This Dockerfile can be used to create images for all geoserver versions since 2.5.
- Based on the official
tomcat
docker image, in particular:- Tomcat 9
- JDK11 (eclipse temurin)
- Ubuntu Jammy (22.04 LTS)
- GeoServer installation is configurable and supports
- Dynamic installation of extensions
- Custom fonts (e.g. for SLD styling)
- CORS
- Additional libraries
- PostgreSQL JNDI
- HTTPS
This README.md file covers use of official docker image, additional build and release instructions are available.
To pull an official image use docker.osgeo.org/geoserver:{{VERSION}}
, e.g.:
docker pull docker.osgeo.org/geoserver:2.26.0
All the images can be found at: https://repo.osgeo.org and the latest stable and maintenance version numbers can be obtained from https://geoserver.org/download/
Afterwards you can run the pulled image locally with:
docker run -it -p 80:8080 docker.osgeo.org/geoserver:2.26.0
Or if you want to start the container daemonized, use e.g.:
docker run -d -p 80:8080 docker.osgeo.org/geoserver:2.26.0
Check http://localhost/geoserver to see the geoserver page,
and login with geoserver default admin:geoserver
credentials.
IMPORTANT NOTE: Please change the default geoserver
and master
passwords.
For more information see the user-guide docker installation instructions.
To use an external folder as your geoserver data directory.
docker run -it -p 80:8080 \
--mount src="/absolute/path/on/host",target=/opt/geoserver_data/,type=bind \
docker.osgeo.org/geoserver:2.26.0
An empty data directory will be populated on first use. You can easily update GeoServer while using the same data directory.
This image populates /opt/geoserver_data/
with demo data by default. For production scenarios this is typically not desired.
The environment variable SKIP_DEMO_DATA
can be set to true
to create an empty data directory.
docker run -it -p 80:8080 \
--env SKIP_DEMO_DATA=true \
docker.osgeo.org/geoserver:2.26.0
By default, GeoServer is served from http://localhost/geoserver. Use the environment variable WEBAPP_CONTEXT
to change the context path.
examples:
The following will serve GeoServer from the root (http://localhost/):
docker run -it -p 80:8080 \
--env WEBAPP_CONTEXT="" \
docker.osgeo.org/geoserver:2.26.0
The following will serve GeoServer from http://localhost/my_context_path:
docker run -it -p 80:8080 \
--env WEBAPP_CONTEXT="my_context_path" \
docker.osgeo.org/geoserver:2.26.0
By default, the ROOT webapp is not available which makes requests to the root endpoint "/" return a 404 error.
The environment variable ROOT_WEBAPP_REDIRECT
can be set to true
to issue a permanent redirect to the web interface.
The startup.sh
script allows some customization on startup:
INSTALL_EXTENSIONS
totrue
to download and install extensionsSTABLE_EXTENSIONS
list of extensions to download and installCORS_ENABLED
totrue
to enable CORS support. The following environment variables can be used to customize the CORS configuration.CORS_ALLOWED_ORIGINS
(default*
)CORS_ALLOWED_METHODS
(defaultGET,POST,PUT,DELETE,HEAD,OPTIONS
)CORS_ALLOWED_HEADERS
(defaultOrigin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers
)CORS_ALLOW_CREDENTIALS
(defaultfalse
) Setting this totrue
will only have the desired effect ifCORS_ALLOWED_ORIGINS
defines explicit origins (not*
)
PROXY_BASE_URL
to the base URL of the GeoServer web app if GeoServer is behind a proxy. Example:https://example.com/geoserver
.
The CORS variables customize tomcat's web.xml
file. If you need more customization,
you can provide your own customized web.xml
file to tomcat by mounting it into the container
at /opt/config_overrides/web.xml
.
