Geoserver trouble with admin password

[rumski20]

What is the bug or the crash?

I am attempting to re-build Geoserver using this docker recipe. Previously I had been using the tag 2.17.2. When I change the tag to the latest version (2.22.2) and rebuild this container

docker-compose up --no-deps --build -d geoserver

It doesn't seem to start up properly. docker-compose ps reports it as up, but the Apache reverse proxy I haven't in front returns a 503 error. And hitting it locally from within the container

curl http://localhost:8080/geoserver/

returns

curl: (7) Failed to connect to localhost port 8080: Connection refused

The container logs seem to be cut-short as well:

geoserver_1  |  _  __          _                  ____             _            
geoserver_1  | | |/ /__ _ _ __| |_ ___ ______ _  |  _ \  ___   ___| | _____ _ __
geoserver_1  | | ' // _` | '__| __/ _ \_  / _` | | | | |/ _ \ / __| |/ / _ \ '__|
geoserver_1  | | . \ (_| | |  | || (_) / / (_| | | |_| | (_) | (__|   <  __/ |  
geoserver_1  | |_|\_\__,_|_|   \__\___/___\__,_| |____/ \___/ \___|_|\_\___|_|  
geoserver_1  |                                                                  
geoserver_1  |   ____           ____
geoserver_1  |  / ___| ___  ___/ ___|  ___ _ ____   _____ _ __
geoserver_1  | | |  _ / _ \/ _ \___ \ / _ \ '__\ \ / / _ \ '__|
geoserver_1  | | |_| |  __/ (_) |__) |  __/ |   \ V /  __/ |
geoserver_1  |  \____|\___|\___/____/ \___|_|    \_/ \___|_|
geoserver_1  |
geoserver_1  | [Entrypoint] GENERATED tomcat  PASSWORD:  wNY1lf1JMS5zV87lgw
geoserver_1  | /scripts/entrypoint.sh:41 0: CLUSTER_CONFIG_DIR=/opt/geoserver/data_dir/cluster/instance_08012929c2dd
geoserver_1  | /scripts/entrypoint.sh:42 0: MONITOR_AUDIT_PATH=/opt/geoserver/data_dir/monitoring/monitor_08012929c2dd

Any advice you have for debugging this or getting to the root cause would be much appreciated. Thank you for this docker recipe.

Steps to reproduce the issue

Build container using latest version within docker-compose arrangement.

Versions

Latest (2.22.2)

Additional context

No response

[NyakudyaA]

You should be building the image using

docker-compose -f docker-compose-build.yml up -d geoserver-prod --build

[rumski20]

Thank you for your suggestion. The container eventually started (I think I was just being impatient with Geoserver). Now, I'm having issues with logging in. (Maybe I should just start a separate issue....) I have a variable assigned to GEOSERVER_ADMIN_PASSWORD in my environment file (used via docker-compose --env-file my_env_file.env). Will this work as is? Or do I need something like this in my docker-compose.yml for these variables to be used by the container?

....
    environment:
      - GEOSERVER_ADMIN_PASSWORD=${GEOSERVER_ADMIN_PASSWORD}
....

[rumski20]

If I run docker-compose --env-file my_env_file.env config it spits out the password (under environment:) I set for GEOSERVER_ADMIN_PASSWORD. So I'm not sure what is at issue here.

[NyakudyaA]

are you not able to login with the password ?, if you pass an env variable that should not be visible in the logs

[rumski20]

I still can't log in. I tried changing the password in my .env file and rebuilding, following the instructions here: https://github.com/kartoza/docker-geoserver#changing-geoserver-password-and-username That didn't help.

Would it help if I posted the log output here?

[NyakudyaA]

Yes, share the logs and possibly a gif showing the problem.

[rumski20]

Here is the log file. You can see at the bottom, my failed login attempts.

