forked from geoserver/docker
-
Notifications
You must be signed in to change notification settings - Fork 0
/
startup.sh
executable file
·217 lines (185 loc) · 8.79 KB
/
startup.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
#!/bin/bash
echo "Welcome to GeoServer $GEOSERVER_VERSION"
# function that can be used to copy a custom config file to the catalina conf dir
function copy_custom_config() {
CONFIG_FILE=$1
# Use a custom "${CONFIG_FILE}" if the user mounted one into the container
if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/${CONFIG_FILE}" ]; then
echo "Installing configuration override for ${CONFIG_FILE} with substituted environment variables"
envsubst < "${CONFIG_OVERRIDES_DIR}"/"${CONFIG_FILE}" > "${CATALINA_HOME}/conf/${CONFIG_FILE}"
else
# Otherwise use the default
echo "Installing default ${CONFIG_FILE} with substituted environment variables"
envsubst < "${CONFIG_DIR}"/"${CONFIG_FILE}" > "${CATALINA_HOME}/conf/${CONFIG_FILE}"
# since autodeploy is disabled by default, we need to enable it if the user has not provided a custom server.xml
if [ "${CONFIG_FILE}" = "server.xml" ] && [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then
echo "Deploying ROOT context to allow for redirect to ${WEBAPP_CONTEXT}"
sed -i '\:</Host>:i\<Context override="true" docBase="ROOT" path=""></Context>' $CATALINA_HOME/conf/server.xml
fi
fi
}
## Add a permanent redirect (HTTP 301) from the root webapp ("/") to geoserver web interface ("/geoserver/web")
if [ "${ROOT_WEBAPP_REDIRECT}" = "true" ] && [ "${WEBAPP_CONTEXT}" != "" ]; then
if [ ! -d $CATALINA_HOME/webapps/ROOT ]; then
mkdir $CATALINA_HOME/webapps/ROOT
fi
cat > $CATALINA_HOME/webapps/ROOT/index.jsp << EOF
<%
final String redirectURL = "/${WEBAPP_CONTEXT}/web/";
response.setStatus(HttpServletResponse.SC_MOVED_PERMANENTLY);
response.setHeader("Location", redirectURL);
%>
EOF
fi
# Set the HEALTHCHECK URL depending on the webapp context
# remove duplicate forward slashes
DEFAULT_HEALTHCHECK_URL=$(echo "localhost:8080/${WEBAPP_CONTEXT}/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png" | tr -s /)
DEFAULT_HEALTHCHECK_URL="http://${DEFAULT_HEALTHCHECK_URL}"
# write the healthcheck URL to a file that geoserver user has access to but is not served by tomcat
echo "${HEALTHCHECK_URL:-$DEFAULT_HEALTHCHECK_URL}" > $CATALINA_HOME/conf/healthcheck_url.txt
# ensure that GEOSERVER_DATA_DIR exists as a directory
if [ ! -e "$GEOSERVER_DATA_DIR" ]; then
mkdir -p $GEOSERVER_DATA_DIR
echo "Created new GeoServer data directory $GEOSERVER_DATA_DIR as it did not exist."
fi
if [ "${SKIP_DEMO_DATA}" = "true" ]; then
# skipping demo data
if [ "$SET_GEOSERVER_REQUIRE_FILE" = true ]; then
echo "SET_GEOSERVER_REQUIRE_FILE will be ignored because SKIP_DEMO_DATA is set to true"
fi
# unset geoserver require file
if [ ! -z "$GEOSERVER_REQUIRE_FILE" ]; then
echo "GEOSERVER_REQUIRE_FILE will be ignored because SKIP_DEMO_DATA is set to true"
unset GEOSERVER_REQUIRE_FILE
fi
else
# using demo data if data dir does not contain geoserver require file
# set geoserver require file to the correct value
if [ "$SET_GEOSERVER_REQUIRE_FILE" = true ]; then
if [ -z "$GEOSERVER_REQUIRE_FILE" ]; then
export GEOSERVER_REQUIRE_FILE="$GEOSERVER_DATA_DIR/global.xml"
else
echo "SET_GEOSERVER_REQUIRE_FILE is ignored because GEOSERVER_REQUIRE_FILE is set to a value"
fi
fi
## install release data directory if needed before starting tomcat
if [ ! -f "$GEOSERVER_REQUIRE_FILE" ]; then
echo "Initialize $GEOSERVER_DATA_DIR from data directory included in geoserver.war"
cp -r $CATALINA_HOME/webapps/geoserver/data/* $GEOSERVER_DATA_DIR
fi
fi
## install GeoServer extensions before starting the tomcat
/opt/install-extensions.sh
# copy additional geoserver libs before starting the tomcat
# we also count whether at least one file with the extensions exists
count=`ls -1 $ADDITIONAL_LIBS_DIR/*.jar 2>/dev/null | wc -l`
if [ -d "$ADDITIONAL_LIBS_DIR" ] && [ $count != 0 ]; then
cp $ADDITIONAL_LIBS_DIR/*.jar $CATALINA_HOME/webapps/geoserver/WEB-INF/lib/
echo "Installed $count JAR extension file(s) from the additional libs folder"
fi
# copy additional fonts before starting the tomcat
# we also count whether at least one file with the fonts exists
count=`ls -1 $ADDITIONAL_FONTS_DIR/*.ttf 2>/dev/null | wc -l`
if [ -d "$ADDITIONAL_FONTS_DIR" ] && [ $count != 0 ]; then
