[skiprelease] Improve startup logs and add configurable options for stdout logging

.env

@@ -141,7 +141,10 @@ SAMPLE_DATA=true
 GOOGLE_FONTS_NAMES=
 FORCE_DOWNLOAD_STABLE_EXTENSIONS=false
 FORCE_DOWNLOAD_COMMUNITY_EXTENSIONS=false
-
+# Controls stdout logging values, It can be set to INFO,SEVER,WARNING,CONFIG,FINE,FINER,FINEST,ALL
+CONSOLE_HANDLER_LEVEL=WARNING
+# Controls if you need to log to stdout or file, true for stdout and false to activate file
+LOGGING_STDOUT=true
 # ####################################################################
 # Database Env variables
 # Based of [https://github.com/kartoza/docker-postgis](kartoza/postgis)

Dockerfile

@@ -39,7 +39,7 @@ ADD \
     build_data/plugin_download.sh \
     /work/
 
-RUN echo $GS_VERSION > /tmp/pass.txt && chmod 0755 /work/extensions.sh && /work/extensions.sh
+RUN echo ${GS_VERSION} > /tmp/pass.txt && chmod 0755 /work/extensions.sh && /work/extensions.sh
 
 RUN /work/plugin_download.sh
 
@@ -59,7 +59,7 @@ RUN set -eux; \
     apt-get update; \
     apt-get -y --no-install-recommends install \
         locales gnupg2 ca-certificates software-properties-common  iputils-ping \
-        apt-transport-https  gettext fonts-cantarell fonts-liberation lmodern ttf-aenigma \
+        apt-transport-https  fonts-cantarell fonts-liberation lmodern ttf-aenigma \
         ttf-bitstream-vera ttf-sjfonts tv-fonts libapr1-dev libssl-dev git \
         zip unzip curl xsltproc certbot  cabextract gettext postgresql-client figlet gosu gdal-bin; \
       dpkg-divert --local --rename --add /sbin/initctl \
@@ -102,12 +102,12 @@ COPY --from=geoserver-plugin-downloader /work/stable_plugins/*.zip ${STABLE_PLUG
 COPY --from=geoserver-plugin-downloader /work/community_plugins/*.zip ${COMMUNITY_PLUGINS_DIR}/
 COPY --from=geoserver-plugin-downloader /work/geoserver_war/geoserver.* ${REQUIRED_PLUGINS_DIR}/
 
-RUN echo $GS_VERSION > /scripts/geoserver_version.txt && echo $STABLE_PLUGIN_BASE_URL > /scripts/geoserver_gs_url.txt ;\
+RUN echo ${GS_VERSION} > /scripts/geoserver_version.txt && echo ${STABLE_PLUGIN_BASE_URL} > /scripts/geoserver_gs_url.txt ;\
     chmod +x /scripts/*.sh;/scripts/setup.sh \
     && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 
 
-EXPOSE  $HTTPS_PORT
+EXPOSE  ${HTTPS_PORT}
 
 
 RUN echo 'figlet -t "Kartoza Docker GeoServer"' >> ~/.bashrc

README.md

@@ -195,7 +195,12 @@ will be enabled : [list of default plugins](https://github.com/kartoza/docker-ge
 ####  Activate stable extensions during the contain startup
 
 The environment variable `STABLE_EXTENSIONS` is used to activate extensions listed in
-[stable_plugins.txt](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.2/extensions/)
+[stable_plugins](https://sourceforge.net/projects/geoserver/files/GeoServer/2.25.2/extensions/)
+
+**Note:** The plugins listed in the url is of the format `geoserver-2.25.2-wps-plugin.zip`, but the env
+variable expects the env to be of the format `wps-plugin`. Always consult the url to see which plugins 
+are available. The text file [stable_plugins.txt](https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt)
+contains a curated list of plugins but might be out of date in some cases.
 
