From 88c5ede7196d86cc9d284931539a205c1166b3af Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:16:23 +0100 Subject: [PATCH 1/4] rework docker compose --- .envs-database-georchestra | 23 - .gitignore | 4 +- README.md | 57 ++- docker-compose.atlas.yml | 13 - docker-compose.data-api.yml | 25 -- docker-compose.datafeeder.gmail.yml | 20 - docker-compose.yml | 423 +++++++----------- .envs-common => envs/.envs-common | 0 .../.envs-database-datafeeder | 6 +- envs/.envs-database-georchestra | 24 + .envs-elastic => envs/.envs-elastic | 8 +- .envs-hosts => envs/.envs-hosts | 10 +- .envs-ldap => envs/.envs-ldap | 0 .envs-rabbitmq => envs/.envs-rabbitmq | 0 14 files changed, 265 insertions(+), 348 deletions(-) delete mode 100644 .envs-database-georchestra delete mode 100644 docker-compose.atlas.yml delete mode 100644 docker-compose.data-api.yml delete mode 100644 docker-compose.datafeeder.gmail.yml rename .envs-common => envs/.envs-common (100%) rename .envs-database-datafeeder => envs/.envs-database-datafeeder (59%) create mode 100644 envs/.envs-database-georchestra rename .envs-elastic => envs/.envs-elastic (64%) rename .envs-hosts => envs/.envs-hosts (84%) rename .envs-ldap => envs/.envs-ldap (100%) rename .envs-rabbitmq => envs/.envs-rabbitmq (100%) diff --git a/.envs-database-georchestra b/.envs-database-georchestra deleted file mode 100644 index d63a06f..0000000 --- a/.envs-database-georchestra +++ /dev/null @@ -1,23 +0,0 @@ -# envs-database-georchestra -PGHOST=database -PGPORT=5432 -PGDATABASE=georchestra -PGUSER=georchestra -PGPASSWORD=georchestra - -POSTGRES_USER=${PGUSER} -POSTGRES_PASSWORD=${PGPASSWORD} - -# extra env var for jdbc -GEODATA_PGDATABASE=${PGDATABASE} -GEODATA_PGHOST=${PGHOST} -GEODATA_PGPORT=${PGPORT} -GEODATA_PGUSER=${PGUSER} -GEODATA_PGPASSWORD=${PGPASSWORD} - -# extra env for gs jdbc/gwc -GWC_PGDATABASE=${PGDATABASE} -GWC_PGHOST=${PGHOST} -GWC_PGPORT=${PGPORT} -GWC_PGUSERNAME=${PGUSER} -GWC_PGPASSWORD=${PGPASSWORD} diff --git a/.gitignore b/.gitignore index f7fd38c..cc5a777 100644 --- a/.gitignore +++ b/.gitignore @@ -8,9 +8,11 @@ # ignore the .env file so we can specify environment variables that are # not pushed to github .env -.envs-* +envs/.envs-* +secrets/slapd_password.txt # ignore the certs files and Caddy data directory resources/ssl/* resources/caddy/data/* # ignore possible caddy binary downloaded /caddy +volumes/ diff --git a/README.md b/README.md index 8d8e24c..70aea3d 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,19 @@ # geOrchestra on Docker +## Preconisation + +This is a sample of a docker composition, it does not fit for production +especially for the database + +If you want to use this for production you might need to: +1. modify the way to use certificates +2. remove databases (database and postgis deployment and related volumes) from docker-compose +3. update [.envs](envs/) files +4. remove unwanted open ports +5. modify volumes management (don't let docker service do it..), you might want to store them in specific path +6. refit resources allocation with your use (Xmx Xms) + + ## Quick Start **1. Prerequisite** @@ -23,14 +37,16 @@ git clone --recurse-submodules https://github.com/georchestra/docker.git Choose which branch to run, eg for latest stable: ``` -git checkout 24.0 && git submodule update +git checkout 25.0 && git submodule update ``` **3. Run** +**3.1 Docker compose** + The default docker-compose file contains all geOrchestra modules. -It's recommended to double-check the `docker-compose.yml` and `docker-compose.override.yml` files if you need to comment useless modules (e.g extractor, mapstore,... ). +It's recommended to double-check the `docker-compose.yml` file if you need to comment useless modules (e.g ogc-api-records, mapstore,... ). You need to use the new Compose plugin V2, `docker-compose` (V1) is not supported by default: [https://docs.docker.com/compose/install/linux/](https://docs.docker.com/compose/install/linux/). If you still want to use the old `docker-compose` (V1), you need to remove all the parameters `depends_on` from the files `docker-compose.yml` and `docker-compose.override.yml`. @@ -48,6 +64,43 @@ To stop geOrchestra: docker compose down ``` +**3.2 Docker swarm** + +[docker-compose.swarm.yml](docker-compose.swarm.yml) contains spécific services needed for deploying it in swarm + +In order to run you will need to run those few commands: + +To initialize your cluster +``` +docker swarm init +``` +To deploy/redeploy (after modification of the docker-compose) georchestra: +``` +docker stack