cp $ADDITIONAL_FONTS_DIR/*.ttf /usr/share/fonts/truetype/
echo "Installed $count TTF font file(s) from the additional fonts folder"
fi
# configure CORS (inspired by https://github.com/oscarfonts/docker-geoserver)
# if enabled, this will add the filter definitions
# to the end of the web.xml
# (this will only happen if our filter has not yet been added before)
if [ "${CORS_ENABLED}" = "true" ]; then
if ! grep -q DockerGeoServerCorsFilter "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"; then
echo "Enable CORS for $CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml"
# Add support for access-control-allow-credentials when the origin is not a wildcard when specified via env var
if [ "${CORS_ALLOWED_ORIGINS}" != "*" ] && [ "${CORS_ALLOW_CREDENTIALS}" = "true" ]; then
CORS_ALLOW_CREDENTIALS="true"
else
CORS_ALLOW_CREDENTIALS="false"
fi
sed -i "\:</web-app>:i\\
<filter>\n\
<filter-name>DockerGeoServerCorsFilter</filter-name>\n\
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>\n\
<init-param>\n\
<param-name>cors.allowed.origins</param-name>\n\
<param-value>${CORS_ALLOWED_ORIGINS}</param-value>\n\
</init-param>\n\
<init-param>\n\
<param-name>cors.allowed.methods</param-name>\n\
<param-value>${CORS_ALLOWED_METHODS}</param-value>\n\
</init-param>\n\
<init-param>\n\
<param-name>cors.allowed.headers</param-name>\n\
<param-value>${CORS_ALLOWED_HEADERS}</param-value>\n\
</init-param>\n\
<init-param>\n\
<param-name>cors.support.credentials</param-name>\n\
<param-value>${CORS_ALLOW_CREDENTIALS}</param-value>\n\
</init-param>\n\
</filter>\n\
<filter-mapping>\n\
<filter-name>DockerGeoServerCorsFilter</filter-name>\n\
<url-pattern>/*</url-pattern>\n\
</filter-mapping>" "$CATALINA_HOME/webapps/geoserver/WEB-INF/web.xml";
fi
fi
if [ "${POSTGRES_JNDI_ENABLED}" = "true" ]; then
# Set up some default values
if [ -z "${POSTGRES_JNDI_RESOURCE_NAME}" ]; then
export POSTGRES_JNDI_RESOURCE_NAME="jdbc/postgres"
fi
if [ -z "${POSTGRES_PORT}" ]; then
export POSTGRES_PORT="5432"
fi
# Use a custom "context.xml" if the user mounted one into the container
copy_custom_config "context.xml"
fi
# Use a custom "server.xml" if the user mounted one into the container
copy_custom_config "server.xml"
# Use a custom "web.xml" if the user mounted one into the container
if [ -d "${CONFIG_OVERRIDES_DIR}" ] && [ -f "${CONFIG_OVERRIDES_DIR}/web.xml" ]; then
echo "Installing configuration override for web.xml with substituted environment variables"
if [ "${CORS_ENABLED}" = "true" ]; then
echo "Warning: the CORS_ENABLED's changes will be overwritten!"
fi
envsubst < "${CONFIG_OVERRIDES_DIR}"/web.xml > "${CATALINA_HOME}/webapps/geoserver/WEB-INF/web.xml"
fi
if [ "${HTTPS_ENABLED}" = "true" ]; then
if [ ! -f "${HTTPS_KEYSTORE_FILE}" ]; then
echo "ERROR: HTTPS was enabled but keystore file was not mounted to container [${HTTPS_KEYSTORE_FILE}]"
exit 1
fi
echo "Installing [${CATALINA_HOME}/conf/server.xml] with HTTPS support using substituted environment variables"
envsubst < "${CONFIG_DIR}"/server-https.xml > "${CATALINA_HOME}/conf/server.xml"
fi
# start the tomcat
# CIS - Tomcat Benchmark recommendations:
# * Turn off session facade recycling
# * Set a nondeterministic Shutdown command value
if [ ! "${ENABLE_DEFAULT_SHUTDOWN}" = "true" ]; then
REPLACEMENT="$(echo $RANDOM | md5sum | head -c 10)"
sed -i 's/SHUTDOWN/'"$REPLACEMENT"'/g' "$CATALINA_HOME/conf/server.xml"
REPLACEMENT=
fi
if [ -n "$GEOSERVER_ADMIN_PASSWORD" ] && [ -n "$GEOSERVER_ADMIN_USER" ]; then
/bin/sh /opt/update_credentials.sh
fi
# Run as non-privileged user
if [ "${RUN_UNPRIVILEGED}" = "true" ]
then
echo "The server will be run as non-privileged user 'tomcat'"
RUN_WITH_USER_UID=${RUN_WITH_USER_UID:=999}
RUN_WITH_USER_GID=${RUN_WITH_USER_GID:=${RUN_WITH_USER_UID} }
echo "creating user tomcat (${RUN_WITH_USER_UID}:${RUN_WITH_USER_GID})"
addgroup --gid ${RUN_WITH_USER_GID} tomcat && \
adduser --system -u ${RUN_WITH_USER_UID} --gid ${RUN_WITH_USER_GID} \
--no-create-home tomcat
if [ -n "$CHANGE_OWNERSHIP_ON_FOLDERS" ]; then
echo "Changing ownership accordingly ($CHANGE_OWNERSHIP_ON_FOLDERS)"
chown -R tomcat:tomcat $CHANGE_OWNERSHIP_ON_FOLDERS
fi
exec gosu tomcat $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
else
exec $CATALINA_HOME/bin/catalina.sh run -Dorg.apache.catalina.connector.RECYCLE_FACADES=true
fi