From 466c2f3a9ebb298a17f9bc4af423211b3a010b4f Mon Sep 17 00:00:00 2001 From: Juan Luis Rodriguez Ponce Date: Thu, 21 May 2026 17:23:32 +0200 Subject: [PATCH 1/5] geonetwork: fix Elasticsearch version for 4.4 images The geonetwork:4.4 tag now resolves to 4.4.10, which requires Elasticsearch 8.x. The compose.yaml and quick-start examples still referenced elasticsearch:7.17.15, causing 400 errors due to ES 8 treating text-field aggregations differently. Changes: - compose.yaml: upgrade elasticsearch and kibana to 8.14.3, add xpack.security.enabled=false (required for local ES 8 without TLS), remove Jetty-specific JVM flags, update DB type to postgres, upgrade PostgreSQL to 17-3.5, simplify postgres service (no debug logging) - content.md: update quick-start docker run to ES 8.14.3, add Elasticsearch/GeoNetwork version compatibility table, correct Tomcat/Jetty history note and H2 database path description Fixes: https://github.com/geonetwork/docker-geonetwork/issues/144 --- geonetwork/compose.yaml | 14 ++++++-------- geonetwork/content.md | 19 +++++++++++++++---- 2 files changed, 21 insertions(+), 12 deletions(-) diff --git a/geonetwork/compose.yaml b/geonetwork/compose.yaml index 141fd69e3b12..6efb38c61cf8 100644 --- a/geonetwork/compose.yaml +++ b/geonetwork/compose.yaml @@ -36,9 +36,6 @@ services: --add-opens=jdk.management/com.sun.management.internal=ALL-UNNAMED -Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xms512M -Xss512M -Xmx2G -XX:+UseConcMarkSweepGC - -Djetty.httpConfig.requestHeaderSize=32768 - -Dorg.eclipse.jetty.server.Request.maxFormContentSize=500000 - -Dorg.eclipse.jetty.server.Request.maxFormKeys=4000 # For remote debug # -Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=5005 @@ -58,7 +55,7 @@ services: -Dgeonetwork.ESFeaturesProxy.targetUri=http://elasticsearch:9200/gn-features/{_} -Dgeonetwork.HttpDashboardProxy.targetUri=http://kibana:5601 - GEONETWORK_DB_TYPE: postgres-postgis + GEONETWORK_DB_TYPE: postgres GEONETWORK_DB_HOST: database GEONETWORK_DB_PORT: 5432 GEONETWORK_DB_NAME: geonetwork @@ -66,12 +63,11 @@ services: GEONETWORK_DB_PASSWORD: geonetwork database: - image: postgis/postgis:16-3.4 + image: postgis/postgis:17-3.5 environment: POSTGRES_USER: geonetwork POSTGRES_PASSWORD: geonetwork POSTGRES_DB: geonetwork - command: [postgres, -c, log_statement=all, -c, logging_collector=true, -c, log_file_mode=0644, -c, log_directory=/var/log/postgresql, -c, log_filename=postgresql.log] healthcheck: test: [CMD-SHELL, pg_isready -U postgres] interval: 5s @@ -82,7 +78,7 @@ services: - pglog:/var/log/postgresql elasticsearch: - image: elasticsearch:7.17.15 + image: elasticsearch:8.14.3 ports: - 9200:9200 ulimits: @@ -101,11 +97,13 @@ services: environment: ES_JAVA_OPTS: -Xms1G -Xmx1G discovery.type: single-node + xpack.security.enabled: "false" + xpack.security.enrollment.enabled: "false" volumes: - esdata:/usr/share/elasticsearch/data kibana: - image: kibana:7.17.15 + image: kibana:8.14.3 environment: SERVER_NAME: kibana ELASTICSEARCH_URL: http://elasticsearch:9200/ diff --git a/geonetwork/content.md b/geonetwork/content.md index e35547e5651f..981fb5a33e7d 100644 --- a/geonetwork/content.md +++ b/geonetwork/content.md @@ -19,12 +19,12 @@ GeoNetwork 4 uses an Elasticsearch server to store the index of the documents it This is a quick example of how to get GeoNetwork 4.4 Latest up and running for demo purposes. This configuration doesn't keep the data if containers are removed. ```console -docker pull elasticsearch:7.17.15 +docker pull elasticsearch:8.14.3 docker pull %%IMAGE%%:4 docker network create gn-network -docker run -d --name my-es-host --network gn-network -e "discovery.type=single-node" elasticsearch:7.17.15 +docker run -d --name my-es-host --network gn-network -e "discovery.type=single-node" -e "xpack.security.enabled=false" elasticsearch:8.14.3 docker run --name %%REPO%%-host --network gn-network -e GN_CONFIG_PROPERTIES="-Des.host=my-es-host -Des.protocol=http -Des.port=9200 -Des.url=http://my-es-host:9200" -p 8080:8080 %%IMAGE%%:4 ``` @@ -42,6 +42,17 @@ docker run --name %%REPO%%-host --network gn-network -e ES_HOST=my-es-host -e ES To be sure about what Elasticsearch version to use you can check the [GeoNetwork documentation](https://docs.geonetwork-opensource.org/4.4/install-guide/installing-index/) for your GN version or the `es.version` property in the [`pom.xml`](https://github.com/geonetwork/core-geonetwork/blob/main/pom.xml#L1528C17-L1528C24) file of the GeoNetwork release used. +The following table summarises the required Elasticsearch version for each GeoNetwork release series: + +| GeoNetwork version | Elasticsearch version | +|---|---| +| 4.0.0 - 4.0.5 | 7.9.2 | +| 4.0.6 - 4.2.7 | 7.11.1 | +| 4.2.8 - 4.4.2 | 7.17.x | +| 4.4.3 - 4.4.5 | 8.11.3 | +| 4.4.6 - 4.4.9 | 8.14.3 | +| 4.4.10+ | 8.19.13 | + ### Default credentials After installation, use the default credentials: **`admin`** (username) and **`admin`** (password). It is recommended to update the default password after installation. @@ -104,7 +115,7 @@ By default GeoNetwork uses a local **H2 database** for demo use (this one is **n ### Start GeoNetwork -This command will start a debian-based container, running a Tomcat (GN 3) or Jetty (GN 4) web server, with a GeoNetwork WAR deployed on the server: +This command will start a Debian-based container, running a Tomcat web server, with a GeoNetwork WAR deployed on the server. Note: GeoNetwork 4.0.0-4.2.14 and 4.4.0-4.4.9 used Jetty 9 instead of Tomcat. ```console docker run --name some-%%REPO%% -d %%IMAGE%% @@ -124,7 +135,7 @@ Then, if you are running docker on Linux, you may access geonetwork at http://lo The data directory is the location on the file system where the catalog stores much of its custom configuration and uploaded files. It is also where it stores a number of support files, used for various purposes (e.g.: spatial index, thumbnails). The default variant also uses a local H2 database to store the metadata catalog itself. -By default, GeoNetwork sets the data directory on `/opt/geonetwork/WEB-INF/data` and H2 database file to the Jetty dir `/var/lib/jetty/gn.h2.db` (since GN 4.0.0) or Tomcat `/usr/local/tomcat/gn.h2.db` (for GN 3), but you may override these values by injecting environment variables into the container: - `-e DATA_DIR=...` (defaults to `/opt/geonetwork/WEB-INF/data`) and `-e GEONETWORK_DB_NAME=...` (defaults to `gn` which sets up database `gn.h2.db` in tomcat bin dir `/usr/local/tomcat`). Note that setting the database location via `GEONETWORK_DB_NAME` only works from version 3.10.3 onwards. +By default, GeoNetwork sets the data directory on `/opt/geonetwork/WEB-INF/data` and the H2 database file to `/usr/local/tomcat/gn.h2.db` (Tomcat-based images: GN 3, 4.2.15+, and 4.4.10+) or `/var/lib/jetty/gn.h2.db` (Jetty-based images: GN 4.0.0-4.2.14 and 4.4.0-4.4.9), but you may override these values by injecting environment variables into the container: - `-e DATA_DIR=...` (defaults to `/opt/geonetwork/WEB-INF/data`) and `-e GEONETWORK_DB_NAME=...