Merge pull request #437 from kartoza/entrypoint

Entrypoint fixes

.env

@@ -1,11 +1,11 @@
 COMPOSE_PROJECT_NAME=kartozageoserver
 
 IMAGE_VERSION=9.0-jdk11-openjdk-slim-buster
-GS_VERSION=2.21.0
+GS_VERSION=2.21.1
 GEOSERVER_PORT=8600
 # Build Arguments
 JAVA_HOME=/usr/local/openjdk-11
-WAR_URL=http://downloads.sourceforge.net/project/geoserver/GeoServer/2.21.0/geoserver-2.21.0-war.zip
+WAR_URL=http://downloads.sourceforge.net/project/geoserver/GeoServer/2.21.1/geoserver-2.21.1-war.zip
 STABLE_PLUGIN_BASE_URL=https://sonik.dl.sourceforge.net
 DOWNLOAD_ALL_STABLE_EXTENSIONS=1
 DOWNLOAD_ALL_COMMUNITY_EXTENSIONS=1

Dockerfile

@@ -4,15 +4,11 @@ ARG JAVA_HOME=/usr/local/openjdk-11
 FROM tomcat:$IMAGE_VERSION
 
 LABEL maintainer="Tim Sutton<[email protected]>"
-ARG GS_VERSION=2.21.0
+ARG GS_VERSION=2.21.1
 ARG WAR_URL=https://downloads.sourceforge.net/project/geoserver/GeoServer/${GS_VERSION}/geoserver-${GS_VERSION}-war.zip
 ARG STABLE_PLUGIN_BASE_URL=https://sonik.dl.sourceforge.net
 ARG DOWNLOAD_ALL_STABLE_EXTENSIONS=1
 ARG DOWNLOAD_ALL_COMMUNITY_EXTENSIONS=1
-ARG GEOSERVER_UID=1000
-ARG GEOSERVER_GID=10001
-ARG USER=geoserveruser
-ARG GROUP_NAME=geoserverusers
 ARG HTTPS_PORT=8443
 ENV DEBIAN_FRONTEND=noninteractive
 #Install extra fonts to use with sld font markers
@@ -22,7 +18,7 @@ RUN set -eux; \
         locales gnupg2 wget ca-certificates rpl pwgen software-properties-common  iputils-ping \
         apt-transport-https curl gettext fonts-cantarell lmodern ttf-aenigma \
         ttf-bitstream-vera ttf-sjfonts tv-fonts  libapr1-dev libssl-dev  \
-        wget zip unzip curl xsltproc certbot  cabextract gettext postgresql-client figlet; \
+        wget zip unzip curl xsltproc certbot  cabextract gettext postgresql-client figlet gosu; \
     # Install gdal3 - bullseye doesn't build libgdal-java anymore so we can't upgrade
     curl https://deb.meteo.guru/velivole-keyring.asc |  apt-key add - \
     && echo "deb https://deb.meteo.guru/debian buster main" > /etc/apt/sources.list.d/meteo.guru.list \
@@ -31,7 +27,9 @@ RUN set -eux; \
     dpkg-divert --local --rename --add /sbin/initctl \
     && (echo "Yes, do as I say!" | apt-get remove --force-yes login) \
     && apt-get clean \
-    && rm -rf /var/lib/apt/lists/*
+    && rm -rf /var/lib/apt/lists/*; \
+    # verify that the binary works
+	gosu nobody true
 
 ENV \
     JAVA_HOME=${JAVA_HOME} \
@@ -45,35 +43,26 @@ ENV \
     RANDFILE=/etc/certs/.rnd \
     FONTS_DIR=/opt/fonts \
     GEOSERVER_HOME=/geoserver \
-    EXTRA_CONFIG_DIR=/settings
+    EXTRA_CONFIG_DIR=/settings \
+    COMMUNITY_PLUGINS_DIR=/community_plugins  \
+    STABLE_PLUGINS_DIR=/stable_plugins
 
 
 WORKDIR /scripts
 ADD resources /tmp/resources
 ADD build_data /build_data
 ADD scripts /scripts
 