 Example
 
@@ -211,6 +216,11 @@ You can pass any comma-separated extensions as defined in [stable_plugins](https
 The environment variable `COMMUNITY_EXTENSIONS` can be used to activate extensions listed in
 [community_plugins](https://build.geoserver.org/geoserver/2.25.x/community-latest/)
 
+**Note:** The plugins listed in the url is of the format `geoserver-2.25-SNAPSHOT-cog-http-plugin.zip `, but the env
+variable expects the env to be of the format `cog-http-plugin`. Always consult the url to see which plugins 
+are available. The text file [community_plugins.txt](https://github.com/kartoza/docker-geoserver/blob/master/build_data/stable_plugins.txt)
+contains a curated list of community plugins but might be out of date in some cases.
+
 Example
 
 ```
@@ -419,6 +429,7 @@ Always consult the `.env` file to check possible values.
 * XFRAME_OPTIONS=`"true"` - Based on [Xframe-options](https://docs.geoserver.org/latest/en/user/production/config.html#x-frame-options-policy)
 * INITIAL_MEMORY=`size`: Initial Memory that Java can allocate, default `2G`
 * MAXIMUM_MEMORY=`size`: Maximum Memory that Java can allocate, default `4G`
+* 
 
 
 ### Control flow properties
@@ -526,6 +537,7 @@ The configs that can be mounted are
 * broker.xml
 * users.xml - for Geoserver users.
 * roles.xml - To define roles users should have in GeoServer
+* logging.properties - Controls logging to sdtout parameters
 
 
 Example

build_data/community_plugins.txt

@@ -0,0 +1,72 @@
+activeMQ-broker-plugin
+backup-restore-plugin
+cog-azure-plugin
+cog-google-plugin
+cog-http-plugin
+cog-s3-plugin
+colormap-plugin
+cov-json-plugin
+datadir-catalog-loader-plugin
+dds-plugin
+dyndimension-plugin
+elasticsearch-plugin
+features-autopopulate-plugin
+features-templating-plugin
+flatgeobuf-plugin
+gdal-wcs-plugin
+gdal-wps-plugin
+geopkg-plugin
+gpx-plugin
+graticule-plugin
+gsr-plugin
+gwc-azure-blobstore-plugin
+gwc-distributed-plugin
+gwc-mbtiles-plugin
+gwc-sqlite-plugin
+hz-cluster-plugin
+imagemap-plugin
+importer-jdbc-plugin
+jdbcconfig-plugin
+jdbc-metrics-plugin
+jdbcstore-plugin
+jms-cluster-plugin
+jwt-headers-plugin
+libdeflate-plugin
+mbtiles-plugin
+mbtiles-store-plugin
+mongodb-schemaless-plugin
+monitor-kafka-plugin
+ncwms-plugin
+netcdf-ghrsst-plugin
+notification-plugin
+ogcapi-coverages-plugin
+ogcapi-dggs-plugin
+ogcapi-features-plugin
+ogcapi-images-plugin
+ogcapi-maps-plugin
+ogcapi-styles-plugin
+ogcapi-tiled-features-plugin
+ogcapi-tiles-plugin
+ogr-datastore-plugin
+opensearch-eo-plugin
+pgraster-plugin
+proxy-base-ext-plugin
+s3-geotiff-plugin
+sec-keycloak-plugin
+sec-oauth2-geonode-plugin
+sec-oauth2-github-plugin
+sec-oauth2-google-plugin
+sec-oauth2-openid-connect-plugin
+smart-data-loader-plugin
+solr-plugin
+spatialjson-plugin
+stac-datastore-plugin
+taskmanager-core-plugin
+taskmanager-s3-plugin
+vector-mosaic-plugin
+vsi-plugin
+webp-plugin
+wfs-freemarker-plugin
+wps-longitudinal-profile-plugin