` (defaults to `gn` which sets up database `gn.h2.db` in tomcat bin dir `/usr/local/tomcat`). Note that setting the database location via `GEONETWORK_DB_NAME` only works from version 3.10.3 onwards. Since version 4.4.0 the data directory needs to be configued using Java properties passed in the `GN_CONFIG_PROPERTIES` environment variable. For example: From be2de5acd551c4a9178dc903471f6b9afb27ebdf Mon Sep 17 00:00:00 2001 From: Juan Luis Rodriguez Ponce Date: Thu, 21 May 2026 17:46:19 +0200 Subject: [PATCH 2/5] geonetwork: fix compose healthchecks and postgres image - Use postgres:17 instead of postgis/postgis (multi-arch, no PostGIS needed with GEONETWORK_DB_TYPE=postgres) - Database healthcheck: verify geonetwork db/user exist via psql instead of pg_isready (avoids race with PostgreSQL init restart) - GeoNetwork healthcheck: check actual app endpoint, add start_period - Remove pglog volume (no longer needed) --- geonetwork/compose.yaml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/geonetwork/compose.yaml b/geonetwork/compose.yaml index 6efb38c61cf8..0a3dc5145c44 100644 --- a/geonetwork/compose.yaml +++ b/geonetwork/compose.yaml @@ -9,16 +9,16 @@ volumes: geonetwork: esdata: pgdata: - pglog: services: geonetwork: image: geonetwork:4.4 healthcheck: - test: curl http://localhost:8080/ - interval: 5s - timeout: 5s + test: "curl -f http://localhost:8080/geonetwork/srv/eng/catalog.search || exit 1" + interval: 10s + timeout: 10s retries: 30 + start_period: 60s restart: always volumes: - geonetwork:/catalogue-data @@ -63,19 +63,18 @@ services: GEONETWORK_DB_PASSWORD: geonetwork database: - image: postgis/postgis:17-3.5 + image: postgres:17 environment: POSTGRES_USER: geonetwork POSTGRES_PASSWORD: geonetwork POSTGRES_DB: geonetwork healthcheck: - test: [CMD-SHELL, pg_isready -U postgres] + test: [CMD-SHELL, "psql -U geonetwork -d geonetwork -c 'select 1' > /dev/null 2>&1 || exit 1"] interval: 5s timeout: 5s retries: 5 volumes: - pgdata:/var/lib/postgresql/data - - pglog:/var/log/postgresql elasticsearch: image: elasticsearch:8.14.3 From 813f0dff560a1ea8a86c2564066de2d603bf2dbc Mon Sep 17 00:00:00 2001 From: Juan Luis Rodriguez Ponce Date: Thu, 21 May 2026 17:53:39 +0200 Subject: [PATCH 3/5] geonetwork: fix markdownfmt and ymlfmt formatting Align the Elasticsearch/GeoNetwork version compatibility table in content.md and fix YAML quoting style issues in compose.yaml to satisfy the CI format checks. --- geonetwork/compose.yaml | 8 ++++---- geonetwork/content.md | 14 +++++++------- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/geonetwork/compose.yaml b/geonetwork/compose.yaml index 0a3dc5145c44..f0536f4e898b 100644 --- a/geonetwork/compose.yaml +++ b/geonetwork/compose.yaml @@ -14,7 +14,7 @@ services: geonetwork: image: geonetwork:4.4 healthcheck: - test: "curl -f http://localhost:8080/geonetwork/srv/eng/catalog.search || exit 1" + test: curl -f http://localhost:8080/geonetwork/srv/eng/catalog.search || exit 1 interval: 10s timeout: 10s retries: 30 @@ -69,7 +69,7 @@ services: POSTGRES_PASSWORD: geonetwork POSTGRES_DB: geonetwork healthcheck: - test: [CMD-SHELL, "psql -U geonetwork -d geonetwork -c 'select 1' > /dev/null 2>&1 || exit 1"] + test: [CMD-SHELL, psql -U geonetwork -d geonetwork -c 'select 1' > /dev/null 2>&1 || exit 1] interval: 5s timeout: 5s retries: 5 @@ -96,8 +96,8 @@ services: environment: ES_JAVA_OPTS: -Xms1G -Xmx1G discovery.type: single-node - xpack.security.enabled: "false" - xpack.security.enrollment.enabled: "false" + xpack.security.enabled: 'false' + xpack.security.enrollment.enabled: 'false' volumes: - esdata:/usr/share/elasticsearch/data diff --git a/geonetwork/content.md b/geonetwork/content.md index 981fb5a33e7d..5fb9dc98062a 100644 --- a/geonetwork/content.md +++ b/geonetwork/content.md @@ -45,13 +45,13 @@ To be sure about what Elasticsearch version to use you can check the [GeoNetwork The following table summarises the required Elasticsearch version for each GeoNetwork release series: | GeoNetwork version | Elasticsearch version | -|---|---| -| 4.0.0 - 4.0.5 | 7.9.2 | -| 4.0.6 - 4.2.7 | 7.11.1 | -| 4.2.8 - 4.4.2 | 7.17.x | -| 4.4.3 - 4.4.5 | 8.11.3 | -| 4.4.6 - 4.4.9 | 8.14.3 | -| 4.4.10+ | 8.19.13 | +|--------------------|-----------------------| +| 