geoserver_1  |  _  __          _                  ____             _            
geoserver_1  | | |/ /__ _ _ __| |_ ___ ______ _  |  _ \  ___   ___| | _____ _ __
geoserver_1  | | ' // _` | '__| __/ _ \_  / _` | | | | |/ _ \ / __| |/ / _ \ '__|
geoserver_1  | | . \ (_| | |  | || (_) / / (_| | | |_| | (_) | (__|   <  __/ |  
geoserver_1  | |_|\_\__,_|_|   \__\___/___\__,_| |____/ \___/ \___|_|\_\___|_|  
geoserver_1  |                                                                  
geoserver_1  |   ____           ____
geoserver_1  |  / ___| ___  ___/ ___|  ___ _ ____   _____ _ __
geoserver_1  | | |  _ / _ \/ _ \___ \ / _ \ '__\ \ / / _ \ '__|
geoserver_1  | | |_| |  __/ (_) |__) |  __/ |   \ V /  __/ |
geoserver_1  |  \____|\___|\___/____/ \___|_|    \_/ \___|_|
geoserver_1  |
geoserver_1  | [Entrypoint] GENERATED tomcat  PASSWORD:  OXLce5BFmRhliI895I
geoserver_1  | /scripts/entrypoint.sh:41 0: CLUSTER_CONFIG_DIR=/opt/geoserver/data_dir/cluster/instance_b4cab501d56c
geoserver_1  | /scripts/entrypoint.sh:42 0: MONITOR_AUDIT_PATH=/opt/geoserver/data_dir/monitoring/monitor_b4cab501d56c
geoserver_1  | NOTE: Picked up JDK_JAVA_OPTIONS:  --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
geoserver_1  | [0.061s][warning][gc,ergo] -XX:NewSize and -XX:MaxNewSize override -XX:NewRatio
geoserver_1  | 17-Mar-2023 18:14:19.488 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/9.0.71
geoserver_1  | 17-Mar-2023 18:14:19.492 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Jan 9 2023 22:33:01 UTC
geoserver_1  | 17-Mar-2023 18:14:19.492 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 9.0.71.0
geoserver_1  | 17-Mar-2023 18:14:19.492 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.19.0-21-amd64
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /opt/java/openjdk
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           11.0.18+10
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Eclipse Adoptium
geoserver_1  | 17-Mar-2023 18:14:19.493 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /usr/local/tomcat
geoserver_1  | 17-Mar-2023 18:14:19.494 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /usr/local/tomcat
geoserver_1  | 17-Mar-2023 18:14:19.521 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
geoserver_1  | 17-Mar-2023 18:14:19.521 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
geoserver_1  | 17-Mar-2023 18:14:19.522 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
geoserver_1  | 17-Mar-2023 18:14:19.522 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
geoserver_1  | 17-Mar-2023 18:14:19.522 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
geoserver_1  | 17-Mar-2023 18:14:19.522 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/usr/local/tomcat/conf/logging.properties
geoserver_1  | 17-Mar-2023 18:14:19.522 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
geoserver_1  | 17-Mar-2023 18:14:19.523 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.awt.headless=true
geoserver_1  | 17-Mar-2023 18:14:19.523 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xms2G
geoserver_1  | 17-Mar-2023 18:14:19.523 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Xmx4G
geoserver_1  | 17-Mar-2023 18:14:19.523 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:PerfDataSamplingInterval=500
geoserver_1  | 17-Mar-2023 18:14:19.523 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.geotools.referencing.forceXY=true
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:SoftRefLRUPolicyMSPerMB=36000
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:NewRatio=2
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+UseG1GC
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:MaxGCPauseMillis=200
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:ParallelGCThreads=20
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:ConcGCThreads=5
geoserver_1  | 17-Mar-2023 18:14:19.524 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:InitiatingHeapOccupancyPercent=45
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:+CMSClassUnloadingEnabled
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djts.overlay=ng
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dfile.encoding=UTF8
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Duser.timezone=GMT
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Duser.language=en_US:en
geoserver_1  | 17-Mar-2023 18:14:19.525 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Duser.region=US
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Duser.country=US
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DENABLE_JSONP=true
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DMAX_FILTER_RULES=20
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DOPTIMIZE_LINE_WIDTH=false
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DALLOW_ENV_PARAMETRIZATION=false
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.servlet.request.encoding=UTF-8
geoserver_1  | 17-Mar-2023 18:14:19.526 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djavax.servlet.response.encoding=UTF-8
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DCLUSTER_CONFIG_DIR=/opt/geoserver/data_dir/cluster/instance_b4cab501d56c
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DGEOSERVER_DATA_DIR=/opt/geoserver/data_dir
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DGEOSERVER_FILEBROWSER_HIDEFS=false
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DGEOSERVER_AUDIT_PATH=/opt/geoserver/data_dir/monitoring/monitor_b4cab501d56c
