ward compability

* update broker.xml to use db backend

* Fix spelling for some env variables and run code through bash checker

* fix spelling mistakes in env variables

* add https scheme

* bump to version 2.20.1

* fix log4j error and add https scheme variable which was previously hardcoded

* WIP

* Fix build issues within the images

* some optimisations - wip

* some optimisations - wip2

* Add random default password if one is not provided

* fix startp env variable, password colours in logs

* further improvements

* add logic for publishing postgres store using jndi

* add example for nginx reverse proxy

* WIP changes and updates

* fix update logic in update password and env

* revert docker-compose logic

* upgrade version to 20.0

* fix mbstyle plugin

* update broker.xml to use db backend

* Fix some scripts (#259)

minor tweaks on the scripts

* FIx build with https (#265)

* Fixes for jndi (#308)

* fix jndi pooling and fix logging logic

* update version to 20.0 (#317)

* fix mbstyle plugin and upgrade to 20.0

* Added some additional notes  to run local image in MacOS M1 Chip (#381)

* some optimisations - wip2

* further improvements

* add logic for publishing postgres store using jndi

* add example for nginx reverse proxy

* WIP changes and updates

* fix update logic in update password and env

* revert docker-compose logic

* upgrade version to 20.0

* fix mbstyle plugin

* update broker.xml to use db backend

* some optimisations - wip2

* further improvements

* add logic for publishing postgres store using jndi

* WIP changes and updates

* fix update logic in update password and env

* revert docker-compose logic

* upgrade version to 20.0

* fix mbstyle plugin

* fix clustering for back ward compability

* update broker.xml to use db backend

* update documentaion

* update db test in compose

* update instructions for faster debugimh

Co-authored-by: mazano <[email protected]>
Co-authored-by: celikn <[email protected]>

.env

@@ -1,6 +1,6 @@
 COMPOSE_PROJECT_NAME=kartozageoserver
 
-IMAGE_VERSION=9.0-jdk11-openjdk-slim-buster
+IMAGE_VERSION=9.0.65-jdk11-openjdk-slim-buster
 GS_VERSION=2.21.1
 GEOSERVER_PORT=8600
 # Build Arguments

Dockerfile

@@ -1,5 +1,5 @@
 #--------- Generic stuff all our Dockerfiles should start with so we get caching ------------
-ARG IMAGE_VERSION=9.0-jdk11-openjdk-slim-bullseye
+ARG IMAGE_VERSION=9.0.65-jdk11-openjdk-slim-buster
 ARG JAVA_HOME=/usr/local/openjdk-11
 FROM tomcat:$IMAGE_VERSION
 
@@ -18,7 +18,7 @@ RUN set -eux; \
         locales gnupg2 wget ca-certificates rpl pwgen software-properties-common  iputils-ping \
         apt-transport-https curl gettext fonts-cantarell lmodern ttf-aenigma \
         ttf-bitstream-vera ttf-sjfonts tv-fonts  libapr1-dev libssl-dev  \
-        wget zip unzip curl xsltproc certbot  cabextract gettext postgresql-client figlet gosu; \
+        wget zip unzip curl xsltproc certbot  cabextract gettext postgresql-client figlet gosu gdal-bin; \
     # Install gdal3 - bullseye doesn't build libgdal-java anymore so we can't upgrade
     curl https://deb.meteo.guru/velivole-keyring.asc |  apt-key add - \
     && echo "deb https://deb.meteo.guru/debian buster main" > /etc/apt/sources.list.d/meteo.guru.list \

build_data/web.xml

@@ -461,13 +461,16 @@
   <!--   blockContentTypeSniffingEnabled                                    -->
   <!--                       Should the header that blocks content type     -->
   <!--                       sniffing be added to every response? [true]    -->
-<!--
+
     <filter>
         <filter-name>httpHeaderSecurity</filter-name>
         <filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
         <async-supported>true</async-supported>
+        <init-param>
+            <param-name>antiClickJackingOption</param-name>
+            <param-value>SAMEORIGIN</param-value>
+        </init-param>
     </filter>
--->
 