4.0.0 - 4.0.5 | 7.9.2 | +| 4.0.6 - 4.2.7 | 7.11.1 | +| 4.2.8 - 4.4.2 | 7.17.x | +| 4.4.3 - 4.4.5 | 8.11.3 | +| 4.4.6 - 4.4.9 | 8.14.3 | +| 4.4.10+ | 8.19.13 | ### Default credentials From 82939dcf921e2149bc8e457fabe753c5e63887ca Mon Sep 17 00:00:00 2001 From: Juan Luis Rodriguez Ponce Date: Thu, 21 May 2026 18:23:23 +0200 Subject: [PATCH 4/5] geonetwork: update docs for 4.4.10 and 4.2.15 releases - Bump Elasticsearch and Kibana versions to 8.19.13 in compose.yaml and the quick-start example in content.md - Add REMOTE_IP_INTERNAL_PROXIES env var (new in both 4.4.10 and 4.2.15 with the Jetty-to-Tomcat migration) - Add WEBAPP_CONTEXT_PATH env var for 4.4.x images - Fix ES_INDEX_RECORDS / es.index.records default value: gn-records (hyphen), not gn_records (underscore) --- geonetwork/compose.yaml | 4 ++-- geonetwork/content.md | 14 ++++++++++---- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/geonetwork/compose.yaml b/geonetwork/compose.yaml index f0536f4e898b..c1c751b1b206 100644 --- a/geonetwork/compose.yaml +++ b/geonetwork/compose.yaml @@ -77,7 +77,7 @@ services: - pgdata:/var/lib/postgresql/data elasticsearch: - image: elasticsearch:8.14.3 + image: elasticsearch:8.19.13 ports: - 9200:9200 ulimits: @@ -102,7 +102,7 @@ services: - esdata:/usr/share/elasticsearch/data kibana: - image: kibana:8.14.3 + image: kibana:8.19.13 environment: SERVER_NAME: kibana ELASTICSEARCH_URL: http://elasticsearch:9200/ diff --git a/geonetwork/content.md b/geonetwork/content.md index 5fb9dc98062a..c03d4232d17e 100644 --- a/geonetwork/content.md +++ b/geonetwork/content.md @@ -19,12 +19,12 @@ GeoNetwork 4 uses an Elasticsearch server to store the index of the documents it This is a quick example of how to get GeoNetwork 4.4 Latest up and running for demo purposes. This configuration doesn't keep the data if containers are removed. ```console -docker pull elasticsearch:8.14.3 +docker pull elasticsearch:8.19.13 docker pull %%IMAGE%%:4 docker network create gn-network -docker run -d --name my-es-host --network gn-network -e "discovery.type=single-node" -e "xpack.security.enabled=false" elasticsearch:8.14.3 +docker run -d --name my-es-host --network gn-network -e "discovery.type=single-node" -e "xpack.security.enabled=false" elasticsearch:8.19.13 docker run --name %%REPO%%-host --network gn-network -e GN_CONFIG_PROPERTIES="-Des.host=my-es-host -Des.protocol=http -Des.port=9200 -Des.url=http://my-es-host:9200" -p 8080:8080 %%IMAGE%%:4 ``` @@ -67,11 +67,16 @@ Since GeoNetwork 4.4.0, use Java properties passed in the `GN_CONFIG_PROPERTIES` - `es.port` *optional* (default `9200`): The port where Elasticsearch server is listening to. - `es.protocol` *optional* (default `http`): The protocol used to talk to Elasticsearch. Can be `http` or `https`. - `es.url`: **mandatory if host, port or protocol aren't the default values** (default `http://localhost:9200`): Full URL of the Elasticsearch server. -- `es.index.records` *optional* (default `gn_records`): In case you have more than GeoNetwork instance using the same Elasticsearch cluster each one needs to use a different index name. Use this variable to define the name of the index used by each GeoNetwork. +- `es.index.records` *optional* (default `gn-records`): In case you have more than GeoNetwork instance using the same Elasticsearch cluster each one needs to use a different index name. Use this variable to define the name of the index used by each GeoNetwork. - `es.username` *optional* (default empty): username used to connect to Elasticsearch. - `es.password` *optional* (default empty): password used to connect to Elasticsearch. - `kb.url` *optional* (default `http://localhost:5601`): The URL where Kibana is listening. +The following environment variables are also available