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.geotools.shapefile.datetime=true
geoserver_1  | 17-Mar-2023 18:14:19.527 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.geotools.localDateTimeHandling=true
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dsun.java2d.renderer.useThreadLocal=false
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dsun.java2d.renderer.pixelsize=8192
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:NewSize=300m
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dlog4j.configuration=/usr/local/tomcat/log4j.properties
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: --patch-module=java.desktop=/usr/local/tomcat/marlin-render.jar
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dsun.java2d.renderer=org.marlin.pisces.PiscesRenderingEngine
geoserver_1  | 17-Mar-2023 18:14:19.528 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dgeoserver.login.autocomplete=on
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DUPDATE_BUILT_IN_LOGGING_PROFILES=false
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DRELINQUISH_LOG4J_CONTROL=false
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DGEOSERVER_CONSOLE_DISABLED=false
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -DGEOSERVER_CSRF_WHITELIST=
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dgeoserver.xframe.shouldSetPolicy=true
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
geoserver_1  | 17-Mar-2023 18:14:19.529 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
geoserver_1  | 17-Mar-2023 18:14:19.530 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK=0027
geoserver_1  | 17-Mar-2023 18:14:19.530 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
geoserver_1  | 17-Mar-2023 18:14:19.530 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/usr/local/tomcat
geoserver_1  | 17-Mar-2023 18:14:19.530 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/usr/local/tomcat
geoserver_1  | 17-Mar-2023 18:14:19.530 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/usr/local/tomcat/temp
geoserver_1  | 17-Mar-2023 18:14:19.570 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent Loaded Apache Tomcat Native library [1.2.35] using APR version [1.6.5].
geoserver_1  | 17-Mar-2023 18:14:19.570 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
geoserver_1  | 17-Mar-2023 18:14:19.570 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
geoserver_1  | 17-Mar-2023 18:14:19.595 INFO [main] org.apache.catalina.core.AprLifecycleListener.initializeSSL OpenSSL successfully initialized [OpenSSL 1.1.1f  31 Mar 2020]
geoserver_1  | 17-Mar-2023 18:14:19.954 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
geoserver_1  | 17-Mar-2023 18:14:19.995 INFO [main] org.apache.catalina.startup.Catalina.load Server initialization in [807] milliseconds
geoserver_1  | 17-Mar-2023 18:14:20.098 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
geoserver_1  | 17-Mar-2023 18:14:20.099 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/9.0.71]
geoserver_1  | 17-Mar-2023 18:14:20.108 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/docs]
geoserver_1  | 17-Mar-2023 18:14:20.566 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/docs] has finished in [457] ms
geoserver_1  | 17-Mar-2023 18:14:20.566 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/examples]
geoserver_1  | 17-Mar-2023 18:14:20.817 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/examples] has finished in [251] ms
geoserver_1  | 17-Mar-2023 18:14:20.817 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/host-manager]
geoserver_1  | 17-Mar-2023 18:14:20.839 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/host-manager] has finished in [22] ms
geoserver_1  | 17-Mar-2023 18:14:20.839 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/ROOT]
geoserver_1  | 17-Mar-2023 18:14:20.853 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/ROOT] has finished in [14] ms
geoserver_1  | 17-Mar-2023 18:14:20.853 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/geoserver]
geoserver_1  | 17-Mar-2023 18:14:31.160 INFO [main] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time.
geoserver_1  | CONFIG 2023-03-17 18:14:32,185 [main][Log4J2Logger.java:215] : Logging policy: Log4J2
geoserver_1  | CONFIG 2023-03-17 18:14:32,374 [main][Log4J2Logger.java:189] : Factory implementations for category GridCoverageFactory:
geoserver_1  |   org.geotools.coverage.grid.GridCoverageFactory
geoserver_1  | 17-Mar-2023 18:14:32.837 INFO [main] it.geosolutions.imageio.gdalframework.GDALUtilities.loadGDAL GDAL Native Library loaded (version: 3.0.4)
geoserver_1  | 17-Mar-2023 18:14:32.899 INFO [main] it.geosolutions.imageio.plugins.turbojpeg.TurboJpegUtilities.load TurboJPEG library loaded (turbojpeg)
geoserver_1  | CONFIG 2023-03-17 18:14:33,008 [main][Log4J2Logger.java:189] : Factory implementations for category FilterFactory:
geoserver_1  |   org.geotools.filter.FilterFactoryImpl
geoserver_1  | CONFIG 2023-03-17 18:14:33,051 [main][Log4J2Logger.java:189] : Factory implementations for category StyleFactory:
geoserver_1  |   org.geotools.styling.StyleFactoryImpl
geoserver_1  | CONFIG 2023-03-17 18:14:33,058 [main][Log4J2Logger.java:189] : Factory implementations for category FeatureFactory:
geoserver_1  |   org.geotools.feature.LenientFeatureFactoryImpl
geoserver_1  |   org.geotools.feature.ValidatingFeatureFactoryImpl