   <!-- A filter that sets character encoding that is used to decode -->
   <!-- parameters in a POST request -->
@@ -558,13 +561,12 @@
   <!-- ==================== Built In Filter Mappings ====================== -->
 
   <!-- The mapping for the HTTP header security Filter -->
-<!--
+
     <filter-mapping>
         <filter-name>httpHeaderSecurity</filter-name>
         <url-pattern>/*</url-pattern>
         <dispatcher>REQUEST</dispatcher>
     </filter-mapping>
--->
 
   <!-- The mapping for the Set Character Encoding Filter -->
 <!--
@@ -589,6 +591,10 @@
         <url-pattern>*.shtml</url-pattern>
     </filter-mapping>
 -->
+
+    <!-- Note: the CORS_* comments surrounding this section need to be left intact
+               so the entrypoint script can deactivate Cors settings if DISABLE_CORS is set -->
+    <!-- CORS_START -->
     <filter>
         <filter-name>CorsFilter</filter-name>
         <filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
@@ -605,11 +611,12 @@
             <param-value>Access-Control-Allow-Origin,Access-Control-Allow-Credentials</param-value>
         </init-param>
     </filter>
+
     <filter-mapping>
         <filter-name>CorsFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>
-
+    <!-- CORS_END -->
 
   <!-- ==================== Default Session Configuration ================= -->
   <!-- You can set the default session timeout (in minutes) for all newly   -->

docker-compose-build.yml

@@ -34,4 +34,6 @@ services:
         - RECREATE_DATADIR=${RECREATE_DATADIR}
         - HTTP_PROXY_NAME
         - HTTP_PROXY_PORT
+        - STABLE_EXTENSIONS=${STABLE_EXTENSIONS}
+        - COMMUNITY_EXTENSIONS=${COMMUNITY_EXTENSIONS}
 

docker-compose.yml

@@ -35,6 +35,8 @@ services:
         - GEOSERVER_ADMIN_USER=${GEOSERVER_ADMIN_USER}
         - INITIAL_MEMORY=${INITIAL_MEMORY}
         - MAXIMUM_MEMORY=${MAXIMUM_MEMORY}
+        - STABLE_EXTENSIONS=${STABLE_EXTENSIONS}
+        - COMMUNITY_EXTENSIONS=${COMMUNITY_EXTENSIONS}
       depends_on:
         db:
           condition: service_healthy

scripts/entrypoint.sh

@@ -86,10 +86,10 @@ export JAVA_OPTS="${JAVA_OPTS} ${GEOSERVER_OPTS}"
 chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${CATALINA_HOME}" "${FOOTPRINTS_DATA_DIR}" "${GEOSERVER_DATA_DIR}" \
 "${CERT_DIR}" "${FONTS_DIR}"  /home/"${USER_NAME}"/ "${COMMUNITY_PLUGINS_DIR}" "${STABLE_PLUGINS_DIR}" \
 "${GEOSERVER_HOME}" "${EXTRA_CONFIG_DIR}"  /usr/share/fonts/ /scripts /tomcat_apps.zip \
-/tmp/ "${GEOWEBCACHE_CACHE_DIR}";chmod o+rw "${CERT_DIR}"
+/tmp/ "${GEOWEBCACHE_CACHE_DIR}";chmod o+rw "${CERT_DIR}";chmod 400 ${CATALINA_HOME}/conf/*
 
 if [[ -f ${GEOSERVER_HOME}/start.jar ]]; then
-  exec gosu ${USER_NAME} java "$JAVA_OPTS"  -jar start.jar
+  exec gosu ${USER_NAME} ${GEOSERVER_HOME}/bin/startup.sh
 else
   exec gosu ${USER_NAME} /usr/local/tomcat/bin/catalina.sh run
 fi

scripts/env-data.sh

@@ -322,4 +322,6 @@ if [ -z "${FORCE_DOWNLOAD_COMMUNITY_EXTENSIONS}" ]; then
     FORCE_DOWNLOAD_COMMUNITY_EXTENSIONS=false
 fi
 