Example installing wps and ysld extensions:
docker run -it -p 80:8080 \
--env INSTALL_EXTENSIONS=true --env STABLE_EXTENSIONS="wps,ysld" \
docker.osgeo.org/geoserver:2.26.0
The list of extensions (taken from SourceForge download page):
app-schema gdal jp2k ogr-wps web-resource
authkey geofence libjpeg-turbo oracle wmts-multi-dimensional
cas geofence-server mapml params-extractor wps-cluster-hazelcast
charts geopkg-output mbstyle printing wps-cluster-hazelcast
control-flow grib mongodb pyramid wps-download
css gwc-s3 monitor querylayer wps-jdbc
csw h2 mysql sldservice wps
db2 imagemap netcdf-out sqlserver xslt
dxf importer netcdf vectortiles ysld
excel inspire ogr-wfs wcs2_0-eo
If you want to add geoserver extensions/libs, place the respective jar files in a directory and mount it like
docker run -it -p 80:8080 \
--mount src="/dir/with/libs/on/host",target=/opt/additional_libs,type=bind \
docker.osgeo.org/geoserver:2.26.0
If you want to add custom fonts (the base image only contains 26 fonts) by using a mount:
docker run -it -p 80:8080 \
--mount src="/dir/with/fonts/on/host",target=/opt/additional_fonts,type=bind \
docker.osgeo.org/geoserver:2.26.0
Note: Do not change the target value!
To enable a PostgreSQL JNDI resource, provide the following environment variables:
POSTGRES_JNDI_ENABLED
totrue
POSTGRES_HOST
POSTGRES_PORT
(optional; defaults to 5432)POSTGRES_DB
POSTGRES_USERNAME
POSTGRES_PASSWORD
POSTGRES_JNDI_RESOURCE_NAME
(optional; defaults tojdbc/postgres
)
In geoserver, you can then reference this JNDI resource using the name java:comp/env/jdbc/postgres
(if using default).
This image provides default (tomcat) configurations that are located in the ./config/
subdir.
context.xml
(see/compare JNDI feature from above)server.xml
(security hardened version by default)
In case you want to fully overwrite such a config file, you can do so by mounting it to the /opt/config_overrides/
directory of a container.
The startup.sh
script will then copy (and overwrite) these files to the catalina conf directory before starting tomcat.
Example:
docker run -it -p 80:8080 \
--mount src="/path/to/my/server.xml",target=/opt/config_overrides/server.xml,type=bind \
docker.osgeo.org/geoserver:2.26.0
To enable HTTPS, mount a JKS file to the container (ex. /opt/keystore.jks
) and provide the following environment
variables:
HTTPS_ENABLED
totrue
HTTPS_KEYSTORE_FILE
(defaults to/opt/keystore.jks
)HTTPS_KEYSTORE_PASSWORD
(defaults tochangeit
)HTTPS_KEY_ALIAS
(defaults toserver
)
It is usually considered a good practice to run the containers as a non-privileged user (not root
).
While it runs by default as root, for backwards compatibility reasons, several environment variables allow you to change this behaviour:
RUN_UNPRIVILEGED=true
: run as unprivileged usertomcat
. Default uid:gid are 999:999RUN_WITH_USER_UID
allows you to settomcat
's uid. By default this is 999.RUN_WITH_USER_GID
allows you to settomcat
's gid. By default this is the same as the uid.CHANGE_OWNERSHIP_ON_FOLDERS
sets a space-separated list of folders on which achmod -R
will be run, changing the ownership of those folders to thetomcat
user (defaults to"/opt $GEOSERVER_DATA_DIR"
).
The docker-compose-demo.yml
to build with your own data directory and extensions.
Stage geoserver data directory contents into geoserver_data
, and any extensions into additional_libs
folder.
