From 5140c3699ca473de5af1d15ed61b6b938e891f49 Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:16:23 +0100 Subject: [PATCH 1/9] rework docker compose --- .envs-database-georchestra | 23 -- .gitignore | 4 +- README.md | 52 ++- docker-compose.atlas.yml | 13 - docker-compose.data-api.yml | 23 -- docker-compose.datafeeder.gmail.yml | 20 - docker-compose.yml | 388 +++++++----------- .envs-common => envs/.envs-common | 0 .../.envs-database-datafeeder | 6 +- envs/.envs-database-georchestra | 24 ++ .envs-elastic => envs/.envs-elastic | 8 +- .envs-hosts => envs/.envs-hosts | 6 +- .envs-ldap => envs/.envs-ldap | 0 13 files changed, 239 insertions(+), 328 deletions(-) delete mode 100644 .envs-database-georchestra delete mode 100644 docker-compose.atlas.yml delete mode 100644 docker-compose.data-api.yml delete mode 100644 docker-compose.datafeeder.gmail.yml rename .envs-common => envs/.envs-common (100%) rename .envs-database-datafeeder => envs/.envs-database-datafeeder (59%) create mode 100644 envs/.envs-database-georchestra rename .envs-elastic => envs/.envs-elastic (64%) rename .envs-hosts => envs/.envs-hosts (80%) rename .envs-ldap => envs/.envs-ldap (100%) diff --git a/.envs-database-georchestra b/.envs-database-georchestra deleted file mode 100644 index d63a06f..0000000 --- a/.envs-database-georchestra +++ /dev/null @@ -1,23 +0,0 @@ -# envs-database-georchestra -PGHOST=database -PGPORT=5432 -PGDATABASE=georchestra -PGUSER=georchestra -PGPASSWORD=georchestra - -POSTGRES_USER=${PGUSER} -POSTGRES_PASSWORD=${PGPASSWORD} - -# extra env var for jdbc -GEODATA_PGDATABASE=${PGDATABASE} -GEODATA_PGHOST=${PGHOST} -GEODATA_PGPORT=${PGPORT} -GEODATA_PGUSER=${PGUSER} -GEODATA_PGPASSWORD=${PGPASSWORD} - -# extra env for gs jdbc/gwc -GWC_PGDATABASE=${PGDATABASE} -GWC_PGHOST=${PGHOST} -GWC_PGPORT=${PGPORT} -GWC_PGUSERNAME=${PGUSER} -GWC_PGPASSWORD=${PGPASSWORD} diff --git a/.gitignore b/.gitignore index f7fd38c..cc5a777 100644 --- a/.gitignore +++ b/.gitignore @@ -8,9 +8,11 @@ # ignore the .env file so we can specify environment variables that are # not pushed to github .env -.envs-* +envs/.envs-* +secrets/slapd_password.txt # ignore the certs files and Caddy data directory resources/ssl/* resources/caddy/data/* # ignore possible caddy binary downloaded /caddy +volumes/ diff --git a/README.md b/README.md index 44c1abd..4449b6b 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,15 @@ This repository is meant to offer a convenient way to start geOrchestra for **development** or **demo** purposes. Production use is not recommended without hardening measures. +If you want to use this for production you might need to: +1. modify the way to use certificates +2. remove databases (database and postgis deployment and related volumes) from docker-compose +3. update [.envs](envs/) files +4. remove unwanted open ports +5. modify volumes management (don't let docker service do it..), you might want to store them in specific path +6. refit resources allocation with your use (Xmx Xms) + + ## Quick Start **1. Prerequisite** @@ -25,14 +34,16 @@ git clone --recurse-submodules https://github.com/georchestra/docker.git Choose which branch to run, eg for latest stable: ``` -git checkout 24.0 && git submodule update +git checkout 25.0 && git submodule update ``` **3. Run** +**3.1 Docker compose** + The default docker-compose file contains all geOrchestra modules. -It's recommended to double-check the `docker-compose.yml` and `docker-compose.override.yml` files if you need to comment useless modules (e.g extractor, mapstore,... ). +It's recommended to double-check the `docker-compose.yml` file if you need to comment useless modules (e.g ogc-api-records, mapstore,... ). You need to use the new Compose plugin V2, `docker-compose` (V1) is not supported by default: [https://docs.docker.com/compose/install/linux/](https://docs.docker.com/compose/install/linux/). If you still want to use the old `docker-compose` (V1), you need to remove all the parameters `depends_on` from the files `docker-compose.yml` and `docker-compose.override.yml`. @@ -50,6 +61,43 @@ To stop geOrchestra: docker compose down ``` +**3.2 Docker swarm** + +[docker-compose.swarm.yml](docker-compose.swarm.yml) contains spécific services needed for deploying it in swarm + +In order to run you will need to run those few commands: + +To initialize your cluster +``` +docker swarm init +``` +To deploy/redeploy (after modification of the docker-compose) georchestra: +``` +docker stack deploy -c docker-compose.yml -c docker-compose.swarm.yml georchestra +``` +verify the stack is present +``` +docker stack ls +``` +Verify that services are running +``` +docker stack services georchestra +``` +To access the log of the gateway for instance you can use: +``` +docker service logs georchestra_gateway +``` +To restart a service : +``` +docker service update --force georchestra_gateway +``` +To stop/delete the deployment: +``` +docker stack rm georchestra +``` + + + **4. Play** Open [https://georchestra-127-0-0-1.nip.io/](https://georchestra-127-0-0-1.nip.io/) in your browser. Then: diff --git a/docker-compose.atlas.yml b/docker-compose.atlas.yml deleted file mode 100644 index 1357da6..0000000 --- a/docker-compose.atlas.yml +++ /dev/null @@ -1,13 +0,0 @@ -version: "3.1" - -services: - # atlas printing services, eventually queried by the mapfishapp atlas addon - atlas: - image: georchestra/atlas:latest - volumes: - - georchestra_datadir:/etc/georchestra - environment: - - XMS=512M - - XMX=2G - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - restart: always diff --git a/docker-compose.data-api.yml b/docker-compose.data-api.yml deleted file mode 100644 index f86f829..0000000 --- a/docker-compose.data-api.yml +++ /dev/null @@ -1,23 +0,0 @@ -services: - data-api: - image: georchestra/data-api:latest - # healthcheck: - # test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/data/ogcapi >/dev/null || exit 1" ] - # interval: 30s - # timeout: 10s - # retries: 10 - depends_on: - database: - condition: service_healthy - volumes: - - georchestra_datadir:/etc/georchestra - environment: - SPRING_PROFILES_ACTIVE: postgis - LOGGING_LEVEL_COM_CAMPTOCAMP: DEBUG - LOGGING_LEVEL_ORG_GEOTOOLS: DEBUG - SERVER_SERVLET_CONTEXT_PATH: /data - POSTGRES_HOST: postgis - POSTGRES_PORT: 5432 - POSTGRES_DB: datafeeder - POSTGRES_USER: georchestra - POSTGRES_PASSWORD: georchestra diff --git a/docker-compose.datafeeder.gmail.yml b/docker-compose.datafeeder.gmail.yml deleted file mode 100644 index e75993a..0000000 --- a/docker-compose.datafeeder.gmail.