-
+if [ -z "${DISABLE_CORS}" ]; then
+  DISABLE_CORS=false
+fi

scripts/functions.sh

@@ -80,6 +80,15 @@ function web_cors() {
     else
       # default values
       cp /build_data/web.xml "${CATALINA_HOME}"/conf/
+      ###
+      # Deactivate CORS filter in web.xml if DISABLE_CORS=true
+      # Useful if CORS is handled outside of Tomcat (e.g. in a proxying webserver like nginx)
+      ###
+      if [[ "${DISABLE_CORS}" =~ [Tt][Rr][Uu][Ee] ]]; then
+        echo "Deactivating Tomcat CORS filter"
+        sed 's/<!-- CORS_START.*/<!-- CORS DEACTIVATED BY DISABLE_CORS -->\n<!--/; s/^.*<!-- CORS_END -->/-->/' \
+          ${CATALINA_HOME}/conf/web.xml
+      fi
     fi
   fi
 }
@@ -111,21 +120,70 @@ function download_extension() {
 
 }
 
+function validate_geo_install() {
+  DATA_PATH=$1
+  # Check if geoserver is installed early so that we can fail early on
+  if [[ $(ls -A ${DATA_PATH})  ]]; then
+    echo "GeoServer install dir exist proceed with install"
+  else
+    exit 1
+  fi
+
+}
+
+
+
+function unzip_geoserver() {
+  if [[ -f /tmp/geoserver/geoserver.war ]]; then
+    unzip /tmp/geoserver/geoserver.war -d "${CATALINA_HOME}"/webapps/geoserver &&
+    validate_geo_install "${CATALINA_HOME}"/webapps/geoserver && \
+    cp -r "${CATALINA_HOME}"/webapps/geoserver/data "${CATALINA_HOME}" &&
+    mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}" &&
+    rm -rf "${CATALINA_HOME}"/webapps/geoserver/data &&
+    mv "${CATALINA_HOME}"/webapps/geoserver/WEB-INF/lib/postgresql-* "${CATALINA_HOME}"/postgres_config/ &&
+    rm -rf /tmp/geoserver
+else
+    cp -r /tmp/geoserver/* "${GEOSERVER_HOME}"/ && \
+    validate_geo_install "${GEOSERVER_HOME}"/ && \
+    cp -r "${GEOSERVER_HOME}"/data_dir "${CATALINA_HOME}"/data &&
+    mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}"
+fi
+
+}
+
+
+
 # A little logic that will fetch the geoserver war zip file if it is not available locally in the resources dir
-function download_geoserver() {
+function package_geoserver() {
 
-if [[ ! -f /tmp/resources/geoserver-${GS_VERSION}.zip ]]; then
+if [[ ! -f /tmp/resources/geoserver-${GS_VERSION}.zip ]] || [[ ! -f /tmp/resources/geoserver-${GS_VERSION}-bin.zip ]]; then
     if [[ "${WAR_URL}" == *\.zip ]]; then
-      destination=/tmp/resources/geoserver-${GS_VERSION}.zip
-      ${request} "${WAR_URL}" -O "${destination}"
-      unzip /tmp/resources/geoserver-"${GS_VERSION}".zip -d /tmp/geoserver
+      if [[ "${WAR_URL}" == *\bin.zip ]];then
+        destination=/tmp/resources/geoserver-${GS_VERSION}-bin.zip
+        ${request} "${WAR_URL}" -O "${destination}"
+        unzip /tmp/resources/geoserver-${GS_VERSION}-bin.zip -d /tmp/geoserver && \
+        unzip_geoserver
+      else
+        destination=/tmp/resources/geoserver-${GS_VERSION}.zip
+        ${request} "${WAR_URL}" -O "${destination}"
+        unzip /tmp/resources/geoserver-"${GS_VERSION}".zip -d /tmp/geoserver && \
+        unzip_geoserver
+      fi
     else
       destination=/tmp/geoserver/geoserver.war
       mkdir -p /tmp/geoserver/ &&
       ${request} "${WAR_URL}" -O ${destination}
     fi
 else
-  unzip /tmp/resources/geoserver-"${GS_VERSION}".zip -d /tmp/geoserver
+  if [[  -f /tmp/resources/geoserver-${GS_VERSION}.zip ]];then
+    unzip /tmp/resources/geoserver-"${GS_VERSION}".zip -d /tmp/geoserver && \
+    unzip_geoserver
+
+  elif [[  -f /tmp/resources/geoserver-${GS_VERSION}-bin.zip  ]];then
+    unzip /tmp/resources/geoserver-"${GS_VERSION}".zip -d /tmp/geoserver && \
+    unzip_geoserver
+
+  fi
 fi
 
