From d101ebd2b5a85369fd31a0771a61a69ed2bf3e0b Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 8 Oct 2024 08:42:46 +0200 Subject: [PATCH 1/5] Ad GeoServer artifact --- artifacts/geoserver_compose.yml | 91 +++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) create mode 100644 artifacts/geoserver_compose.yml diff --git a/artifacts/geoserver_compose.yml b/artifacts/geoserver_compose.yml new file mode 100644 index 0000000..0752158 --- /dev/null +++ b/artifacts/geoserver_compose.yml @@ -0,0 +1,91 @@ +--- +- hosts: localhost + connection: local + vars: + INSTALL_EXTENSIONS: 'true' + STABLE_EXTENSIONS: 'ysld,h2' + COMMUNITY_EXTENSIONS: 'colormap' + geoserver_host: "geoserver.{{ ansible_default_ipv4.address }}.nip.ip" + roles: + - role: 'grycap.docker' + tasks: + - name: Create geoserver data directory + file: + path: /opt/geoserver/data + state: directory + mode: '0755' + recurse: true + + - name: Set geoserver_host to Public IP + set_fact: + geoserver_host: "geoserver.{{ IM_NODE_PUBLIC_IP }}.nip.io" + when: IM_NODE_PUBLIC_IP is defined and IM_NODE_PUBLIC_IP != "" + + - name: Set geoserver_host to DNS name + set_fact: + geoserver_host: "{{ geoserver_dns_hostname }}" + when: geoserver_dns_hostname is defined and geoserver_dns_hostname != "" + + - name: Create docker-compose file + copy: + content: | + version: '3.3' + services: + web: + restart: always + image: docker.osgeo.org/geoserver:2.26.x + container_name: geoserver + expose: + - "8080" + networks: + - frontend + - backend + volumes: + - ./data:/opt/geoserver_data + labels: + - "traefik.enable=true" + - "traefik.http.routers.web.service=web" + - "traefik.http.routers.web.rule=Host(`{{ geoserver_host }}`)" + - "traefik.http.routers.web.entrypoints=websecure" + - "traefik.http.routers.web.tls.certresolver=myresolver" + - "traefik.http.services.web.loadbalancer.server.port=5000" + - "traefik.docker.network=geoserver_frontend" + traefik: + image: "traefik:v2.10" + container_name: "traefik" + command: + #- "--log.level=DEBUG" + - "--api.insecure=true" + - "--providers.docker=true" + - "--providers.docker.exposedbydefault=false" + - "--entrypoints.web.address=:80" + - "--entrypoints.websecure.address=:443" + - "--entrypoints.web.http.redirections.entryPoint.to=websecure" + - "--entrypoints.web.http.redirections.entryPoint.scheme=https" + - "--entrypoints.web.http.redirections.entrypoint.permanent=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge=true" + - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" + #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" + - "--certificatesresolvers.myresolver.acme.email={{ geoserver_cert_email }}" + - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" + ports: + - "80:80" + - "443:443" + - "8080:8080" + volumes: + - "./letsencrypt:/letsencrypt" + - "/var/run/docker.sock:/var/run/docker.sock:ro" + networks: + - frontend + networks: + frontend: + driver: bridge + backend: + driver: bridge + dest: /opt/geoserver/docker-compose.yaml + mode: '644' + + - name: Exec docker-compose up + docker_compose: + project_src: /opt/geoserver/ + state: present From 99af8d0bc8a0f1368f02b41b2be0f41c33cafe30 Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 8 Oct 2024 09:33:54 +0200 Subject: [PATCH 2/5] Fix recipe --- artifacts/geoserver_compose.yml | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/artifacts/geoserver_compose.yml