for 4.4.x images: + +- `WEBAPP_CONTEXT_PATH` *optional* (default `/geonetwork`): The context path used to deploy GeoNetwork. +- `REMOTE_IP_INTERNAL_PROXIES` *optional* (since 4.4.10): Regular expression matching IP addresses of trusted reverse proxies. Enables `X-Forwarded-For` header processing for correct client IP detection behind a proxy. When not set, the RemoteIp Valve is disabled. Example: `192\.168\.0\.10|192\.168\.0\.11`. + Example Docker Compose YAML snippet: ```yaml @@ -96,10 +101,11 @@ For versions older than 4.4.0, configure Elasticsearch using environment variabl - `ES_HOST` **mandatory**: The host name of the Elasticsearch server. - `ES_PORT` *optional* (default `9200`): The port where Elasticsearch server is listening to. - `ES_PROTOCOL` *optional* (default `http`): The protocol used to talk to Elasticsearch. Can be `http` or `https`. -- `ES_INDEX_RECORDS` *optional* (default `gn_records`): In case you have more than GeoNetwork instance using the same Elasticsearch cluster each one needs to use a different index name. Use this variable to define the name of the index used by each GeoNetwork. +- `ES_INDEX_RECORDS` *optional* (default `gn-records`): In case you have more than GeoNetwork instance using the same Elasticsearch cluster each one needs to use a different index name. Use this variable to define the name of the index used by each GeoNetwork. - `ES_USERNAME` *optional* (default empty): username used to connect to Elasticsearch. - `ES_PASSWORD` *optional* (default empty): password used to connect to Elasticsearch. - `KB_URL` *Optional* (default `http://localhost:5601`): The URL where Kibana is listening. +- `REMOTE_IP_INTERNAL_PROXIES` *optional* (since 4.2.15): Regular expression matching IP addresses of trusted reverse proxies. Enables `X-Forwarded-For` header processing for correct client IP detection behind a proxy. When not set, the RemoteIp Valve is disabled. Example: `192\.168\.0\.10|192\.168\.0\.11`. ### Database configuration From dc9f83ae0db857dfb060536298783ae1c286f58e Mon Sep 17 00:00:00 2001 From: Juan Luis Rodriguez Ponce Date: Thu, 21 May 2026 18:25:02 +0200 Subject: [PATCH 5/5] geonetwork: warn about root user in Tomcat-based images Tomcat-based images (GN 3, 4.2.15+, 4.4.10+) run as root, while the previous Jetty-based images ran as the jetty user. Add a file permissions section warning users upgrading from Jetty-based images that they may need to update ownership of existing mounted volumes. --- geonetwork/content.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/geonetwork/content.md b/geonetwork/content.md index c03d4232d17e..79f83fb7722f 100644 --- a/geonetwork/content.md +++ b/geonetwork/content.md @@ -137,6 +137,14 @@ docker run --name some-%%REPO%% -d -p 8080:8080 %%IMAGE%% Then, if you are running docker on Linux, you may access geonetwork at http://localhost:8080/geonetwork. +### File permissions + +The Tomcat-based images (GN 3, 4.2.15+, and 4.4.10+) run as `root`, whereas the previous Jetty-based images (GN 4.0.0-4.2.14 and 4.4.0-4.4.9) ran as the `jetty` user. If you are **upgrading from a Jetty-based image** and mounting a host directory or named volume for the data directory, you may need to update the ownership of existing data to avoid permission errors: + +```console +docker run --rm -v /host/%%REPO%%-docker:/catalogue-data busybox chown -R root:root /catalogue-data +``` + ### Set the data directory and H2 db file The data directory is the location on the file system where the catalog stores much of its custom configuration and uploaded files. It is also where it stores a number of support files, used for various purposes (e.g.: spatial index, thumbnails). The default variant also uses a local H2 database to store the metadata catalog itself.