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: "3.1" - -# Use this docker-compose override file in tandem with the default docker-compose.yml file -# to use the noreply.georchestra.dev@gmail.com test email as administrator email and actually -# send emails instead of going to the smtp-sink defined in docker-compose.override.yml. -# -# i.e.: docker-compose -f docker-compose.yml -f docker-compose.datafeeder.gmail.yml up -d -# -# But before doing so, create or edit the .env file and set the SMTP_PASSWORD variable -# to the actual account password, shared between the georchestra developers. -services: - datafeeder: - environment: - - smtpPassword=${SMTP_PASSWORD} - - smtpHost=smtp.gmail.com - - smtpPort=587 - - smtpUser=noreply.georchestra.dev@gmail.com - - smtpAuth=true - - smtpTLS=true - - administratorEmail=noreply.georchestra.dev@gmail.com diff --git a/docker-compose.yml b/docker-compose.yml index 9159961..11c19ee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,3 @@ -include: - - docker-compose.data-api.yml - volumes: postgresql_data: ldap_data: @@ -14,50 +11,37 @@ volumes: datafeeder_uploads: datafeeder_postgis_data: esdata: - georchestra_datadir: + smtp_maildir: + mail: + mail_spool: secrets: slapd_password: file: ./secrets/slapd_password.txt services: - copy-datadir: - image: alpine - command: sh -c "rm -r /etc/georchestra/* ; cp -r -f -v /mnt/datadir/* /etc/georchestra/ ; chmod 777 -R -v /etc/georchestra/" # "sleep 6000" - volumes: - - ./config:/mnt/datadir - - georchestra_datadir:/etc/georchestra - - envsubst: - image: georchestra/k8s-initcontainer-envsubst - depends_on: - copy-datadir: - condition: service_completed_successfully - environment: - - DEBUG=yes - - SUBST_FILES=/etc/georchestra/security-proxy/targets-mapping.properties /etc/georchestra/datafeeder/frontend-config.json /etc/georchestra/datafeeder/metadata_* /etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml - env_file: - - .envs-common - - .envs-hosts - volumes: - - georchestra_datadir:/etc/georchestra - database: image: georchestra/database:latest env_file: - - .envs-database-georchestra - depends_on: - envsubst: - condition: service_completed_successfully + - ./envs/.envs-database-georchestra + environment: + - PGHOST=localhost + healthcheck: + test: ["CMD-SHELL", "pg_isready -U georchestra"] + interval: 30s + timeout: 30s + retries: 5 + start_period: 30s + deploy: + restart_policy: + condition: on-failure + window: 15m volumes: - postgresql_data:/var/lib/postgresql restart: always ldap: image: georchestra/ldap:latest - depends_on: - envsubst: - condition: service_completed_successfully secrets: - slapd_password environment: @@ -70,10 +54,21 @@ services: - RUN_AS_GID=0 - LDAPHOST=localhost env_file: - - .envs-ldap + - ./envs/.envs-ldap volumes: - ldap_data:/var/lib/ldap - ldap_config:/etc/ldap + tmpfs: + - /var/run/slapd + restart: always + + smtp: + image: camptocamp/exim:latest + env_file: + - ./envs/.envs-smtprelay + volumes: + - mail:/var/mail + - mail_spool:/var/spool/exim4 restart: always gateway: @@ -81,56 +76,43 @@ services: depends_on: - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra env_file: - - .envs-common - - .envs-ldap - - .envs-hosts - - .envs-database-georchestra - -# uncomment for oauth 2.0 -# cas: -# image: georchestra/cas:latest -# healthcheck: -# test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1" ] -# interval: 30s -# timeout: 10s -# retries: 10 -# depends_on: -# ldap: -# condition: service_healthy -# volumes: -# - georchestra_datadir:/etc/georchestra -# environment: -# - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -# - XMS=256M -# - XMX=1G -# env_file: -# - .envs-common -# - .envs-ldap -# - .envs-database-georchestra -# restart: always + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + ports: + - "8080:8080" - header: - image: georchestra/header:latest + console: + image: georchestra/console:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/header/img/logo.png >/dev/null || exit 1"] + test: ["CMD-SHELL", "curl -s -f http://localhost:8080/console/account/new >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 depends_on: - envsubst: - condition: service_completed_successfully + ldap: + condition: service_healthy + database: + condition: service_healthy + rabbitmq: + condition: service_healthy volumes: - georchestra_datadir:/etc/georchestra environment: - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - XMS=256M - - XMX=512M + - XMX=1G env_file: - .envs-common + - .envs-ldap + - .envs-rabbitmq + - .envs-database-georchestra + - .envs-hosts restart: always geoserver: @@ -140,50 +122,25 @@ services: interval: 30s timeout: 10s retries: 10 + deploy: + resources: + limits: + cpus: "4" + memory: "8g" depends_on: - ldap: - condition: service_healthy - database: - condition: service_healthy + - ldap + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - geoserver_datadir:/mnt/geoserver_datadir - geoserver_geodata:/mnt/geoserver_geodata - geoserver_tiles:/mnt/geoserver_tiles - geoserver_native_libs:/mnt/geoserver_native_libs environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=8G - - env_file: - - .envs-database-georchestra - - .envs-database-datafeeder - restart: always - - console: - image: georchestra/console:latest - healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/console/account/new >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - depends_on: - ldap: - condition: service_healthy - database: - condition: service_healthy - volumes: - - georchestra_datadir:/etc/georchestra - environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=1G + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g env_file: - - .envs-common - - .envs-ldap - - .envs-database-georchestra - - .envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-database-datafeeder restart: always geonetwork: @@ -193,26 +150,85 @@ services: interval: 30s timeout: 10s retries: 10 + deploy: + resources: + limits: + cpus: "4" + memory: "4g" depends_on: - console: - condition: service_healthy - database: - condition: service_healthy - elasticsearch: - condition: service_healthy + - console + - database + - elasticsearch volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - geonetwork_datadir:/mnt/geonetwork_datadir environment: - - JAVA_OPTIONS=-Duser.home=/tmp/jetty -Dgeorchestra.datadir=/etc/georchestra -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=6G + - JAVA_OPTIONS=-Duser.home=/tmp/jetty -Dgeorchestra.datadir=/etc/georchestra -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx4g env_file: - - .envs-hosts - - .envs-database-georchestra - - .envs-elastic + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-elastic restart: always + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + deploy: + resources: + limits: + cpus: "0" + memory: "1g" + volumes: + - esdata:/usr/share/elasticsearch/data + healthcheck: + test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-elastic + environment: + discovery.type: single-node + ES_JAVA_OPTS: -Xms512m -Xmx512m + restart: always + + kibana: + scale: 0 + image: docker.elastic.co/kibana/kibana:8.14.3 + depends_on: + - elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-hosts + - ./envs/.envs-elastic + volumes: + - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml + restart: always + + ogc-api-records: + image: geonetwork/gn-cloud-ogc-api-records-service:4.4.7-0 + depends_on: + - geonetwork + - database + - elasticsearch + environment: + LANG: en_US.UTF-8 + SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records + SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml + SPRING_PROFILES_ACTIVE: standalone + JAVA_OPTS: -Dfile.encoding=UTF-8 + env_file: + - ./envs/.envs-common + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-elastic + volumes: + - ./config:/etc/georchestra + restart: always + datahub: image: geonetwork/geonetwork-ui-datahub:latest healthcheck: @@ -220,15 +236,12 @@ services: interval: 30s timeout: 10s retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully environment: ASSETS_DIRECTORY_OVERRIDE: /etc/georchestra/datahub/assets CONFIG_DIRECTORY_OVERRIDE: /etc/georchestra/datahub/conf CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/datahub/scripts volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra restart: always metadata-editor: @@ -238,35 +251,12 @@ services: interval: 30s timeout: 10s retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully environment: ASSETS_DIRECTORY_OVERRIDE: /etc/georchestra/metadata-editor/assets CONFIG_DIRECTORY_OVERRIDE: /etc/georchestra/metadata-editor/conf CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/metadata-editor/scripts volumes: - - georchestra_datadir:/etc/georchestra - restart: always - - analytics: - image: georchestra/analytics:latest - healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/analytics/ >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - depends_on: - database: - condition: service_healthy - volumes: - - georchestra_datadir:/etc/georchestra - environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=1G - env_file: - - .envs-database-georchestra + - ./config:/etc/georchestra restart: always mapstore: @@ -277,35 +267,30 @@ services: timeout: 10s retries: 10 depends_on: - database: - condition: service_healthy - ldap: - condition: service_healthy + - database + - ldap volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - mapstore_extensions:/mnt/mapstore_extensions environment: - JAVA_OPTS=-Xms512m -Xmx512m -Dgeorchestra.datadir=/etc/georchestra -Dgeorchestra.extensions=/mnt/mapstore_extensions -DPRINT_BASE_URL=pdf env_file: - - .envs-ldap - - .envs-database-georchestra + - ./envs/.envs-ldap + - ./envs/.envs-database-georchestra restart: always postgis: # used by datafeeder to ingest uploaded user datasets into - image: postgis/postgis:13-3.1-alpine + image: postgis/postgis:18-3.6-alpine healthcheck: test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] interval: 10s timeout: 3s retries: 3 - depends_on: - envsubst: - condition: service_completed_successfully env_file: - - .envs-database-datafeeder + - ./envs/.envs-database-datafeeder volumes: - - datafeeder_postgis_data:/var/lib/postgresql/data + - datafeeder_postgis_data:/var/lib/postgresql restart: always datafeeder: @@ -316,22 +301,20 @@ services: timeout: 10s retries: 10 depends_on: - database: - condition: service_healthy - postgis: - condition: service_healthy + - database + - postgis volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - datafeeder_uploads:/tmp/datafeeder environment: - JAVA_OPTIONS=-Xms512m -Xmx512m -Dspring.profiles.active=georchestra,data-api-schemas -Dspring.config.additional-location=file:/etc/georchestra/data-api/application.yaml # You can set a higher loglevel this way: (ref. https://docs.spring.io/spring-boot/docs/2.1.13.RELEASE/reference/html/boot-features-logging.html#boot-features-custom-log-levels) - LOGGING_LEVEL_ORG_GEORCHESTRA_DATAFEEDER=INFO env_file: - - .envs-common - - .envs-hosts - - .envs-database-georchestra - - .envs-database-datafeeder + - ./envs/.envs-common + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-database-datafeeder restart: always import: @@ -342,78 +325,9 @@ services: timeout: 10s retries: 10 depends_on: - envsubst: - condition: service_completed_successfully + - datafeeder environment: CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/datafeeder/scripts/import volumes: - - georchestra_datadir:/etc/georchestra - restart: always - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 - ulimits: - memlock: - soft: -1 - hard: -1 - deploy: - resources: - limits: - memory: 4g - volumes: - - esdata:/usr/share/elasticsearch/data - healthcheck: - test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully - env_file: - - .envs-elastic - environment: - discovery.type: single-node - ES_JAVA_OPTS: -Xms512m -Xmx512m - restart: always - - kibana: - scale: 0 - image: docker.elastic.co/kibana/kibana:8.14.3 - depends_on: - elasticsearch: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - environment: - ELASTICSEARCH_USERNAME: elastic - ELASTICSEARCH_PASSWORD: changeme - env_file: - - .envs-hosts - - .envs-elastic - volumes: - - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml + - ./config:/etc/georchestra restart: always - - ogc-api-records: - image: geonetwork/gn-cloud-ogc-api-records-service:4.2.2 - depends_on: - geonetwork: - condition: service_healthy - database: - condition: service_healthy - elasticsearch: - condition: service_healthy - environment: - LANG: en_US.UTF-8 - SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records - SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml - SPRING_PROFILES_ACTIVE: standalone - JAVA_OPTS: -Dfile.encoding=UTF-8 - volumes: - - georchestra_datadir:/etc/georchestra - restart: always - diff --git a/.envs-common b/envs/.envs-common similarity index 100% rename from .envs-common rename to envs/.envs-common diff --git a/.envs-database-datafeeder b/envs/.envs-database-datafeeder similarity index 59% rename from .envs-database-datafeeder rename to envs/.envs-database-datafeeder index e12bec0..bb134a0 100644 --- a/.envs-database-datafeeder +++ b/envs/.envs-database-datafeeder @@ -5,6 +5,6 @@ DF_PGPORT=5432 DF_PGUSER=georchestra DF_PGPASSWORD=georchestra -POSTGRES_DB=${DF_PGDATABASE} -POSTGRES_USER=${DF_PGUSER} -POSTGRES_PASSWORD=${DF_PGPASSWORD} \ No newline at end of file +POSTGRES_DB=datafeeder +POSTGRES_USER=georchestra +POSTGRES_PASSWORD=georchestra \ No newline at end of file diff --git a/envs/.envs-database-georchestra b/envs/.envs-database-georchestra new file mode 100644 index 0000000..4038fb9 --- /dev/null +++ b/envs/.envs-database-georchestra @@ -0,0 +1,24 @@ +# envs-database-georchestra +PGHOST=database +PGPORT=5432 +PGDATABASE=georchestra +PGUSER=georchestra +PGPASSWORD=georchestra + +POSTGRES_USER=georchestra +POSTGRES_PASSWORD=georchestra + +# extra env var for jdbc +GEODATA_PGDATABASE=georchestra +GEODATA_PGHOST=database +GEODATA_PGPORT=5432 +GEODATA_PGUSER=georchestra +GEODATA_PGPASSWORD=georchestra + +# extra env for gs jdbc/gwc +GWC_PGDATABASE=georchestra +GWC_PGHOST=database +GWC_PGPORT=5432 +GWC_PGUSERNAME=georchestra +GWC_PGPASSWORD=georchestra + diff --git a/.envs-elastic b/envs/.envs-elastic similarity index 64% rename from .envs-elastic rename to envs/.envs-elastic index 3c99bcd..f35c4bb 100644 --- a/.envs-elastic +++ b/envs/.envs-elastic @@ -2,12 +2,12 @@ ES_USERNAME=elastic ES_PASSWORD=changeme # Only needed for the built-in elasticsearch -ELASTIC_PASSWORD=${ES_PASSWORD} +ELASTIC_PASSWORD=changeme # Disable SSL for Elasticsearch -xpack.security.transport.ssl.enabled: false -xpack.security.http.ssl.enabled: false +xpack.security.transport.ssl.enabled=false +xpack.security.http.ssl.enabled=false #In order to use Kibana, you need to set the password for the kibana_system user. #docker exec -it es01 bin/elasticsearch-reset-password -u kibana_system -#KIBANA_PASSWORD= \ No newline at end of file +#KIBANA_PASSWORD= diff --git a/.envs-hosts b/envs/.envs-hosts similarity index 80% rename from .envs-hosts rename to envs/.envs-hosts index 04d8537..a94930c 100644 --- a/.envs-hosts +++ b/envs/.envs-hosts @@ -17,6 +17,8 @@ ES_PORT=9200 DATA_API_HOST=data-api # needed for geonetwork entrypoint DO NOT REMOVE -CONSOLE_URL=http://${CONSOLE_HOST}:8080 +CONSOLE_URL=http://console:8080 +ES_HOST=elasticsearch +ES_PORT=9200 # needed for kibana DO NOT REMOVE -ELASTICSEARCH_HOSTS=http://${ES_HOST}:${ES_PORT} +ELASTICSEARCH_HOSTS=http://elasticsearch:9200 diff --git a/.envs-ldap b/envs/.envs-ldap similarity index 100% rename from .envs-ldap rename to envs/.envs-ldap From f4372c45eef50cc19f237320f99b977409b037b8 Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:24:42 +0100 Subject: [PATCH 2/9] remove useless files --- Makefile | 9 ------ config | 2 +- docker-compose.gwc.yml | 22 -------------- docker-compose.override.yml | 58 ------------------------------------- docker-compose.sendmail.yml | 24 --------------- docker-compose.swarm.yml | 34 ++++++++++++++++++++++ docker-compose.yml | 8 ++--- run-datafeeder-gmail.sh | 22 -------------- run.sh | 3 -- 9 files changed, 39 insertions(+), 143 deletions(-) delete mode 100644 Makefile delete mode 100644 docker-compose.gwc.yml delete mode 100644 docker-compose.sendmail.yml create mode 100644 docker-compose.swarm.yml delete mode 100755 run-datafeeder-gmail.sh delete mode 100755 run.sh diff --git a/Makefile b/Makefile deleted file mode 100644 index d1f304f..0000000 --- a/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -run-silent: - docker compose up -d - -run: - docker compose up - -# run without the docker-compose.override.yml -run-core: - docker compose -f docker-compose.yml up diff --git a/config b/config index c266eb9..ed32546 160000 --- a/config +++ b/config @@ -1 +1 @@ -Subproject commit c266eb9041f9bb0a7aed1af1aa00fd4f22bdbd02 +Subproject commit ed32546ecc7f3a462e3ebd97994eda8b0b2fa65e diff --git a/docker-compose.gwc.yml b/docker-compose.gwc.yml deleted file mode 100644 index 349f143..0000000 --- a/docker-compose.gwc.