+wps-remote-plugin
+xslt-plugin

build_data/logging.properties

@@ -22,7 +22,7 @@
 handlers = java.util.logging.ConsoleHandler
 .handlers = java.util.logging.ConsoleHandler
 
-java.util.logging.ConsoleHandler.level = FINE
+java.util.logging.ConsoleHandler.level = ${CONSOLE_HANDLER_LEVEL}
 java.util.logging.ConsoleHandler.formatter = java.util.logging.OneLineFormatter
 
 org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO

build_data/stable_plugins.txt

@@ -0,0 +1,42 @@
+app-schema-plugin
+authkey-plugin
+cas-plugin
+charts-plugin
+css-plugin
+db2-plugin
+dxf-plugin
+excel-plugin
+feature-pregeneralized-plugin
+geofence-plugin
+geofence-server-plugin
+geofence-wps-plugin
+geopkg-output-plugin
+grib-plugin
+gwc-s3-plugin
+h2-plugin
+iau-plugin
+importer-plugin
+jp2k-plugin
+mapml-plugin
+mbstyle-plugin
+metadata-plugin
+mongodb-plugin
+mysql-plugin
+netcdf-out-plugin
+netcdf-plugin
+ogr-wfs-plugin
+ogr-wps-plugin
+oracle-plugin
+params-extractor-plugin
+printing-plugin
+querylayer-plugin
+rat-plugin
+sldservice-plugin
+sqlserver-plugin
+wcs2_0-eo-plugin
+web-resource-plugin
+wmts-multi-dimensional-plugin
+wps-cluster-hazelcast-plugin
+wps-download-plugin
+wps-jdbc-plugin
+ysld-plugin

docker-compose.yml

@@ -41,6 +41,7 @@ services:
         - COMMUNITY_EXTENSIONS=${COMMUNITY_EXTENSIONS}
         - GEOSERVER_CONTEXT_ROOT=${GEOSERVER_CONTEXT_ROOT}
         - ROOT_WEBAPP_REDIRECT=true
+        - CONSOLE_HANDLER_LEVEL=${CONSOLE_HANDLER_LEVEL}
       depends_on:
         db:
           condition: service_healthy

scripts/entrypoint.sh

@@ -59,7 +59,7 @@ log MONITOR_AUDIT_PATH="${MONITOR_AUDIT_PATH}"
 
 export GEOSERVER_OPTS="-Djava.awt.headless=true -server -Xms${INITIAL_MEMORY} -Xmx${MAXIMUM_MEMORY} \
        -XX:PerfDataSamplingInterval=500 -Dorg.geotools.referencing.forceXY=true \
-       -XX:SoftRefLRUPolicyMSPerMB=36000  -XX:NewRatio=2 \
+       -XX:SoftRefLRUPolicyMSPerMB=36000   \
        -XX:+UseG1GC -XX:MaxGCPauseMillis=200 -XX:ParallelGCThreads=20 -XX:ConcGCThreads=5 \
        -XX:InitiatingHeapOccupancyPercent=${INITIAL_HEAP_OCCUPANCY_PERCENT}  \
        -Djts.overlay=ng \

scripts/env-data.sh

@@ -431,4 +431,15 @@ fi
 
 if [ -z "${GEOSERVER_DISABLE_STATIC_WEB_FILES}" ];then
   GEOSERVER_DISABLE_STATIC_WEB_FILES=true
+fi
+
+
+# Values can be INFO,SEVER,WARNING,CONFIG,FINE,FINER,FINEST,ALL
+if [ -z "${CONSOLE_HANDLER_LEVEL}" ];then
+  CONSOLE_HANDLER_LEVEL=INFO
+fi
+
+# Allows loging to files, default is to stdout
+if [ -z "${LOGGING_STDOUT}" ];then
+  LOGGING_STDOUT=true
 fi

scripts/functions.sh

@@ -264,7 +264,7 @@ function install_plugin() {
 
   if [[ -f "${DATA_PATH}/${EXT}.zip" ]]; then
      unzip -qq "${DATA_PATH}/${EXT}.zip" -d /tmp/gs_plugin
-     echo -e "\e[32m Enabling ${EXT} for GeoServer \033[0m"
+     echo -e "\e[32m [Entrypoint] Enabling extension :\033[0m \e[1;31m ${EXT} \033[0m"
      GEOSERVER_INSTALL_DIR="$(detect_install_dir)"