Run docker-compose
:
docker-compose -f docker-compose-demo.yml up --build
Following is the list of the all the environment variables that can be passed down to the geoserver docker image, you can check the default values for an image using docker inspect [IMAGE_NAME]
VAR NAME | DESCRIPTION | SAMPLE VALUE |
---|---|---|
PATH | Used by geoserver internally to find all the libs | /usr/local/sbin:/usr/local/bin: |
CATALINA_HOME | CATALINA home path | /usr/local/tomcat (see also here) |
EXTRA_JAVA_OPTS | Used to pass params to the JAVA environment. Check ref | -Xms256m -Xmx1g |
CORS_ENABLED | CORS enabled configuration | false |
CORS_ALLOWED_ORIGINS | CORS origins configuration | * |
CORS_ALLOWED_METHODS | CORS method configuration | GET,POST,PUT,DELETE,HEAD,OPTIONS |
CORS_ALLOWED_HEADERS | CORS headers configuration | Origin,Accept,X-Requested-With,Content-Type,Access-Control-Request-Method,Access-Control-Request-Headers |
DEBIAN_FRONTEND | Configures the Debian package manager frontend | noninteractive |
CATALINA_OPTS | Catalina options. Check ref | -Djava.awt.headless=true |
GEOSERVER_DATA_DIR | Geoserver data directory location | /opt/geoserver_data/ |
GEOSERVER_REQUIRE_FILE | Geoserver configuration used interally | /opt/geoserver_data/global.xml |
INSTALL_EXTENSIONS | Indicates whether additional GeoServer extensions should be installed | false |
WAR_ZIP_URL | Specifies the URL for a GeoServer Web Archive (WAR) file | |
STABLE_EXTENSIONS | Specifies stable GeoServer extensions | |
STABLE_PLUGIN_URL | Specifies the URL for downloading the latest stable GeoServer plugins | https://build.geoserver.org/geoserver/2.26.x/ext-latest |
COMMUNITY_EXTENSIONS | Specifies community-contributed GeoServer extensions | |
COMMUNITY_PLUGIN_URL | Specifies the URL for downloading the latest community-contributed GeoServer plugins | https://build.geoserver.org/geoserver/2.26.x/community-latest |
ADDITIONAL_LIBS_DIR | Sets the directory for additional libraries used by GeoServer | /opt/additional_libs/ |
ADDITIONAL_FONTS_DIR | Sets the directory for additional fonts used by GeoServer | /opt/additional_fonts/ |
SKIP_DEMO_DATA | Indicates whether to skip the installation of demo data provided by GeoServer | false |
ROOT_WEBAPP_REDIRECT | Indicates whether to issue a permanent redirect to the web interface | false |
HEALTHCHECK_URL | URL to the resource / endpoint used for docker health checks |
http://localhost:8080/geoserver/web/wicket/resource/org.geoserver.web.GeoServerBasePage/img/logo.png |
GEOSERVER_ADMIN_USER | Admin username | |
GEOSERVER_ADMIN_PASSWORD | Admin password | |
RUN_UNPRIVILEGED | If set to true , runs as an unprivileged user tomcat instead of root . |
true |
RUN_WITH_USER_UID | When running as unprivileged user, sets the uid of this user. Defaults to 999 |
999 |
RUN_WITH_USER_GID | When running as unprivileged user, sets the gid of this user. Defaults to the same as the uid | 999 |
CHANGE_OWNERSHIP_ON_FOLDERS | When running as unprivileged user, changes the ownership to this user to these folders | "/opt /opt/geoserver_data/ /mnt/geoserver_geodata" |
After the initial setup, it's recommended to remove the GEOSERVER_ADMIN_USER
and GEOSERVER_ADMIN_PASSWORD
variable. Otherwise, newly added roles and users may be overwritten by the next time the container is restarted.
The following values cannot really be safely changed (as they are used to download extensions and community modules as the docker image first starts up).
VAR NAME | DESCRIPTION | SAMPLE VALUE |
---|---|---|
GEOSERVER_VERSION | Geoserver version (used internally) | 2.24-SNAPSHOT |
GEOSERVER_BUILD | Geoserver build (used internally) | 1628 |
To watch geoserver.log
of a running container:
docker exec -it {CONTAINER_ID} tail -f /opt/geoserver_data/logs/geoserver.log