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: "3.1" - -volumes: - geowebcache_tiles: - geowebcache_datadir: - -services: - - # standalone geowebcache: - geowebcache: - image: georchestra/geowebcache:latest - volumes: - - geowebcache_datadir:/mnt/geowebcache_datadir - - geowebcache_tiles:/mnt/geowebcache_tiles - - georchestra_datadir:/etc/georchestra - environment: - - XMS=1G - - XMX=2G - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -# ports: -# - 8080:8080 - restart: always diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 90cdeb2..e69de29 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -1,58 +0,0 @@ -# Complementary services, not part of geOrchestra core. -# They are made to ease your life as a developer. -# **NOT** production ready ! - -volumes: - smtp_maildir: - -services: - caddy: - image: caddy:2.8-alpine - ports: - - "80:80" - - "443:443" - - "127.0.0.1:2019:2019" - environment: - - CADDY_ADMIN=0.0.0.0:2019 - volumes: - - ./resources/ssl:/etc/certs:ro - - ./resources/caddy/etc:/etc/caddy:ro - - ./resources/caddy/data:/data/caddy - - ./resources/static:/usr/share/caddy/static:ro - restart: always - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:2019/reverse_proxy/upstreams >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - env_file: - - .envs-common - - smtp: - image: camptocamp/smtp-sink:latest - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - courier-imap: - image: camptocamp/courier-imap:latest - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - webmail: - image: camptocamp/sqwebmail:latest - environment: - - IMAP_HOSTNAME=courier-imap - - SMTP_HOSTNAME=smtp-sink - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - ssh: - image: georchestra/ssh_data:latest - ports: - - "2222:22" - volumes: - - geoserver_geodata:/mnt/geoserver_geodata - restart: always diff --git a/docker-compose.sendmail.yml b/docker-compose.sendmail.yml deleted file mode 100644 index 82ec0ae..0000000 --- a/docker-compose.sendmail.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3.1" - -# Complementary services, not part of geOrchestra core. -# This is an alternative proposition to the smtp sink, to manage the emails -# Before using it in production, review the source code https://github.com/pi-geosolutions/docker-sendmail/ -# and use at your own risks, under your responsibility ! -# -# To use it, you have to change the smtp config in config/default.properties to -# use `sendmail` host -# -# Note: the sendmail service takes some time to configure. In case you have a -# "Connection refused" error, look in the logs and wait for it to say -# "Restarting Mail Transport Agent (MTA): sendmail." before using it -# -# Note2: if sending mails fails silently, you might have filter issue. For -# instance, personal internet boxes might be filtering your traffic and dropping -# the packets (happened to me, I had to disable the filering option of my box) - -services: - sendmail: - image: pigeosolutions/sendmail:20210906-1657-6e05771 - environment: - HOSTNAME: georchestra-127-0-0-1.nip.io - restart: always diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml new file mode 100644 index 0000000..c29e55b --- /dev/null +++ b/docker-compose.swarm.yml @@ -0,0 +1,34 @@ +# specific swarm stuff +# +volumes: + portainer_data: + +services: + agent: + image: portainer/agent:lts + environment: + AGENT_CLUSTER_ADDR: tasks.agent + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: portainer/portainer-ce:lts + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + - "9000:9000" + - "8000:8000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + diff --git a/docker-compose.yml b/docker-compose.yml index 11c19ee..31d6186 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -197,7 +197,7 @@ services: depends_on: - elasticsearch healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] + test: [ "CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1" ] interval: 30s timeout: 10s retries: 10 @@ -232,7 +232,7 @@ services: datahub: image: geonetwork/geonetwork-ui-datahub:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:80/datahub/ >/dev/null || exit 1"] + test: [ "CMD-SHELL", "curl -s -f http://localhost:80/datahub/ >/dev/null || exit 1" ] interval: 30s timeout: 10s retries: 10 @@ -247,7 +247,7 @@ services: metadata-editor: image: geonetwork/geonetwork-ui-metadata-editor:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:80/metadata-editor/ >/dev/null || exit 1"] + test: [ "CMD-SHELL", "curl -s -f http://localhost:80/metadata-editor/ >/dev/null || exit 1" ] interval: 30s timeout: 10s retries: 10 @@ -262,7 +262,7 @@ services: mapstore: image: georchestra/mapstore:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/mapstore/configs/config.json >/dev/null || exit 1"] + test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/mapstore/configs/config.json >/dev/null || exit 1" ] interval: 30s timeout: 10s retries: 10 diff --git a/run-datafeeder-gmail.sh b/run-datafeeder-gmail.sh deleted file mode 100755 index 38e3ef6..0000000 --- a/run-datafeeder-gmail.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -account="noreply.georchestra.dev@gmail.com" - -if [ ! -f ".env" ]; then - echo "There's no .env file, create it and set the SMTP_PASSWORD variable to the $account account password" - exit 1 -fi - -source .env - -if [ -z "$SMTP_PASSWORD" ]; then - echo "Declare the SMTP_PASSWORD variable in .env with the $account account password" - exit 1 -fi - -files="-f docker-compose.yml -f docker-compose.override.yml -f docker-compose.datafeeder.gmail.yml" - -echo "SMTP_PASSWORD found in .env, running" -echo "docker compose $files up -d" - -docker compose $files up -d diff --git a/run.sh b/run.sh deleted file mode 100755 index 4a16708..0000000 --- a/run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker compose up -d From a6b8a6cff6a5030dc79f73a6c78b82153cf804a7 Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:56:40 +0100 Subject: [PATCH 3/9] update readme --- README.md | 56 +++++++++++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 4449b6b..1a5676e 100644 --- a/README.md +++ b/README.md @@ -117,9 +117,7 @@ rsync -arv -e 'ssh -p 2222' /path/to/geodata/ geoserver@georchestra-127-0-0-1.ni Files uploaded into this volume will also be available to the geoserver instance in `/mnt/geoserver_geodata/`. -Emails sent by the SDI (eg