-RUN groupadd -r ${GROUP_NAME} -g ${GEOSERVER_GID} && \
-    useradd -l -m -d /home/${USER}/ -u ${GEOSERVER_UID} --gid ${GEOSERVER_GID} -s /bin/bash -G ${GROUP_NAME} ${USER}; \
-    mkdir -p  ${GEOSERVER_DATA_DIR} ${CERT_DIR} ${FOOTPRINTS_DATA_DIR} ${FONTS_DIR} \
-             ${GEOWEBCACHE_CACHE_DIR} ${GEOSERVER_HOME} ${EXTRA_CONFIG_DIR} /community_plugins /stable_plugins \
-            /geo_data; \
-    cp /build_data/stable_plugins.txt /stable_plugins && cp /build_data/community_plugins.txt /community_plugins && \
-    cp /build_data/letsencrypt-tomcat.xsl ${CATALINA_HOME}/conf/ssl-tomcat.xsl; \
-    echo $GS_VERSION > /scripts/geoserver_version.txt ;\
+RUN echo $GS_VERSION > /scripts/geoserver_version.txt ;\
     chmod +x /scripts/*.sh;/scripts/setup.sh \
-    && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*;chown -R ${USER}:${GROUP_NAME} \
-    ${CATALINA_HOME} ${FOOTPRINTS_DATA_DIR} ${GEOSERVER_DATA_DIR} /scripts ${CERT_DIR} ${FONTS_DIR} \
-    /tmp/ /home/${USER}/ /community_plugins/ /stable_plugins ${GEOSERVER_HOME} ${EXTRA_CONFIG_DIR} \
-    /usr/share/fonts/ /geo_data;chmod o+rw ${CERT_DIR}
+    && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 
 EXPOSE  $HTTPS_PORT
 
 
-USER ${GEOSERVER_UID}
 RUN echo 'figlet -t "Kartoza Docker GeoServer"' >> ~/.bashrc
-VOLUME ["${GEOSERVER_DATA_DIR}", "${CERT_DIR}", "${FOOTPRINTS_DATA_DIR}", "${FONTS_DIR}"]
+
 WORKDIR ${GEOSERVER_HOME}
 
-CMD ["/bin/bash", "/scripts/entrypoint.sh"]
+ENTRYPOINT ["/bin/bash", "/scripts/entrypoint.sh"]

README.md

@@ -53,7 +53,7 @@ The preferred way (but using most bandwidth for the initial image) is to
 get our docker trusted build like this:
 
 ```shell
-VERSION=2.21.0
+VERSION=2.21.1
 docker pull kartoza/geoserver:$VERSION
 ```
 ### Building the image
@@ -95,13 +95,13 @@ To build using a specific tagged release for tomcat image set the
 to choose which tag you need to build against.
 
 ```
-ie VERSION=2.21.0
-docker build --build-arg IMAGE_VERSION=8-jre8 --build-arg GS_VERSION=2.21.0 -t kartoza/geoserver:${VERSION} .
+ie VERSION=2.21.1
+docker build --build-arg IMAGE_VERSION=8-jre8 --build-arg GS_VERSION=2.21.1 -t kartoza/geoserver:${VERSION} .
 ```
 
 For some recent builds it is necessary to set the JAVA_PATH as well (e.g. Apache Tomcat/9.0.36)
 ```
-docker build --build-arg IMAGE_VERSION=9-jdk11-openjdk-slim --build-arg JAVA_HOME=/usr/local/openjdk-11/bin/java --build-arg GS_VERSION=2.21.0 -t kartoza/geoserver:2.21.0 .
+docker build --build-arg IMAGE_VERSION=9-jdk11-openjdk-slim --build-arg JAVA_HOME=/usr/local/openjdk-11/bin/java --build-arg GS_VERSION=2.21.1 -t kartoza/geoserver:2.21.1 .
 ```
 
 **Note:** Please check the [GeoServer documentation](https://docs.geoserver.org/stable/en/user/production/index.html) to see which tomcat versions
@@ -164,7 +164,7 @@ The image ships with the following stable plugins:
 * csw-plugin
 
 **Note:** The plugins listed above are omitted from [Stable_plugins.txt](https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt)
-even though they are considered [stable plugins](https://sourceforge.net/projects/geoserver/files/GeoServer/2.21.0/extensions/)
+even though they are considered [stable plugins](https://sourceforge.net/projects/geoserver/files/GeoServer/2.21.1/extensions/)
 The image activates them on startup.
 