b/artifacts/geoserver_compose.yml index 0752158..6e2e7dc 100644 --- a/artifacts/geoserver_compose.yml +++ b/artifacts/geoserver_compose.yml @@ -39,7 +39,6 @@ - "8080" networks: - frontend - - backend volumes: - ./data:/opt/geoserver_data labels: @@ -48,7 +47,7 @@ - "traefik.http.routers.web.rule=Host(`{{ geoserver_host }}`)" - "traefik.http.routers.web.entrypoints=websecure" - "traefik.http.routers.web.tls.certresolver=myresolver" - - "traefik.http.services.web.loadbalancer.server.port=5000" + - "traefik.http.services.web.loadbalancer.server.port=8080" - "traefik.docker.network=geoserver_frontend" traefik: image: "traefik:v2.10" @@ -71,7 +70,6 @@ ports: - "80:80" - "443:443" - - "8080:8080" volumes: - "./letsencrypt:/letsencrypt" - "/var/run/docker.sock:/var/run/docker.sock:ro" @@ -80,8 +78,6 @@ networks: frontend: driver: bridge - backend: - driver: bridge dest: /opt/geoserver/docker-compose.yaml mode: '644' From a8d87525126be5610a4b330bc114193cdbceaebe Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 8 Oct 2024 10:26:29 +0200 Subject: [PATCH 3/5] Improve GeoServer artifact --- artifacts/geoserver_compose.yml | 92 +++++++++++++++++---------------- 1 file changed, 47 insertions(+), 45 deletions(-) diff --git a/artifacts/geoserver_compose.yml b/artifacts/geoserver_compose.yml index 6e2e7dc..52af1eb 100644 --- a/artifacts/geoserver_compose.yml +++ b/artifacts/geoserver_compose.yml @@ -5,7 +5,7 @@ INSTALL_EXTENSIONS: 'true' STABLE_EXTENSIONS: 'ysld,h2' COMMUNITY_EXTENSIONS: 'colormap' - geoserver_host: "geoserver.{{ ansible_default_ipv4.address }}.nip.ip" + admin_password: "{{ geoserver_admin_password | default('geoserver') }}" roles: - role: 'grycap.docker' tasks: @@ -16,15 +16,40 @@ mode: '0755' recurse: true - - name: Set geoserver_host to Public IP - set_fact: - geoserver_host: "geoserver.{{ IM_NODE_PUBLIC_IP }}.nip.io" - when: IM_NODE_PUBLIC_IP is defined and IM_NODE_PUBLIC_IP != "" + - name: Create private key (RSA, 4096 bits) + community.crypto.openssl_privatekey: + path: /opt/geoserver/certificate.key + mode: '644' + format: pkcs8 + + - name: Generate an OpenSSL Certificate Signing Request with Subject information + community.crypto.openssl_csr: + path: /opt/geoserver/certificate.csr + privatekey_path: /opt/geoserver/certificate.key + country_name: ES + organization_name: GeoServer + common_name: GeoServer + + - name: Create simple self-signed certificate + community.crypto.x509_certificate: + path: /opt/geoserver/certificate.pem + privatekey_path: /opt/geoserver/certificate.key + provider: selfsigned + csr_path: /opt/geoserver/certificate.csr + + - name: Install openjdk-11-jre-headless + apt: + name: openjdk-11-jre-headless + state: present + install_recommends: false - - name: Set geoserver_host to DNS name - set_fact: - geoserver_host: "{{ geoserver_dns_hostname }}" - when: geoserver_dns_hostname is defined and geoserver_dns_hostname != "" + - name: Create keystore.jks + java_keystore: + name: server + certificate: "{{ lookup('file', '/opt/geoserver/certificate.pem') }}" + private_key: "{{ lookup('file', '/opt/geoserver/certificate.key') }}" + password: changeit + dest: /opt/geoserver/keystore.jks - name: Create docker-compose file copy: @@ -35,46 +60,23 @@ restart: always image: docker.osgeo.org/geoserver:2.26.x container_name: geoserver - expose: - - "8080" + ports: + - "80:8080" + - "443:8443" networks: - frontend + environment: + - INSTALL_EXTENSIONS={{ INSTALL_EXTENSIONS }} + - STABLE_EXTENSIONS="{{ STABLE_EXTENSIONS }}" + - COMMUNITY_EXTENSIONS="{{ COMMUNITY_EXTENSIONS }}" + - HTTPS_ENABLED=true + - HTTPS_KEYSTORE_FILE=/opt/keystore.jks + - HTTPS_KEYSTORE_PASSWORD=changeit + - HTTPS_KEY_ALIAS=server + - GEOSERVER_ADMIN_PASSWORD={{ admin_password}} volumes: - ./data:/opt/geoserver_data - labels: - - "traefik.enable=true" - - "traefik.http.routers.web.service=web" - - "traefik.http.routers.web.rule=Host(`{{ geoserver_host }}`)" - - "traefik.http.routers.web.entrypoints=websecure" - - "traefik.http.routers.web.tls.certresolver=myresolver" - - "traefik.http.services.web.loadbalancer.server.port=8080" - - "traefik.docker.network=geoserver_frontend" - traefik: - image: "traefik:v2.10" - container_name: "traefik" - command: - #- "--log.level=DEBUG" - - "--api.insecure=true" - - "--providers.docker=true" - - "--providers.docker.exposedbydefault=false" - - "--entrypoints.web.address=:80" - - "--entrypoints.websecure.address=:443" - - "--entrypoints.web.http.redirections.entryPoint.to=websecure" - - "--entrypoints.web.http.redirections.entryPoint.scheme=https" - - "--entrypoints.web.http.redirections.entrypoint.permanent=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge=true" - - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web" - #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" - - "--certificatesresolvers.myresolver.acme.email={{ geoserver_cert_email }}" - - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json" - ports: - - "80:80" - - "443:443" - volumes: - - "./letsencrypt:/letsencrypt" - - "/var/run/docker.sock:/var/run/docker.sock:ro" - networks: - - frontend + - ./keystore.jks:/opt/keystore.jks networks: frontend: driver: bridge From 51b7176457f8456f84f1a859ee3ac85256136a6e Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 8 Oct 2024 10:28:43 +0200 Subject: [PATCH 4/5] Improve GeoServer artifact --- artifacts/geoserver_compose.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/artifacts/geoserver_compose.yml b/artifacts/geoserver_compose.yml index 52af1eb..d89d923 100644 --- a/artifacts/geoserver_compose.yml +++ b/artifacts/geoserver_compose.yml @@ -3,8 +3,8 @@ connection: local vars: INSTALL_EXTENSIONS: 'true' - STABLE_EXTENSIONS: 'ysld,h2' - COMMUNITY_EXTENSIONS: 'colormap' + STABLE_EXTENSIONS: "{{ geoserver_stable_extensions | default('ysld,h2') }}" + COMMUNITY_EXTENSIONS: "{{ geoserver_community_extensions | default('colormap') }}" admin_password: "{{ geoserver_admin_password | default('geoserver') }}" roles: - role: 'grycap.docker' From 86f4d58fc721b5b52ffbd470f3ec1010e12ae4ca Mon Sep 17 00:00:00 2001 From: Miguel Caballer Date: Tue, 8 Oct 2024 10:31:22 +0200 Subject: [PATCH 5/5] Improve GeoServer artifact --- artifacts/geoserver_compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/artifacts/geoserver_compose.yml b/artifacts/geoserver_compose.yml index d89d923..ebd27c7 100644 --- a/artifacts/geoserver_compose.yml +++ b/artifacts/geoserver_compose.yml @@ -73,7 +73,7 @@ - HTTPS_KEYSTORE_FILE=/opt/keystore.jks - HTTPS_KEYSTORE_PASSWORD=changeit - HTTPS_KEY_ALIAS=server - - GEOSERVER_ADMIN_PASSWORD={{ admin_password}} + - GEOSERVER_ADMIN_PASSWORD={{ admin_password }} volumes: - ./data:/opt/geoserver_data - ./keystore.jks:/opt/keystore.jks