deploy -c docker-compose.yml -c docker-compose.swarm.yml georchestra +``` +verify the stack is present +``` +docker stack ls +``` +Verify that services are running +``` +docker stack services georchestra +``` +To access the log of the gateway for instance you can use: +``` +docker service logs georchestra_gateway +``` +To restart a service : +``` +docker service update --force georchestra_gateway +``` +To stop/delete the deployment: +``` +docker stack rm georchestra +``` + + + **4. Play** Open [https://georchestra-127-0-0-1.nip.io/](https://georchestra-127-0-0-1.nip.io/) in your browser. Then: diff --git a/docker-compose.atlas.yml b/docker-compose.atlas.yml deleted file mode 100644 index 1357da6..0000000 --- a/docker-compose.atlas.yml +++ /dev/null @@ -1,13 +0,0 @@ -version: "3.1" - -services: - # atlas printing services, eventually queried by the mapfishapp atlas addon - atlas: - image: georchestra/atlas:latest - volumes: - - georchestra_datadir:/etc/georchestra - environment: - - XMS=512M - - XMX=2G - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - restart: always diff --git a/docker-compose.data-api.yml b/docker-compose.data-api.yml deleted file mode 100644 index e91dcfc..0000000 --- a/docker-compose.data-api.yml +++ /dev/null @@ -1,25 +0,0 @@ -version: "3.1" - -services: - data-api: - image: georchestra/data-api:latest - # healthcheck: - # test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/data/ogcapi >/dev/null || exit 1" ] - # interval: 30s - # timeout: 10s - # retries: 10 - depends_on: - database: - condition: service_healthy - volumes: - - georchestra_datadir:/etc/georchestra - environment: - SPRING_PROFILES_ACTIVE: postgis - LOGGING_LEVEL_COM_CAMPTOCAMP: DEBUG - LOGGING_LEVEL_ORG_GEOTOOLS: DEBUG - SERVER_SERVLET_CONTEXT_PATH: /data - POSTGRES_HOST: postgis - POSTGRES_PORT: 5432 - POSTGRES_DB: datafeeder - POSTGRES_USER: georchestra - POSTGRES_PASSWORD: georchestra diff --git a/docker-compose.datafeeder.gmail.yml b/docker-compose.datafeeder.gmail.yml deleted file mode 100644 index e75993a..0000000 --- a/docker-compose.datafeeder.gmail.yml +++ /dev/null @@ -1,20 +0,0 @@ -version: "3.1" - -# Use this docker-compose override file in tandem with the default docker-compose.yml file -# to use the noreply.georchestra.dev@gmail.com test email as administrator email and actually -# send emails instead of going to the smtp-sink defined in docker-compose.override.yml. -# -# i.e.: docker-compose -f docker-compose.yml -f docker-compose.datafeeder.gmail.yml up -d -# -# But before doing so, create or edit the .env file and set the SMTP_PASSWORD variable -# to the actual account password, shared between the georchestra developers. -services: - datafeeder: - environment: - - smtpPassword=${SMTP_PASSWORD} - - smtpHost=smtp.gmail.com - - smtpPort=587 - - smtpUser=noreply.georchestra.dev@gmail.com - - smtpAuth=true - - smtpTLS=true - - administratorEmail=noreply.georchestra.dev@gmail.com diff --git a/docker-compose.yml b/docker-compose.yml index 195d1a6..c819048 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,13 @@ -include: - - docker-compose.data-api.yml - volumes: postgresql_data: +# driver: local +# driver_opts: +# o: bind +# type: none +# device: ./volumes/postgresql_data ldap_data: ldap_config: + ldap_run: geoserver_geodata: geoserver_datadir: geoserver_tiles: @@ -14,51 +17,61 @@ volumes: datafeeder_uploads: datafeeder_postgis_data: esdata: - georchestra_datadir: - rabbit_data: + smtp_maildir: + mail: + mail_spool: secrets: slapd_password: file: ./secrets/slapd_password.txt services: - copy-datadir: - image: alpine - command: sh -c "rm -r /etc/georchestra/* ; cp -r -f -v /mnt/datadir/* /etc/georchestra/ ; chmod 777 -R -v /etc/georchestra/" # "sleep 6000" - volumes: - - ./config:/mnt/datadir - - georchestra_datadir:/etc/georchestra - - envsubst: - image: georchestra/k8s-initcontainer-envsubst - depends_on: - copy-datadir: - condition: service_completed_successfully + caddy: + image: caddy:2.8-alpine + ports: + - "80:80" + - "443:443" + - "127.0.0.1:2019:2019" environment: - - DEBUG=yes - - SUBST_FILES=/etc/georchestra/security-proxy/targets-mapping.properties /etc/georchestra/datafeeder/frontend-config.json /etc/georchestra/datafeeder/metadata_* /etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml - env_file: - - .envs-common - - .envs-hosts + - CADDY_ADMIN=0.0.0.0:2019 volumes: - - georchestra_datadir:/etc/georchestra + - ./resources/ssl:/etc/certs:ro + - ./resources/caddy/etc:/etc/caddy:ro + - ./resources/caddy/data:/data/caddy + - ./resources/static:/usr/share/caddy/static:ro + restart: always + healthcheck: + test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:2019/reverse_proxy/upstreams >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-common database: image: georchestra/database:latest env_file: - - .envs-database-georchestra - depends_on: - envsubst: - condition: service_completed_successfully + - ./envs/.envs-database-georchestra + environment: + - PGHOST=localhost + healthcheck: + test: ["CMD-SHELL", "pg_isready -U georchestra"] + interval: 30s + timeout: 30s + retries: 5 + start_period: 30s + deploy: + restart_policy: + condition: on-failure + window: 15m + ports: + - 5432:5432 volumes: - postgresql_data:/var/lib/postgresql restart: always ldap: image: georchestra/ldap:latest - depends_on: - envsubst: - condition: service_completed_successfully secrets: - slapd_password environment: @@ -71,67 +84,58 @@ services: - RUN_AS_GID=0 - LDAPHOST=localhost env_file: - - .envs-ldap + - ./envs/.envs-ldap volumes: - ldap_data:/var/lib/ldap - ldap_config:/etc/ldap + tmpfs: + - /var/run/slapd + restart: always + + smtp: + image: camptocamp/exim:latest + env_file: + - ./envs/.envs-smtprelay + volumes: + - mail:/var/mail + - mail_spool:/var/spool/exim4 restart: always gateway: - image: georchestra/gateway:latest + image: georchestra/gateway:latest-debug depends_on: - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - JAVA_TOOL_OPTIONS=-Dgeorchestra.datadir=/etc/georchestra env_file: - - .envs-common - - .envs-ldap - - .envs-hosts - - .envs-database-georchestra + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + ports: + - "8080:8080" -# uncomment for oauth 2.0 -# cas: -# image: georchestra/cas:latest -# healthcheck: -# test: [ "CMD-SHELL", "curl -s -f http://localhost:8080/cas/login >/dev/null || exit 1" ] -# interval: 30s -# timeout: 10s -# retries: 10 -# depends_on: -# ldap: -# condition: service_healthy -# volumes: -# - georchestra_datadir:/etc/georchestra -# environment: -# - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -# - XMS=256M -# - XMX=1G -# env_file: -# - .envs-common -# - .envs-ldap -# - .envs-database-georchestra -# restart: always - - header: - image: georchestra/header:latest + console: + image: georchestra/console:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/header/img/logo.png >/dev/null || exit 1"] + test: ["CMD-SHELL", "curl -s -f http://localhost:8080/console/account/new >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 depends_on: - envsubst: - condition: service_completed_successfully + - ldap + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=512M + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx512m env_file: - - .envs-common + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-database-georchestra + - ./envs/.envs-hosts restart: always geoserver: @@ -141,80 +145,112 @@ services: interval: 30s timeout: 10s retries: 10 + deploy: + resources: + limits: + cpus: "4" + memory: "8g" depends_on: - ldap: - condition: service_healthy - database: - condition: service_healthy + - ldap + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - geoserver_datadir:/mnt/geoserver_datadir - geoserver_geodata:/mnt/geoserver_geodata - geoserver_tiles:/mnt/geoserver_tiles - geoserver_native_libs:/mnt/geoserver_native_libs environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=8G - + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx8g env_file: - - .envs-database-georchestra - - .envs-database-datafeeder + - ./envs/.envs-database-georchestra + - ./envs/.envs-database-datafeeder restart: always - console: - image: georchestra/console:latest + geonetwork: + image: georchestra/geonetwork:latest healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/console/account/new >/dev/null || exit 1"] + test: ["CMD-SHELL", "curl -s -f http://localhost:8080/geonetwork/srv/eng/catalog.search >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 + deploy: + resources: + limits: + cpus: "4" + memory: "4g" depends_on: - ldap: - condition: service_healthy - database: - condition: service_healthy - rabbitmq: - condition: service_healthy + - console + - database + - elasticsearch volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra + - geonetwork_datadir:/mnt/geonetwork_datadir environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=1G + - JAVA_OPTIONS=-Duser.home=/tmp/jetty -Dgeorchestra.datadir=/etc/georchestra -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xms256m -Xmx4g env_file: - - .envs-common - - .envs-ldap - - .envs-rabbitmq - - .envs-database-georchestra - - .envs-hosts + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-elastic restart: always - geonetwork: - image: georchestra/geonetwork:latest + elasticsearch: + image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 + deploy: + resources: + limits: + cpus: "0" + memory: "1g" + volumes: + - esdata:/usr/share/elasticsearch/data healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/geonetwork/srv/eng/catalog.search >/dev/null || exit 1"] + test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] interval: 30s timeout: 10s retries: 10 + env_file: + - ./envs/.envs-elastic + environment: + discovery.type: single-node + ES_JAVA_OPTS: -Xms512m -Xmx512m + restart: always + + kibana: + deploy: + replicas: 0 + image: docker.elastic.co/kibana/kibana:8.14.3 depends_on: - console: - condition: service_healthy - database: - condition: service_healthy - elasticsearch: - condition: service_healthy + - elasticsearch + healthcheck: + test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] + interval: 30s + timeout: 10s + retries: 10 + env_file: + - ./envs/.envs-hosts + - ./envs/.envs-elastic volumes: - - georchestra_datadir:/etc/georchestra - - geonetwork_datadir:/mnt/geonetwork_datadir + - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml + restart: always + + ogc-api-records: + image: geonetwork/gn-cloud-ogc-api-records-service:4.4.7-0 + depends_on: + - geonetwork + - database + - elasticsearch environment: - - JAVA_OPTIONS=-Duser.home=/tmp/jetty -Dgeorchestra.datadir=/etc/georchestra -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 -Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=6G + LANG: en_US.UTF-8 + SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records + SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml + SPRING_PROFILES_ACTIVE: standalone + JAVA_OPTS: -Dfile.encoding=UTF-8 env_file: - - .envs-hosts - - .envs-database-georchestra - - .envs-elastic + - ./envs/.envs-common + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-elastic + volumes: + - ./config:/etc/georchestra restart: always datahub: @@ -224,15 +260,12 @@ services: interval: 30s timeout: 10s retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully environment: ASSETS_DIRECTORY_OVERRIDE: /etc/georchestra/datahub/assets CONFIG_DIRECTORY_OVERRIDE: /etc/georchestra/datahub/conf CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/datahub/scripts volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra restart: always metadata-editor: @@ -242,35 +275,12 @@ services: interval: 30s timeout: 10s retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully environment: ASSETS_DIRECTORY_OVERRIDE: /etc/georchestra/metadata-editor/assets CONFIG_DIRECTORY_OVERRIDE: /etc/georchestra/metadata-editor/conf CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/metadata-editor/scripts volumes: - - georchestra_datadir:/etc/georchestra - restart: always - - analytics: - image: georchestra/analytics:latest - healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:8080/analytics/ >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - depends_on: - database: - condition: service_healthy - volumes: - - georchestra_datadir:/etc/georchestra - environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF - - XMS=256M - - XMX=1G - env_file: - - .envs-database-georchestra + - ./config:/etc/georchestra restart: always mapstore: @@ -281,35 +291,30 @@ services: timeout: 10s retries: 10 depends_on: - database: - condition: service_healthy - ldap: - condition: service_healthy + - database + - ldap volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - mapstore_extensions:/mnt/mapstore_extensions environment: - JAVA_OPTS=-Xms512m -Xmx512m -Dgeorchestra.datadir=/etc/georchestra -Dgeorchestra.extensions=/mnt/mapstore_extensions -DPRINT_BASE_URL=pdf env_file: - - .envs-ldap - - .envs-database-georchestra + - ./envs/.envs-ldap + - ./envs/.envs-database-georchestra restart: always postgis: # used by datafeeder to ingest uploaded user datasets into - image: postgis/postgis:13-3.1-alpine + image: postgis/postgis:18-3.6-alpine healthcheck: test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] interval: 10s timeout: 3s retries: 3 - depends_on: - envsubst: - condition: service_completed_successfully env_file: - - .envs-database-datafeeder + - ./envs/.envs-database-datafeeder volumes: - - datafeeder_postgis_data:/var/lib/postgresql/data + - datafeeder_postgis_data:/var/lib/postgresql restart: always datafeeder: @@ -320,22 +325,20 @@ services: timeout: 10s retries: 10 depends_on: - database: - condition: service_healthy - postgis: - condition: service_healthy + - database + - postgis volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra - datafeeder_uploads:/tmp/datafeeder environment: - JAVA_OPTIONS=-Xms512m -Xmx512m -Dspring.profiles.active=georchestra,data-api-schemas -Dspring.config.additional-location=file:/etc/georchestra/data-api/application.yaml # You can set a higher loglevel this way: (ref. https://docs.spring.io/spring-boot/docs/2.1.13.RELEASE/reference/html/boot-features-logging.html#boot-features-custom-log-levels) - LOGGING_LEVEL_ORG_GEORCHESTRA_DATAFEEDER=INFO env_file: - - .envs-common - - .envs-hosts - - .envs-database-georchestra - - .envs-database-datafeeder + - ./envs/.envs-common + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra + - ./envs/.envs-database-datafeeder restart: always import: @@ -346,93 +349,9 @@ services: timeout: 10s retries: 10 depends_on: - envsubst: - condition: service_completed_successfully + - datafeeder environment: CUSTOM_SCRIPTS_DIRECTORY: /etc/georchestra/datafeeder/scripts/import volumes: - - georchestra_datadir:/etc/georchestra - restart: always - - elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:8.14.3 - ulimits: - memlock: - soft: -1 - hard: -1 - deploy: - resources: - limits: - memory: 4g - volumes: - - esdata:/usr/share/elasticsearch/data - healthcheck: - test: ["CMD-SHELL", "curl -u elastic:$$ELASTIC_PASSWORD -s -f http://localhost:9200/_cat/health >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - depends_on: - envsubst: - condition: service_completed_successfully - env_file: - - .envs-elastic - environment: - discovery.type: single-node - ES_JAVA_OPTS: -Xms512m -Xmx512m - restart: always - - kibana: - scale: 0 - image: docker.elastic.co/kibana/kibana:8.14.3 - depends_on: - elasticsearch: - condition: service_healthy - healthcheck: - test: ["CMD-SHELL", "curl -s -f http://localhost:5601/api/status >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - environment: - ELASTICSEARCH_USERNAME: elastic - ELASTICSEARCH_PASSWORD: changeme - env_file: - - .envs-hosts - - .envs-elastic - volumes: - - ./resources/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml - restart: always - - ogc-api-records: - image: geonetwork/gn-cloud-ogc-api-records-service:4.2.2 - depends_on: - geonetwork: - condition: service_healthy - database: - condition: service_healthy - elasticsearch: - condition: service_healthy - environment: - LANG: en_US.UTF-8 - SERVER_SERVLET_CONTEXT_PATH: /ogc-api-records - SPRING_CONFIG_LOCATION: file:///etc/georchestra/geonetwork/microservices/ogc-api-records/config.yml - SPRING_PROFILES_ACTIVE: standalone - JAVA_OPTS: -Dfile.encoding=UTF-8 - volumes: - - georchestra_datadir:/etc/georchestra - restart: always - - rabbitmq: - image: rabbitmq:3.13 - healthcheck: - test: rabbitmq-diagnostics -q ping && rabbitmq-diagnostics -q check_local_alarms - interval: 60s - timeout: 30s - retries: 3 - env_file: - - .envs-rabbitmq - environment: - - RABBITMQ_LOGS=- - - RABBITMQ_DISK_FREE_ABSOLUTE_LIMIT=1GB - volumes: - - 'rabbit_data:/var/lib/rabbitmq/mnesia' + - ./config:/etc/georchestra restart: always diff --git a/.envs-common b/envs/.envs-common similarity index 100% rename from .envs-common rename to envs/.envs-common diff --git a/.envs-database-datafeeder b/envs/.envs-database-datafeeder similarity index 59% rename from .envs-database-datafeeder rename to envs/.envs-database-datafeeder index e12bec0..bb134a0 100644 --- a/.envs-database-datafeeder +++ b/envs/.envs-database-datafeeder @@ -5,6 +5,6 @@ DF_PGPORT=5432 DF_PGUSER=georchestra DF_PGPASSWORD=georchestra -POSTGRES_DB=${DF_PGDATABASE} -POSTGRES_USER=${DF_PGUSER} -POSTGRES_PASSWORD=${DF_PGPASSWORD} \ No newline at end of file +POSTGRES_DB=datafeeder +POSTGRES_USER=georchestra +POSTGRES_PASSWORD=georchestra \ No newline at end of file diff --git a/envs/.envs-database-georchestra b/envs/.envs-database-georchestra new file mode 100644 index 0000000..4038fb9 --- /dev/null +++ b/envs/.envs-database-georchestra @@ -0,0 +1,24 @@ +# envs-database-georchestra +PGHOST=database +PGPORT=5432 +PGDATABASE=georchestra +PGUSER=georchestra +PGPASSWORD=georchestra + +POSTGRES_USER=georchestra +POSTGRES_PASSWORD=georchestra + +# extra env var for jdbc +GEODATA_PGDATABASE=georchestra +GEODATA_PGHOST=database +GEODATA_PGPORT=5432 +GEODATA_PGUSER=georchestra +GEODATA_PGPASSWORD=georchestra + +# extra env for gs jdbc/gwc +GWC_PGDATABASE=georchestra +GWC_PGHOST=database +GWC_PGPORT=5432 +GWC_PGUSERNAME=georchestra +GWC_PGPASSWORD=georchestra + diff --git a/.envs-elastic b/envs/.envs-elastic similarity index 64% rename from .envs-elastic rename to envs/.envs-elastic index 3c99bcd..f35c4bb 100644 --- a/.envs-elastic +++ b/envs/.envs-elastic @@ -2,12 +2,12 @@ ES_USERNAME=elastic ES_PASSWORD=changeme # Only needed for the built-in elasticsearch -ELASTIC_PASSWORD=${ES_PASSWORD} +ELASTIC_PASSWORD=changeme # Disable SSL for Elasticsearch -xpack.security.transport.ssl.enabled: false -xpack.security.http.ssl.enabled: false +xpack.security.transport.ssl.enabled=false +xpack.security.http.ssl.enabled=false #In order to use Kibana, you need to set the password for the kibana_system user. #docker exec -it es01 bin/elasticsearch-reset-password -u kibana_system -#KIBANA_PASSWORD= \ No newline at end of file +#KIBANA_PASSWORD= diff --git a/.envs-hosts b/envs/.envs-hosts similarity index 84% rename from .envs-hosts rename to envs/.envs-hosts index f514906..5dd6a25 100644 --- a/.envs-hosts +++ b/envs/.envs-hosts @@ -1,6 +1,5 @@ ANALYTICS_HOST=analytics CAS_HOST=cas -CONSOLE_HOST=console GEONETWORK_HOST=geonetwork GEOSERVER_HOST=geoserver HEADER_HOST=header @@ -12,12 +11,13 @@ DATAHUB_HOST=datahub OGC_API_RECORDS_HOST=ogc-api-records KB_HOST=kibana KB_PORT=5601 -ES_HOST=elasticsearch -ES_PORT=9200 RABBITMQ_HOST=rabbitmq DATA_API_HOST=data-api +CONSOLE_HOST=console # needed for geonetwork entrypoint DO NOT REMOVE -CONSOLE_URL=http://${CONSOLE_HOST}:8080 +CONSOLE_URL=http://console:8080 +ES_HOST=elasticsearch +ES_PORT=9200 # needed for kibana DO NOT REMOVE -ELASTICSEARCH_HOSTS=http://${ES_HOST}:${ES_PORT} +ELASTICSEARCH_HOSTS=http://elasticsearch:9200 diff --git a/.envs-ldap b/envs/.envs-ldap similarity index 100% rename from .envs-ldap rename to envs/.envs-ldap diff --git a/.envs-rabbitmq b/envs/.envs-rabbitmq similarity index 100% rename from .envs-rabbitmq rename to envs/.envs-rabbitmq From 136aa5cefc0fe758c193a72e2666bd61256eda6c Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:24:42 +0100 Subject: [PATCH 2/4] remove useless files --- Makefile | 9 ------ docker-compose.gwc.yml | 22 -------------- docker-compose.override.yml | 60 ------------------------------------- docker-compose.sendmail.yml | 24 --------------- docker-compose.swarm.yml | 34 +++++++++++++++++++++ run-datafeeder-gmail.sh | 22 -------------- run.sh | 3 -- 7 files changed, 34 insertions(+), 140 deletions(-) delete mode 100644 Makefile delete mode 100644 docker-compose.gwc.yml delete mode 100644 docker-compose.override.yml delete mode 100644 docker-compose.sendmail.yml create mode 100644 docker-compose.swarm.yml delete mode 100755 run-datafeeder-gmail.sh delete mode 100755 run.sh diff --git a/Makefile b/Makefile deleted file mode 100644 index d1f304f..0000000 --- a/Makefile +++ /dev/null @@ -1,9 +0,0 @@ -run-silent: - docker compose up -d - -run: - docker compose up - -# run without the docker-compose.override.yml -run-core: - docker compose -f docker-compose.yml up diff --git a/docker-compose.gwc.yml b/docker-compose.gwc.yml deleted file mode 100644 index 349f143..0000000 --- a/docker-compose.gwc.yml +++ /dev/null @@ -1,22 +0,0 @@ -version: "3.1" - -volumes: - geowebcache_tiles: - geowebcache_datadir: - -services: - - # standalone geowebcache: - geowebcache: - image: georchestra/geowebcache:latest - volumes: - - geowebcache_datadir:/mnt/geowebcache_datadir - - geowebcache_tiles:/mnt/geowebcache_tiles - - georchestra_datadir:/etc/georchestra - environment: - - XMS=1G - - XMX=2G - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -# ports: -# - 8080:8080 - restart: always diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index 8358f96..0000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,60 +0,0 @@ -version: "3.1" - -# Complementary services, not part of geOrchestra core. -# They are made to ease your life as a developer. -# **NOT** production ready ! - -volumes: - smtp_maildir: - -services: - caddy: - image: caddy:2.8-alpine - ports: - - "80:80" - - "443:443" - - "127.0.0.1:2019:2019" - environment: - - CADDY_ADMIN=0.0.0.0:2019 - volumes: - - ./resources/ssl:/etc/certs:ro - - ./resources/caddy/etc:/etc/caddy:ro - - ./resources/caddy/data:/data/caddy - - ./resources/static:/usr/share/caddy/static:ro - restart: always - healthcheck: - test: ["CMD-SHELL", "wget --no-verbose --tries=1 --spider http://localhost:2019/reverse_proxy/upstreams >/dev/null || exit 1"] - interval: 30s - timeout: 10s - retries: 10 - env_file: - - .envs-common - - smtp: - image: camptocamp/smtp-sink:latest - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - courier-imap: - image: camptocamp/courier-imap:latest - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - webmail: - image: camptocamp/sqwebmail:latest - environment: - - IMAP_HOSTNAME=courier-imap - - SMTP_HOSTNAME=smtp-sink - volumes: - - smtp_maildir:/home/smtp/Maildir/ - restart: always - - ssh: - image: georchestra/ssh_data:latest - ports: - - "2222:22" - volumes: - - geoserver_geodata:/mnt/geoserver_geodata - restart: always diff --git a/docker-compose.sendmail.yml b/docker-compose.sendmail.yml deleted file mode 100644 index 82ec0ae..0000000 --- a/docker-compose.sendmail.yml +++ /dev/null @@ -1,24 +0,0 @@ -version: "3.1" - -# Complementary services, not part of geOrchestra core. -# This is an alternative proposition to the smtp sink, to manage the emails -# Before using it in production, review the source code https://github.com/pi-geosolutions/docker-sendmail/ -# and use at your own risks, under your responsibility ! -# -# To use it, you have to change the smtp config in config/default.properties to -# use `sendmail` host -# -# Note: the sendmail service takes some time to configure. In case you have a -# "Connection refused" error, look in the logs and wait for it to say -# "Restarting Mail Transport Agent (MTA): sendmail." before using it -# -# Note2: if sending mails fails silently, you might have filter issue. For -# instance, personal internet boxes might be filtering your traffic and dropping -# the packets (happened to me, I had to disable the filering option of my box) - -services: - sendmail: - image: pigeosolutions/sendmail:20210906-1657-6e05771 - environment: - HOSTNAME: georchestra-127-0-0-1.nip.io - restart: always diff --git a/docker-compose.swarm.yml b/docker-compose.swarm.yml new file mode 100644 index 0000000..c29e55b --- /dev/null +++ b/docker-compose.swarm.yml @@ -0,0 +1,34 @@ +# specific swarm stuff +# +volumes: + portainer_data: + +services: + agent: + image: portainer/agent:lts + environment: + AGENT_CLUSTER_ADDR: tasks.agent + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - /var/lib/docker/volumes:/var/lib/docker/volumes + deploy: + mode: global + placement: + constraints: [node.platform.os == linux] + + portainer: + image: portainer/portainer-ce:lts + command: -H tcp://tasks.agent:9001 --tlsskipverify + ports: + - "9443:9443" + - "9000:9000" + - "8000:8000" + volumes: + - /var/run/docker.sock:/var/run/docker.sock + - portainer_data:/data + deploy: + mode: replicated + replicas: 1 + placement: + constraints: [node.role == manager] + diff --git a/run-datafeeder-gmail.sh b/run-datafeeder-gmail.sh deleted file mode 100755 index 38e3ef6..0000000 --- a/run-datafeeder-gmail.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/bash - -account="noreply.georchestra.dev@gmail.com" - -if [ ! -f ".env" ]; then - echo "There's no .env file, create it and set the SMTP_PASSWORD variable to the $account account password" - exit 1 -fi - -source .env - -if [ -z "$SMTP_PASSWORD" ]; then - echo "Declare the SMTP_PASSWORD variable in .env with the $account account password" - exit 1 -fi - -files="-f docker-compose.yml -f docker-compose.override.yml -f docker-compose.datafeeder.gmail.yml" - -echo "SMTP_PASSWORD found in .env, running" -echo "docker compose $files up -d" - -docker compose $files up -d diff --git a/run.sh b/run.sh deleted file mode 100755 index 4a16708..0000000 --- a/run.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -docker compose up -d From 0ee9102db3f80566a857758b0db80472487c8eb0 Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:28:50 +0100 Subject: [PATCH 3/4] remove comment for volume driver --- docker-compose.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index c819048..fc99b05 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,5 @@ volumes: postgresql_data: -# driver: local -# driver_opts: -# o: bind -# type: none -# device: ./volumes/postgresql_data ldap_data: ldap_config: ldap_run: From e67c71410d35df50a8395b3ec0bb6e3a2cc6f75c Mon Sep 17 00:00:00 2001 From: Jean-Michel Crepel Date: Tue, 3 Mar 2026 14:56:40 +0100 Subject: [PATCH 4/4] update readme --- README.md | 56 +++++++++++++++++++++++++++---------------------------- 1 file changed, 27 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 70aea3d..9a06f73 100644 --- a/README.md +++ b/README.md @@ -120,9 +120,7 @@ rsync -arv -e 'ssh -p 2222' /path/to/geodata/ geoserver@georchestra-127-0-0-1.ni Files uploaded into this volume will also be available to the geoserver instance in `/mnt/geoserver_geodata/`. -Emails sent by the SDI (eg when users request