 The image provides the necessary plugin zip files which are used when activating the
@@ -182,7 +182,7 @@ The environment variable `STABLE_EXTENSIONS` can be used to activate plugins lis
 Example
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -d -p 8600:8080 --name geoserver -e STABLE_EXTENSIONS=charts-plugin,db2-plugin kartoza/geoserver:${VERSION}
 
 ```
@@ -203,11 +203,14 @@ The environment variable `COMMUNITY_EXTENSIONS` can be used to activate plugins
 Example
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -d -p 8600:8080 --name geoserver -e COMMUNITY_EXTENSIONS=gwc-sqlite-plugin,ogr-datastore-plugin kartoza/geoserver:${VERSION}
 
 ```
 
+You can also pass the environment variable `FORCE_DOWNLOAD_COMMUNITY_EXTENSIONS=true` to download
+the latest community plugins during initialisation of the container.
+
 **Note:** Community plugins are always in flux state. There is no guarantee that
 plugins will be accessible between each successive build. You can build the extensions
 following the guidelines from [GeoServer develop guidelines](https://docs.geoserver.org/latest/en/developer/maven-guide/index.html#building-extensions)
@@ -218,7 +221,7 @@ Geoserver ships with sample data which can be used by users to familiarize them
 This is not activated by default. You can activate it using the environment variable `SAMPLE_DATA=true`
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -d -p 8600:8080 --name geoserver -e SAMPLE_DATA=true kartoza/geoserver:${VERSION}
 
 ```
@@ -293,14 +296,14 @@ If you set the environment variable `SSL=true` but do not provide the pem files
 the container will generate a self-signed SSL certificates.
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -it --name geoserver  -e PKCS12_PASSWORD=geoserver -e JKS_KEY_PASSWORD=geoserver -e JKS_STORE_PASSWORD=geoserver -e SSL=true -p 8443:8443 -p 8600:8080 kartoza/geoserver:${VERSION}
 ```
 
 If you already have your perm files (fullchain.pem and privkey.pem) you can mount the directory containing your keys as:
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -it --name geo -v /etc/certs:/etc/certs  -e PKCS12_PASSWORD=geoserver -e JKS_KEY_PASSWORD=geoserver -e JKS_STORE_PASSWORD=geoserver -e SSL=true -p 8443:8443 -p 8600:8080 kartoza/geoserver:${VERSION}
 
 ```
@@ -362,7 +365,7 @@ To include Tomcat extras including docs, examples, and the manager webapp, set t
 to use a strong password otherwise the default one is set up.
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -it --name geoserver  -e TOMCAT_EXTRAS=true -p 8600:8080 kartoza/geoserver:${VERSION}
 ```
 
@@ -384,7 +387,7 @@ If you have downloaded extra fonts you can mount the folder to the path
 path during initialisation.
 
 ```
-ie VERSION=2.21.0
+ie VERSION=2.21.1
 docker run -v fonts:/opt/fonts -p 8080:8080 -t kartoza/geoserver:${VERSION}
 ```
 

clustering/docker-compose.yml

@@ -19,7 +19,7 @@ services:
       healthcheck:
         test: "pg_isready -d gis"
    master:
-      image: kartoza/geoserver:2.21.0
+      image: kartoza/geoserver:2.21.1
       volumes:
          - geoserver-cluster-data:/opt/geoserver/data_dir
       ports:
@@ -50,7 +50,7 @@ services:
         timeout: 10s
         retries: 3
    node:
-      image: kartoza/geoserver:2.21.0
+      image: kartoza/geoserver:2.21.1
       volumes:
          - geoserver-cluster-data:/opt/geoserver/data_dir
       ports:

scripts/entrypoint.sh

@@ -4,6 +4,30 @@ set -e
 
 figlet -t "Kartoza Docker GeoServer"
 