when users request a new password) will not be relayed on the internet but trapped by a local SMTP service. -These emails can be read on https://georchestra-127-0-0-1.nip.io/webmail/ (with login `smtp` and password `smtp`). - +Emails sent by the SDI (eg when users request a new password) will not be relayed on the internet but trapped by a local SMTP service. ## Locally trust the TLS certificate for geOrchestra @@ -165,17 +163,12 @@ These docker-compose files describe: * how they are linked together, * where the configuration and data volumes are -The `docker-compose.override.yml` file adds services to interact with your geOrchestra instance (they are not part of geOrchestra "core"): - * reverse proxy / load balancer - * ssh / rsync services, - * smtp, webmail. - **Feel free to comment out the apps you do not need**. The base docker composition does not include any standalone geowebcache instance, nor the atlas module. If you need them, you have to include the corresponding complementary docker-compose file at run-time: ``` -docker compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.gwc.yml -f docker-compose.atlas.yml up +docker compose -f docker-compose.yml up ``` ## Upgrading @@ -192,11 +185,11 @@ To upgrade, we recommend you to: This docker composition supports environment variables, if you need to customize something it might be in the different environment variables files. Here is the list of these files: -- [.envs-common](.envs-common) -- [.envs-database-datafeeder](.envs-database-datafeeder) -- [.envs-database-georchestra](.envs-database-georchestra) -- [.envs-hosts](.envs-hosts) -- [.envs-ldap](.envs-ldap) +- [.envs-common](envs/.envs-common) +- [.envs-database-datafeeder](envs/.envs-database-datafeeder) +- [.envs-database-georchestra](envs/.envs-database-georchestra) +- [.envs-hosts](envs/.envs-hosts) +- [.envs-ldap](envs/.envs-ldap) If you add variables, be careful because it might be added into the wrong/unwanted container. @@ -217,7 +210,7 @@ Most changes will require a service restart, except maybe updating viewer contex In order to have Kibana up and running, you will need to: 1. After Elasticsearch up and healthy, launch the command `docker compose exec -it elasticsearch bin/elasticsearch-reset-password -u kibana_system`. It will ask to fill a password for the `kibana_system` user. -2. Uncomment and fill this password into the `.envs-elastic` file. +2. Uncomment and fill this password into the `envs/.envs-elastic` file. 3. Enable kibana server with `scale: 1` in `docker-compose.yml`. 4. Start Kibana with `docker compose up -d kibana`. @@ -282,11 +275,11 @@ https://techoverflow.net/2019/04/17/how-to-disable-elasticsearch-disk-quota-wate Beside georchestra/docker directory, you need to clone [georchestra/georchestra repo](https://github.com/georchestra/georchestra) first. -Next, install maven to execute [main georchestra Makefile](https://github.com/georchestra/georchestra/blob/master/Makefile) on each modification (e.g console, security-proxy, whatever you change). +Next, install maven to execute [main georchestra Makefile](https://github.com/georchestra/georchestra/blob/master/Makefile) on each modification (e.g console, gateway, whatever you change). -For example, if you change some security-proxy code, use : +For example, if you change some gateway code, use : -`make docker-build-proxy` +`make docker-build-gateway` ... to execute easily this maven command : @@ -302,25 +295,30 @@ You can now test modifications locally with the current FQDN (by default `georch **3. Debug** -Open `docker/docker-compose.yml` and identify `proxy` section. +Open `docker/docker-compose.yml` and identify `gateway` section. -Change `proxy` section to insert some JAVA options and ports `5005` to get : +Change `gateway` section to insert some JAVA options and ports `5005` to get : ``` - proxy: - image: georchestra/security-proxy:latest + gateway: + image: georchestra/gateway:latest-debug depends_on: - - ldap - - database + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 - - XMS=256M - - XMX=1G + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - XMS=256M + - XMX=1G + env_file: + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra restart: always ports: - - "5005:5005" + - "5005:5005" + - "8080:8080" ``` Apply Docker changes : From 98cb06986b877d20dbea1ff757eaa1c6dc0ec7f6 Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Wed, 27 May 2026 11:37:01 +0200 Subject: [PATCH 4/9] rebase master... --- docker-compose.yml | 169 +++++++++++++++++++++++++-------------------- 1 file changed, 94 insertions(+), 75 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 31d6186..fc99b05 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -2,6 +2,7 @@ volumes: postgresql_data: ldap_data: ldap_config: + ldap_run: geoserver_geodata: geoserver_datadir: geoserver_tiles: @@ -20,6 +21,28 @@ secrets: file: ./secrets/slapd_password.txt services: + caddy: + image: caddy:2.8-alpine + ports: + - "80:80" + - "443:443" + - "127.0.0.1:2019:2019" + environment: + - CADDY_ADMIN=0.0.0.0:2019 + volumes: + - ./resources/ssl:/etc/certs:ro + - ./resources/caddy/etc:/etc/caddy:ro + - ./resources/caddy/data:/data/caddy + - ./resources/static:/usr/share/caddy/static:ro + restart: always + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:2019/reverse_proxy/upstreams >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-common + database: image: georchestra/database:latest env_file: @@ -36,6 +59,8 @@ services: restart_policy: condition: on-failure window: 15m + ports: + - 5432:5432 volumes: - postgresql_data:/var/lib/postgresql restart: always @@ -72,7 +97,7 @@ services: restart: always gateway: - image: georchestra/gateway:latest + image: georchestra/gateway:latest-debug depends_on: - database volumes: @@ -95,24 +120,17 @@ services: timeout: 10s retries: 10 depends_on: - ldap: - condition: service_healthy - database: - condition: service_healthy - rabbitmq: - condition: service_healthy + - ldap + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=1G + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx512m env_file: - - .envs-common - - .envs-ldap - - .envs-rabbitmq - - .envs-database-georchestra - - .envs-hosts + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-database-georchestra + - ./envs/.envs-hosts restart: always geoserver: @@ -170,69 +188,70 @@ services: - ./envs/.envs-elastic restart: always - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 - deploy: - resources: - limits: - cpus: "0" - memory: "1g" - volumes: - - esdata:/usr/share/elasticsearch/data - healthcheck: - test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - env_file: - - ./envs/.envs-elastic - environment: - discovery.type: single-node - ES_JAVA_OPTS: -Xms512m -Xmx512m - restart: always + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + deploy: + resources: + limits: + cpus: "0" + memory: "1g" + volumes: + - esdata:/usr/share/elasticsearch/data + healthcheck: + test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-elastic + environment: + discovery.type: single-node + ES_JAVA_OPTS: -Xms512m -Xmx512m + restart: always - kibana: - scale: 0 - image: docker.elastic.co/kibana/kibana:8.14.3 - depends_on: - - elasticsearch - healthcheck: - test: [ "CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1" ] - interval: 30s - timeout: 10s - retries: 10 - env_file: - - ./envs/.envs-hosts - - ./envs/.envs-elastic - volumes: - - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml - restart: always + kibana: + deploy: + replicas: 0 + image: docker.elastic.co/kibana/kibana:8.14.3 + depends_on: + - elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-hosts + - ./envs/.envs-elastic + volumes: + - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml + restart: always - ogc-api-records: - image: geonetwork/gn-cloud-ogc-api-records-service:4.4.7-0 - depends_on: - - geonetwork - - database - - elasticsearch - environment: - LANG: en_US.UTF-8 - SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records - SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml - SPRING_PROFILES_ACTIVE: standalone - JAVA_OPTS: -Dfile.encoding=UTF-8 - env_file: - - ./envs/.envs-common - - ./envs/.envs-hosts - - ./envs/.envs-database-georchestra - - ./envs/.envs-elastic - volumes: - - ./config:/etc/georchestra - restart: always + ogc-api-records: + image: geonetwork/gn-cloud-ogc-api-records-service:4.4.7-0 + depends_on: + - geonetwork + - database + - elasticsearch + environment: + LANG: en_US.UTF-8 + SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records + SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml + SPRING_PROFILES_ACTIVE: standalone + JAVA_OPTS: -Dfile.encoding=UTF-8 + env_file: + - ./envs/.envs-common + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-elastic + volumes: + - ./config:/etc/georchestra + restart: always datahub: image: geonetwork/geonetwork-ui-datahub:latest healthcheck: - test: [ "CMD-SHELL", "curl -s -f http://localhost:80/datahub/ >/dev/null || exit 1" ] + test: ["CMD-SHELL", "curl -s -f http://localhost:80/datahub/ >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 @@ -247,7 +266,7 @@ services: metadata-editor: image: geonetwork/geonetwork-ui-metadata-editor:latest healthcheck: - test: [ "CMD-SHELL", "curl -s -f http://localhost:80/metadata-editor/ >/dev/null || exit 1" ] + test: ["CMD-SHELL", "curl -s -f http://localhost:80/metadata-editor/ >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 @@ -262,7 +281,7 @@ services: mapstore: image: georchestra/mapstore:latest healthcheck: - test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/mapstore/configs/config.json >/dev/null || exit 1" ] + test: ["CMD-SHELL", "curl -s -f http://localhost:8080/mapstore/configs/config.json >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 From 0ea15e6cd0a230801bfd29ad470f1b2df73b6f2a Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Wed, 27 May 2026 11:45:01 +0200 Subject: [PATCH 5/9] finalize rebase --- README.md | 2 ++ docker-compose.override.yml | 0 envs/.envs-smtprelay | 6 ++++++ 3 files changed, 8 insertions(+) delete mode 100644 docker-compose.override.yml create mode 100644 envs/.envs-smtprelay diff --git a/README.md b/README.md index 1a5676e..c65227c 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ # geOrchestra on Docker +## Preconisation + This repository is meant to offer a convenient way to start geOrchestra for **development** or **demo** purposes. Production use is not recommended without hardening measures. If you want to use this for production you might need to: diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index e69de29..0000000 diff --git a/envs/.envs-smtprelay b/envs/.envs-smtprelay new file mode 100644 index 0000000..802d970 --- /dev/null +++ b/envs/.envs-smtprelay @@ -0,0 +1,6 @@ +MAILNAME="georchestra.org" +POSTMASTER="postmaster.georchestra@georchestra.org" +RELAY_HOST="" +RELAY_PASSWORD="" +RELAY_PORT="25" +RELAY_USERNAME="" From 38500d7ab272069e292b95436a0e3ee805821dd0 Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Thu, 28 May 2026 09:47:26 +0200 Subject: [PATCH 6/9] adding missing var for geoserver --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index fc99b05..4eb66f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -155,7 +155,7 @@ services: - geoserver_tiles:/mnt/geoserver_tiles - geoserver_native_libs:/mnt/geoserver_native_libs environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g -DGEOSERVER_CSRF_WHITELIST=georchestra-127-0-0-1.nip.io env_file: - ./envs/.envs-database-georchestra - ./envs/.envs-database-datafeeder From 47e97816b79658d001a9fab05dc0fc692479eecb Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Thu, 28 May 2026 09:47:40 +0200 Subject: [PATCH 7/9] take into account review --- README.md | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index c65227c..b45927a 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ git checkout 25.0 && git submodule update The default docker-compose file contains all