geoserver_1  | DEBUG 2023-03-17 18:14:33,400 [main][Log4J2Logger.java:220] : Extension lookup 'XStreamPersisterInitializer', prior to bean geoserverExtensions initialisation.
geoserver_1  | DEBUG 2023-03-17 18:14:33,401 [main][Log4J2Logger.java:220] : Extension lookup 'ExtensionFilter', prior to bean geoserverExtensions initialisation.
geoserver_1  | DEBUG 2023-03-17 18:14:33,402 [main][Log4J2Logger.java:220] : Extension lookup 'ExtensionProvider', but provided ApplicationContext is unset.
geoserver_1  | DEBUG 2023-03-17 18:14:33,403 [main][Log4J2Logger.java:220] : Extension lookup 'ExtensionFilter', but provided ApplicationContext is unset.
geoserver_1  | DEBUG 2023-03-17 18:14:33,427 [main][Log4J2Logger.java:220] : CONFIGURING GEOSERVER LOGGING -------------------------
geoserver_1  | 17 Mar 18:14:38 WARN   [gce.imagemosaic] - Unable to set ordering between tiff readers spi
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_countids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_area
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_lengthids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/elevation_profile
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_returnids_ids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_mean
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_lengthids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areaids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_countids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areapct_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areapctids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_length
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_medianids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_area_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_returnids_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_meanids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areaids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areapctids
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_length_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_areapct
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_median
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_count_fast
geoserver_1  | 17 Mar 18:14:39 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis/summary_xbyy_count
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_countids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_area
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_lengthids_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_returnids_ids_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_mean
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_lengthids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areaids_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areapct_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areapctids_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_length
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_area_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_returnids_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_meanids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areaids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areapctids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_medianids
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_length_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_areapct
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_median
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_count_fast
geoserver_1  | 17 Mar 18:14:40 WARN   [org.geoserver] - Ignoring feature type directory workspaces/nra/nra-postgis-read-only/summary_xbyy_count
geoserver_1  | 17 Mar 18:14:45 WARN   [turbojpeg.TurboJPEGMapResponse] - The turbo jpeg encoder is available for usage
geoserver_1  | 17 Mar 18:14:50 ERROR  [geoserver.gwc] -
geoserver_1  | java.io.IOException: Failed to move /opt/geoserver/data_dir/gwc/geowebcache-diskquota-jdbc.xml.2b7f295a-4445-47f9-8bcd-c7be1bc72a68.tmp to /opt/geoserver/data_dir/gwc/geowebcache-diskquota-jdbc.xml
geoserver_1  |  at org.geoserver.platform.resource.Files.move(Files.java:475)
geoserver_1  |  at org.geoserver.platform.resource.Files$ResourceAdaptor$1.close(Files.java:122)
geoserver_1  |  at org.geoserver.gwc.JDBCConfigurationStorage.handlePostChanged(JDBCConfigurationStorage.java:149)
geoserver_1  |  at org.geoserver.security.GeoServerSecurityManager.fireChanged(GeoServerSecurityManager.java:1848)
geoserver_1  |  at org.geoserver.security.GeoServerSecurityManager.init(GeoServerSecurityManager.java:570)
geoserver_1  |  at org.geoserver.security.GeoServerSecurityManager.reload(GeoServerSecurityManager.java:425)
geoserver_1  |  at org.geoserver.security.GeoServerSecurityManager.onApplicationEvent(GeoServerSecurityManager.java:365)
geoserver_1  |  at org.springframework.context.event.SimpleApplicationEventMulticaster.doInvokeListener(SimpleApplicationEventMulticaster.java:172)
geoserver_1  |  at org.springframework.context.event.SimpleApplicationEventMulticaster.invokeListener(SimpleApplicationEventMulticaster.java:165)
geoserver_1  |  at org.springframework.context.event.SimpleApplicationEventMulticaster.multicastEvent(SimpleApplicationEventMulticaster.java:139)
geoserver_1  |  at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:404)
geoserver_1  |  at org.springframework.context.support.AbstractApplicationContext.publishEvent(AbstractApplicationContext.java:361)