+# Gosu preparations
+USER_ID=${GEOSERVER_UID:-1000}
+GROUP_ID=${GEOSERVER_GID:-1000}
+USER_NAME=${USER:-geoserveruser}
+GEO_GROUP_NAME=${GROUP_NAME:-geoserverusers}
+
+# Add group
+if [ ! $(getent group "${GEO_GROUP_NAME}") ]; then
+  groupadd -r "${GEO_GROUP_NAME}" -g ${GROUP_ID}
+fi
+
+# Add user to system
+if id "${USER_NAME}" &>/dev/null; then
+    echo ' skipping user creation'
+else
+    useradd -l -m -d /home/"${USER_NAME}"/ -u "${USER_ID}" --gid "${GROUP_ID}" -s /bin/bash -G "${GEO_GROUP_NAME}" "${USER_NAME}"
+fi
+
+# Create directories
+mkdir -p  "${GEOSERVER_DATA_DIR}" "${CERT_DIR}" "${FOOTPRINTS_DATA_DIR}" "${FONTS_DIR}" "${GEOWEBCACHE_CACHE_DIR}" \
+"${GEOSERVER_HOME}" "${EXTRA_CONFIG_DIR}"
+
+
+
 source /scripts/functions.sh
 source /scripts/env-data.sh
 
@@ -14,6 +38,8 @@ export CLUSTER_CONFIG_DIR MONITOR_AUDIT_PATH CLUSTER_LOCKFILE INSTANCE_STRING
 
 /bin/bash /scripts/start.sh
 
+
+
 log CLUSTER_CONFIG_DIR="${CLUSTER_CONFIG_DIR}"
 log MONITOR_AUDIT_PATH="${MONITOR_AUDIT_PATH}"
 
@@ -55,8 +81,15 @@ export GEOSERVER_OPTS="-Djava.awt.headless=true -server -Xms${INITIAL_MEMORY} -X
 ## Prepare the JVM command line arguments
 export JAVA_OPTS="${JAVA_OPTS} ${GEOSERVER_OPTS}"
 
+
+# Chown again - seems to fix issue with resolving all created directories
+chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${CATALINA_HOME}" "${FOOTPRINTS_DATA_DIR}" "${GEOSERVER_DATA_DIR}" \
+"${CERT_DIR}" "${FONTS_DIR}"  /home/"${USER_NAME}"/ "${COMMUNITY_PLUGINS_DIR}" "${STABLE_PLUGINS_DIR}" \
+"${GEOSERVER_HOME}" "${EXTRA_CONFIG_DIR}"  /usr/share/fonts/ /scripts /tomcat_apps.zip \
+/tmp/ "${GEOWEBCACHE_CACHE_DIR}";chmod o+rw "${CERT_DIR}"
+
 if [[ -f ${GEOSERVER_HOME}/start.jar ]]; then
-  exec java "$JAVA_OPTS"  -jar start.jar
+  exec gosu ${USER_NAME} java "$JAVA_OPTS"  -jar start.jar
 else
-  exec /usr/local/tomcat/bin/catalina.sh run
-fi
+  exec gosu ${USER_NAME} /usr/local/tomcat/bin/catalina.sh run
+fi

scripts/setup.sh

@@ -7,14 +7,20 @@ source /scripts/functions.sh
 resources_dir="/tmp/resources"
 create_dir ${resources_dir}/plugins/gdal
 create_dir /usr/share/fonts/opentype
-create_dir ${EXTRA_CONFIG_DIR}/tomcat_apps
+create_dir /tomcat_apps
 create_dir "${CATALINA_HOME}"/postgres_config
+create_dir "${STABLE_PLUGINS_DIR}"
+create_dir "${COMMUNITY_PLUGINS_DIR}"
+
+# Copy config files
+cp /build_data/stable_plugins.txt /stable_plugins && cp /build_data/community_plugins.txt /community_plugins && \
+cp /build_data/letsencrypt-tomcat.xsl ${CATALINA_HOME}/conf/ssl-tomcat.xsl
 
 validate_url http://ftp.br.debian.org/debian/pool/contrib/m/msttcorefonts/ttf-mscorefonts-installer_3.8_all.deb && \
  dpkg -i ttf-mscorefonts-installer_3.8_all.deb && rm ttf-mscorefonts-installer_3.8_all.deb
 
