GeoServer Deployment Documentation - openskope/skope-api GitHub Wiki

We currently run the kartoza Docker image for our GeoServer dependency.

• https://hub.docker.com/r/kartoza/geoserver
• https://github.com/kartoza/docker-geoserver

Important Resources

Guidance on running GeoServer in production:

https://docs.geoserver.org/stable/en/user/production/index.html

https://github.com/openskope/skope-api/issues/22

Notes / Errata

PROXY_BASE_URL should be derived from HTTPS_PROXY_NAME and HTTPS_PROXY_PORT but doesn't work unless we also set SSL=true and have set up SSL certificates, keys, and termination for Tomcat at the moment. That's not too difficult to do via letsencrypt but we're going the option of continuing to let haproxy handle SSL termination and keep the traffic unencrypted within the local network. SKOPE has little to no sensitive information anyways (no user auth, etc).

So the workaround is to manually set PROXY_BASE_URL in geoserver/settings/web.xml which will be mounted into the kartoza Docker container's /settings directory.

Important environment variables (declared in the generated geoserver docker-compose.yml service definition from base.yml and prod.yml):

CSRF_WHITELIST: set to whatever PROXY_BASE_URL is e.g., geoserver.openskope.org
GEOSERVER_DATA_DIR: path to geoserver data
EXISTING_DATA_DIR: set to false to reset the admin username / password
GEOSERVER_ADMIN_PASSWORD_FILE: set to /run/secrets/whatever-the-geoserver-admin-pw-file-is-named
GEOSERVER_ADMIN_USER: choose-admin-username
COMMUNITY_EXTENSIONS: list community extensions to install from https://github.com/kartoza/docker-geoserver/blob/master/build_data/community_plugins.txt