      cp -r -u -p /tmp/gs_plugin/*.jar "${GEOSERVER_INSTALL_DIR}/webapps/${GEOSERVER_CONTEXT_ROOT}/WEB-INF/lib/"
      rm -rf /tmp/gs_plugin
@@ -325,7 +325,7 @@ function setup_control_flow() {
 
 }
 
-function setup_logging() {
+function log4j_logging() {
   if [[ ! -f "${CATALINA_HOME}"/log4j.properties ]]; then
     # If it doesn't exists, copy from ${EXTRA_CONFIG_DIR} directory if exists
     if [[ -f "${EXTRA_CONFIG_DIR}"/log4j.properties ]]; then
@@ -364,6 +364,18 @@ function geoserver_logging() {
   fi
 }
 
+
+function tomcat_logging() {
+  # If it doesn't exists, copy from /settings directory if exists
+  if [[ -f "${EXTRA_CONFIG_DIR}"/logging.properties ]]; then
+    envsubst < "${EXTRA_CONFIG_DIR}"/logging.properties > "${CATALINA_HOME}"/conf/logging.properties
+  else
+    # default value
+    envsubst < /build_data/logging.properties > "${CATALINA_HOME}"/conf/logging.properties
+  fi
+
+}
+
 # Function to read env variables from secrets
 function file_env() {
 	local var="$1"
@@ -461,25 +473,25 @@ function gwc_file_perms() {
   GWC_USER_PERM=$(stat -c '%U' "${GEOWEBCACHE_CACHE_DIR}")
   GWC_GRP_PERM=$(stat -c '%G' "${GEOWEBCACHE_CACHE_DIR}")
   case "${GEOWEBCACHE_CACHE_DIR}" in ${GEOSERVER_DATA_DIR}/*)
-    echo "${GEOWEBCACHE_CACHE_DIR} is nested in ${GEOSERVER_DATA_DIR}"
+    echo -e " \e[32m [Entrypoint] \033[0m \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m \e[32m is nested in \033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
     if [[ ${CHOWN_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then
       if [[ ${GEO_USER_PERM} != "${USER_NAME}" ]] &&  [[ ${GEO_GRP_PERM} != "${GEO_GROUP_NAME}"  ]];then
-        echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
+        echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
         chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOSERVER_DATA_DIR}"
       fi
     fi
     ;;
   *)
-    echo "${GEOWEBCACHE_CACHE_DIR} is not nested in ${GEOSERVER_DATA_DIR}"
+    echo -e "\e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m is not nested in \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
     if [[ ${CHOWN_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then
       if [[ ${GEO_USER_PERM} != "${USER_NAME}" ]] &&  [[ ${GEO_GRP_PERM} != "${GEO_GROUP_NAME}"  ]];then
-        echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
+        echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOSERVER_DATA_DIR} \033[0m"
         chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOSERVER_DATA_DIR}"
       fi
     fi
     if [[ ${CHOWN_GWC_DATA_DIR} =~ [Tt][Rr][Uu][Ee] ]];then
       if [[ ${GWC_USER_PERM} != "${USER_NAME}" ]] &&  [[ ${GWC_GRP_PERM} != "${GEO_GROUP_NAME}"  ]];then
-        echo -e "[Entrypoint] Changing folder permission for: \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m"
+        echo -e "\e[32m [Entrypoint] Changing folder permission for:\033[0m \e[1;31m ${GEOWEBCACHE_CACHE_DIR} \033[0m"