a new password) will not be relayed on the internet but trapped by a local SMTP service. -These emails can be read on https://georchestra-127-0-0-1.nip.io/webmail/ (with login `smtp` and password `smtp`). - +Emails sent by the SDI (eg when users request a new password) will not be relayed on the internet but trapped by a local SMTP service. ## Locally trust the TLS certificate for geOrchestra @@ -168,17 +166,12 @@ These docker-compose files describe: * how they are linked together, * where the configuration and data volumes are -The `docker-compose.override.yml` file adds services to interact with your geOrchestra instance (they are not part of geOrchestra "core"): - * reverse proxy / load balancer - * ssh / rsync services, - * smtp, webmail. - **Feel free to comment out the apps you do not need**. The base docker composition does not include any standalone geowebcache instance, nor the atlas module. If you need them, you have to include the corresponding complementary docker-compose file at run-time: ``` -docker compose -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.gwc.yml -f docker-compose.atlas.yml up +docker compose -f docker-compose.yml up ``` ## Upgrading @@ -195,11 +188,11 @@ To upgrade, we recommend you to: This docker composition supports environment variables, if you need to customize something it might be in the different environment variables files. Here is the list of these files: -- [.envs-common](.envs-common) -- [.envs-database-datafeeder](.envs-database-datafeeder) -- [.envs-database-georchestra](.envs-database-georchestra) -- [.envs-hosts](.envs-hosts) -- [.envs-ldap](.envs-ldap) +- [.envs-common](envs/.envs-common) +- [.envs-database-datafeeder](envs/.envs-database-datafeeder) +- [.envs-database-georchestra](envs/.envs-database-georchestra) +- [.envs-hosts](envs/.envs-hosts) +- [.envs-ldap](envs/.envs-ldap) If you add variables, be careful because it might be added into the wrong/unwanted container. @@ -220,7 +213,7 @@ Most changes will require a service restart, except maybe updating viewer contex In order to have Kibana up and running, you will need to: 1. After Elasticsearch up and healthy, launch the command `docker compose exec -it elasticsearch bin/elasticsearch-reset-password -u kibana_system`. It will ask to fill a password for the `kibana_system` user. -2. Uncomment and fill this password into the `.envs-elastic` file. +2. Uncomment and fill this password into the `envs/.envs-elastic` file. 3. Enable kibana server with `scale: 1` in `docker-compose.yml`. 4. Start Kibana with `docker compose up -d kibana`. @@ -285,11 +278,11 @@ https://techoverflow.net/2019/04/17/how-to-disable-elasticsearch-disk-quota-wate Beside georchestra/docker directory, you need to clone [georchestra/georchestra repo](https://github.com/georchestra/georchestra) first. -Next, install maven to execute [main georchestra Makefile](https://github.com/georchestra/georchestra/blob/master/Makefile) on each modification (e.g console, security-proxy, whatever you change). +Next, install maven to execute [main georchestra Makefile](https://github.com/georchestra/georchestra/blob/master/Makefile) on each modification (e.g console, gateway, whatever you change). -For example, if you change some security-proxy code, use : +For example, if you change some gateway code, use : -`make docker-build-proxy` +`make docker-build-gateway` ... to execute easily this maven command : @@ -305,25 +298,30 @@ You can now test modifications locally with the current FQDN (by default `georch **3. Debug** -Open `docker/docker-compose.yml` and identify `proxy` section. +Open `docker/docker-compose.yml` and identify `gateway` section. -Change `proxy` section to insert some JAVA options and ports `5005` to get : +Change `gateway` section to insert some JAVA options and ports `5005` to get : ``` - proxy: - image: georchestra/security-proxy:latest + gateway: + image: georchestra/gateway:latest-debug depends_on: - - ldap - - database + - database volumes: - - georchestra_datadir:/etc/georchestra + - ./config:/etc/georchestra environment: - - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 - - XMS=256M - - XMX=1G + - JAVA_OPTIONS=-Dorg.eclipse.jetty.annotations.AnnotationParser.LEVEL=OFF -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=0.0.0.0:5005 + - XMS=256M + - XMX=1G + env_file: + - ./envs/.envs-common + - ./envs/.envs-ldap + - ./envs/.envs-hosts + - ./envs/.envs-database-georchestra restart: always ports: - - "5005:5005" + - "5005:5005" + - "8080:8080" ``` Apply Docker changes :