geOrchestra modules. -It's recommended to double-check the `docker-compose.yml` file if you need to comment useless modules (e.g ogc-api-records, mapstore,... ). +It's recommended to double-check the `docker-compose.yml` file if you need to comment modules you don't need (e.g ogc-api-records, mapstore,... ). You need to use the new Compose plugin V2, `docker-compose` (V1) is not supported by default: [https://docs.docker.com/compose/install/linux/](https://docs.docker.com/compose/install/linux/). If you still want to use the old `docker-compose` (V1), you need to remove all the parameters `depends_on` from the files `docker-compose.yml` and `docker-compose.override.yml`. @@ -67,6 +67,8 @@ docker compose down [docker-compose.swarm.yml](docker-compose.swarm.yml) contains spécific services needed for deploying it in swarm +On the first deploy using swarm, some services may fail (and restart), it is normal because there is no possible dependancies, in the case you should wait longer and check when mandatory service are up (eg. ldap, database), everything should get running and up. + In order to run you will need to run those few commands: To initialize your cluster @@ -97,6 +99,11 @@ To stop/delete the deployment: ``` docker stack rm georchestra ``` +If you need to clean all volumes from you test you ca use it command: +``` +STACK_NAME=georchestra +for vol in `docker volume ls --filter "Name=${STACK_NAME}_.*" --format json | jq -r '.Name'`; do docker volume rm $vol ; done +``` @@ -111,15 +118,11 @@ To login, use these credentials: * `testuser` / `testuser` * `testadmin` / `testadmin` -To upload data into the GeoServer data volume (`geoserver_geodata`), use `rsync`: -``` -rsync -arv -e 'ssh -p 2222' /path/to/geodata/ geoserver@georchestra-127-0-0-1.nip.io:/mnt/geoserver_geodata/ -``` -(password is: `geoserver`) +To upload data into the GeoServer data volume (`geoserver_geodata`), use `docker volume inspect docker_geoserver_geodata ` to get the path where it is stored and use cp to copy where you want Files uploaded into this volume will also be available to the geoserver instance in `/mnt/geoserver_geodata/`. -Emails sent by the SDI (eg when users request a new password) will not be relayed on the internet but trapped by a local SMTP service. +Emails sent by the SDI (eg when users request a new password) will relayed by the service "smtp" on the internet, you can configure it in the file [.envs-smtprelay](envs/.envs-smtprelay). ## Locally trust the TLS certificate for geOrchestra @@ -210,11 +213,21 @@ Most changes will require a service restart, except maybe updating viewer contex ### Kibana + +The optional `kibana` service is used for dashboarding purposes and is integrated to the GeoNetwork admin UI. See in the `Statistics & status / Content statistics` admin menu to access it. + +A specific configuration is provided in the `kibana/` subdirectory. + +Please note that it will require to load by hand the following file from the kibana admin ui: + +https://raw.githubusercontent.com/georchestra/geonetwork/georchestra-gn4-4.0.6/es/es-dashboards/data/export.ndjson# + + In order to have Kibana up and running, you will need to: 1. After Elasticsearch up and healthy, launch the command `docker compose exec -it elasticsearch bin/elasticsearch-reset-password -u kibana_system`. It will ask to fill a password for the `kibana_system` user. 2. Uncomment and fill this password into the `envs/.envs-elastic` file. 3. Enable kibana server with `scale: 1` in `docker-compose.yml`. -4. Start Kibana with `docker compose up -d kibana`. +4. Start Kibana with `docker compose up -d kibana` or ``. ## Building @@ -249,17 +262,6 @@ to geofenceEntityManagerFactory.jpaPropertyMap[hibernate.hbm2ddl.auto]=update ``` -## Kibana - -The optional `kibana` service is used for dashboarding purposes and is integrated to the GeoNetwork admin UI. See in the `Statistics & status / Content statistics` admin menu to access it. - -A specific configuration is provided in the `kibana/` subdirectory. - -Please note that it will require to load by hand the following file from the kibana admin ui: - -https://raw.githubusercontent.com/georchestra/geonetwork/georchestra-gn4-4.0.6/es/es-dashboards/data/export.ndjson# - - ## Elasticsearch From dfe5c16fde184a1b77af1e838dde09235f462c47 Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Thu, 28 May 2026 15:05:39 +0200 Subject: [PATCH 8/9] update way geoserver env var --- docker-compose.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 4eb66f6..b3df262 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -155,7 +155,8 @@ services: - geoserver_tiles:/mnt/geoserver_tiles - geoserver_native_libs:/mnt/geoserver_native_libs environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g -DGEOSERVER_CSRF_WHITELIST=georchestra-127-0-0-1.nip.io + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g + - GEOSERVER_CSRF_WHITELIST=georchestra-127-0-0-1.nip.io env_file: - ./envs/.envs-database-georchestra - ./envs/.envs-database-datafeeder From 9bfb33f2b7e2c9bc1f41110ae25dc98d45be69c4 Mon Sep 17 00:00:00 2001 From: jeanmi151 Date: Thu, 28 May 2026 15:55:49 +0200 Subject: [PATCH 9/9] change geoserver env var --- docker-compose.yml | 2 +- envs/.envs-common | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index b3df262..7f85c60 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -156,8 +156,8 @@ services: - geoserver_native_libs:/mnt/geoserver_native_libs environment: - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g - - GEOSERVER_CSRF_WHITELIST=georchestra-127-0-0-1.nip.io env_file: + - ./envs/.envs-common - ./envs/.envs-database-georchestra - ./envs/.envs-database-datafeeder restart: always diff --git a/envs/.envs-common b/envs/.envs-common index 8351395..2ea75de 100644 --- a/envs/.envs-common +++ b/envs/.envs-common @@ -1,4 +1,6 @@ # envs-common FQDN=georchestra-127-0-0-1.nip.io SMTPHOST=smtp -SMTPPORT=25 \ No newline at end of file +SMTPPORT=25 + +GEOSERVER_CSRF_WHITELIST=georchestra-127-0-0-1.nip.io