         chown -R "${USER_NAME}":"${GEO_GROUP_NAME}" "${GEOWEBCACHE_CACHE_DIR}"
       fi
     fi

scripts/setup.sh

@@ -26,7 +26,6 @@ package_geoserver
 cp /build_data/stable_plugins.txt "${STABLE_PLUGINS_DIR}"
 cp /build_data/community_plugins.txt "${COMMUNITY_PLUGINS_DIR}"
 cp /build_data/letsencrypt-tomcat.xsl "${CATALINA_HOME}"/conf/ssl-tomcat.xsl
-cp /build_data/logging.properties "${CATALINA_HOME}/conf/logging.properties"
 
 pushd "${STABLE_PLUGINS_DIR}" || exit
 
@@ -132,6 +131,4 @@ pushd /scripts || exit
 rm -rf /tmp/resources
 
 # Delete resources which will be setup on first run
-
-delete_file "${CATALINA_HOME}"/conf/tomcat-users.xml
 delete_file "${CATALINA_HOME}"/conf/web.xml

scripts/start.sh

@@ -56,6 +56,10 @@ if [[ ! -z  ${GOOGLE_FONTS_NAMES}  ]];then
   rm -rf fonts
 fi
 
+if [[ ${LOGGING_STDOUT} =~ [Tt][Rr][Uu][Ee] ]];then
+  export CONSOLE_HANDLER_LEVEL
+  tomcat_logging
+fi
 
 # Add custom espg properties file or the default one
 create_dir "${GEOSERVER_DATA_DIR}"/user_projections
@@ -164,14 +168,14 @@ export S3_SERVER_URL S3_USERNAME S3_PASSWORD S3_ALIAS
 # Pass an additional startup argument i.e -Ds3.properties.location=${GEOSERVER_DATA_DIR}/s3.properties
 if [[ -z "${S3_SERVER_URL}" || -z "${S3_USERNAME}" || -z "${S3_PASSWORD}" || -z "${S3_ALIAS}" ]]; then
   echo -e "\e[32m -------------------------------------------------------------------------------- \033[0m"
-  echo -e "[Entrypoint] One or more variables needed for S3 community extensions are empty, skipping configuration of: \e[1;31m s3.properties \033[0m"
+  echo -e "\e[32m [Entrypoint] One or more variables needed for S3 community extensions are empty, skipping configuration of:\033[0m \e[1;31m s3.properties \033[0m"
 
 else
   if [[ "${ADDITIONAL_JAVA_STARTUP_OPTIONS}" == *"-Ds3.properties.location"* ]]; then
     s3_config
 else
     echo -e "\e[32m -------------------------------------------------------------------------------- \033[0m"
-    echo -e "[Entrypoint] -Ds3.properties.location is not setup in: \e[1;31m ${ADDITIONAL_JAVA_STARTUP_OPTIONS} \033[0m"
+    echo -e "\e[32m [Entrypoint] -Ds3.properties.location is not setup in:\033[0m \e[1;31m ${ADDITIONAL_JAVA_STARTUP_OPTIONS} \033[0m"
 fi
 
 
@@ -342,6 +346,7 @@ if [[ "${TOMCAT_EXTRAS}" =~ [Tt][Rr][Uu][Ee] ]]; then
         fi
         echo "${TOMCAT_PASSWORD}" >"${GEOSERVER_DATA_DIR}"/tomcat_pass.txt
         # Setup tomcat apps manager
+        delete_file "${CATALINA_HOME}"/conf/tomcat-users.xml
         tomcat_user_config
         # Unset random generated password
         unset TOMCAT_PASSWORD
@@ -587,6 +592,10 @@ else
 fi
 
 
+
+# Security hardening of tomcat
+sed -i 's/8005/-1/g' "${CATALINA_HOME}"/conf/server.xml
+
 # Cleanup temp file
 delete_file "${CATALINA_HOME}"/conf/ssl-tomcat_no_https.xsl
 
@@ -604,5 +613,5 @@ fi
 # Run some extra bash script to fix issues i.e missing dependencies in lib caused by community extensions
 entry_point_script
 
-setup_logging
+log4j_logging