 
-pushd /stable_plugins || exit
+pushd "${STABLE_PLUGINS_DIR}" || exit
 
 # Check if we have pre downloaded plugin yet
 stable_count=$(ls -1 $resources_dir/plugins/stable_plugins/*.zip 2>/dev/null | wc -l)
@@ -41,7 +47,7 @@ else
 fi
 
 # Download community extensions. This needs to be checked on each iterations as they sometimes become unavailable
-pushd /community_plugins || exit
+pushd "${COMMUNITY_PLUGINS_DIR}" || exit
 
 if [ -z "${DOWNLOAD_ALL_COMMUNITY_EXTENSIONS}" ] || [ "${DOWNLOAD_ALL_COMMUNITY_EXTENSIONS}" -eq 0 ]; then
   plugin=$(head -n 1 /community_plugins/community_plugins.txt)
@@ -162,17 +168,15 @@ rm -f /tmp/resources/overlays/README.txt &&
 
 # Package tomcat webapps - useful to activate later
 if [ -d "$CATALINA_HOME"/webapps.dist ]; then
-    mv "$CATALINA_HOME"/webapps.dist ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    pushd "${EXTRA_CONFIG_DIR}" || exit &&
-    zip -r tomcat_apps.zip tomcat_apps && rm -r tomcat_apps
+    mv "$CATALINA_HOME"/webapps.dist /tomcat_apps &&
+    zip -r /tomcat_apps.zip /tomcat_apps && rm -r /tomcat_apps
 else
-    cp -r "${CATALINA_HOME}"/webapps/ROOT ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    cp -r "${CATALINA_HOME}"/webapps/docs ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    cp -r "${CATALINA_HOME}"/webapps/examples ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    cp -r "${CATALINA_HOME}"/webapps/host-manager ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    cp -r "${CATALINA_HOME}"/webapps/manager ${EXTRA_CONFIG_DIR}/tomcat_apps &&
-    pushd "${EXTRA_CONFIG_DIR}" || exit &&
-    zip -r tomcat_apps.zip tomcat_apps && rm -r tomcat_apps
+    cp -r "${CATALINA_HOME}"/webapps/ROOT /tomcat_apps &&
+    cp -r "${CATALINA_HOME}"/webapps/docs /tomcat_apps &&
+    cp -r "${CATALINA_HOME}"/webapps/examples /tomcat_apps &&
+    cp -r "${CATALINA_HOME}"/webapps/host-manager /tomcat_apps &&
+    cp -r "${CATALINA_HOME}"/webapps/manager /tomcat_apps &&
+    zip -r /tomcat_apps.zip /tomcat_apps && rm -r /tomcat_apps
 fi
 
 # Delete resources after installation

scripts/start.sh

@@ -23,6 +23,7 @@ fi
 
 # Add custom espg properties file or the default one
 create_dir "${GEOSERVER_DATA_DIR}"/user_projections
+create_dir "${GEOWEBCACHE_CACHE_DIR}"
 
 setup_custom_crs
 
@@ -215,7 +216,7 @@ fi
 
 
 if [[ "${TOMCAT_EXTRAS}" =~ [Tt][Rr][Uu][Ee] ]]; then
-    unzip -qq ${EXTRA_CONFIG_DIR}/tomcat_apps.zip -d /tmp/ &&
+    unzip -qq /tomcat_apps.zip -d /tmp/ &&
     cp -r  /tmp/tomcat_apps/webapps.dist/* "${CATALINA_HOME}"/webapps/ &&
     rm -r /tmp/tomcat_apps
     if [[ ${POSTGRES_JNDI} =~ [Ff][Aa][Ll][Ss][Ee] ]]; then