 }

scripts/setup.sh

@@ -5,12 +5,20 @@ source /scripts/env-data.sh
 source /scripts/functions.sh
 
 resources_dir="/tmp/resources"
+GS_VERSION=$(cat /scripts/geoserver_version.txt)
 create_dir ${resources_dir}/plugins/gdal
 create_dir /usr/share/fonts/opentype
 create_dir /tomcat_apps
 create_dir "${CATALINA_HOME}"/postgres_config
 create_dir "${STABLE_PLUGINS_DIR}"
 create_dir "${COMMUNITY_PLUGINS_DIR}"
+create_dir "${GEOSERVER_HOME}"
+
+pushd "${CATALINA_HOME}" || exit
+
+
+# Download geoserver and install it
+package_geoserver
 
 # Copy config files
 cp /build_data/stable_plugins.txt /stable_plugins && cp /build_data/community_plugins.txt /community_plugins && \
@@ -75,33 +83,16 @@ done
 
 
 # Install libjpeg-turbo
+system_architecture=$(dpkg --print-architecture)
 if [[ ! -f ${resources_dir}/libjpeg-turbo-official_2.1.3_amd64.deb ]]; then
-  validate_url https://liquidtelecom.dl.sourceforge.net/project/libjpeg-turbo/2.1.3/libjpeg-turbo-official_2.1.3_amd64.deb \
+  validate_url https://tenet.dl.sourceforge.net/project/libjpeg-turbo/2.1.4/libjpeg-turbo-official_2.1.4_${system_architecture}.deb \
     '-P /tmp/resources/'
 fi
 
-dpkg -i ${resources_dir}/libjpeg-turbo-official_2.1.3_amd64.deb
+dpkg -i ${resources_dir}/libjpeg-turbo-official_2.1.4_${system_architecture}.deb
 
 pushd "${CATALINA_HOME}" || exit
 
-# Download geoserver
-download_geoserver
-
-# Install geoserver in the tomcat dir
-if [[ -f /tmp/geoserver/geoserver.war ]]; then
-  unzip /tmp/geoserver/geoserver.war -d "${CATALINA_HOME}"/webapps/geoserver &&
-  cp -r "${CATALINA_HOME}"/webapps/geoserver/data "${CATALINA_HOME}" &&
-  mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}" &&
-  rm -rf "${CATALINA_HOME}"/webapps/geoserver/data &&
-  mv "${CATALINA_HOME}"/webapps/geoserver/WEB-INF/lib/postgresql-* "${CATALINA_HOME}"/postgres_config/ &&
-  rm -rf /tmp/geoserver
-else
-  cp -r /tmp/geoserver/* "${GEOSERVER_HOME}"/ &&
-  cp -r "${GEOSERVER_HOME}"/webapps/geoserver "${CATALINA_HOME}"/webapps/geoserver &&
-  cp -r "${GEOSERVER_HOME}"/data_dir "${CATALINA_HOME}"/data &&
-  mv "${CATALINA_HOME}"/data/security "${CATALINA_HOME}"
-fi
-
 # Install GeoServer plugins in correct install dir
 if [[ -f ${GEOSERVER_HOME}/start.jar ]]; then
   GEOSERVER_INSTALL_DIR=${GEOSERVER_HOME}

scripts/start.sh

@@ -433,3 +433,4 @@ if [[ -z "${EXISTING_DATA_DIR}" ]]; then
 fi
 
 setup_logging
+