geoserver_1  |  at org.geoserver.platform.GeoServerContextLoaderListener.contextInitialized(GeoServerContextLoaderListener.java:25)
geoserver_1  |  at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4764)
geoserver_1  |  at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5222)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
geoserver_1  |  at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:726)
geoserver_1  |  at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:698)
geoserver_1  |  at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:696)
geoserver_1  |  at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1184)
geoserver_1  |  at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1932)
geoserver_1  |  at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
geoserver_1  |  at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
geoserver_1  |  at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
geoserver_1  |  at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:118)
geoserver_1  |  at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:1094)
geoserver_1  |  at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:476)
geoserver_1  |  at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1617)
geoserver_1  |  at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:318)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.setStateInternal(LifecycleBase.java:423)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.setState(LifecycleBase.java:366)
geoserver_1  |  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:943)
geoserver_1  |  at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:835)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
geoserver_1  |  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1393)
geoserver_1  |  at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1383)
geoserver_1  |  at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
geoserver_1  |  at org.apache.tomcat.util.threads.InlineExecutorService.execute(InlineExecutorService.java:75)
geoserver_1  |  at java.base/java.util.concurrent.AbstractExecutorService.submit(AbstractExecutorService.java:140)
geoserver_1  |  at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)
geoserver_1  |  at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:265)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
geoserver_1  |  at org.apache.catalina.core.StandardService.startInternal(StandardService.java:430)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
geoserver_1  |  at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:930)
geoserver_1  |  at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
geoserver_1  |  at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
geoserver_1  |  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
geoserver_1  |  at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
geoserver_1  |  at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
geoserver_1  |  at java.base/java.lang.reflect.Method.invoke(Method.java:566)
geoserver_1  |  at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:347)
geoserver_1  |  at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:478)
geoserver_1  | 17-Mar-2023 18:14:50.866 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/geoserver] has finished in [30,012] ms
geoserver_1  | 17-Mar-2023 18:14:50.866 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deploying web application directory [/usr/local/tomcat/webapps/manager]
geoserver_1  | 17-Mar-2023 18:14:50.886 INFO [main] org.apache.catalina.startup.HostConfig.deployDirectory Deployment of web application directory [/usr/local/tomcat/webapps/manager] has finished in [20] ms
geoserver_1  | 17-Mar-2023 18:14:50.892 INFO [main] org.apache.coyote.AbstractProtocol.start Starting ProtocolHandler ["http-nio-8080"]
geoserver_1  | 17-Mar-2023 18:14:50.927 INFO [main] org.apache.catalina.startup.Catalina.start Server startup in [30931] milliseconds
geoserver_1  | 17 Mar 18:16:38 WARN   [geoserver.security] - Failed login, user admin from 172.23.0.2, forwarded for 10.21.12.211
geoserver_1  | 17 Mar 18:17:36 WARN   [geoserver.security] - Failed login, user admin from 172.23.0.2, forwarded for 10.21.12.211
geoserver_1  | 17 Mar 19:47:22 WARN   [geoserver.security] - Failed login, user admin from 172.23.0.2, forwarded for 10.21.12.211
geoserver_1  | 17 Mar 20:18:51 WARN   [geoserver.security] - Failed login, user admin from 172.23.0.2, forwarded for 10.21.12.211

[rumski20]

And here is a gif of the failed login:

[rumski20]

I've tried everything I can think of. I've tried the password set as GEOSERVER_ADMIN_PASSWORD in my .env file. I've tried using the default myawesomegeoserver password.

Is there a reason the GEOSERVER_ADMIN_PASSWORD isn't taking? Are there certain conditions that need to be in place (eg. variables sent in the .env file) in order for this password to be used by Geoserver?

[NyakudyaA]

Can you please share the command and the env file with some random values for me to test this

[kristofj-umd]

Thank you for your offer. The Geoserver container is part of a larger configuration of containers such as Apache for a web server, your postgis for data storage and analysis, a postgres backend for Geowebcache management, a python container for an API, and a python container for load testing, all strung together in a docker-compose file. I'm not sure I could strip it down for you, but I will try.

In the meantime, could you help me understand how the GEOSERVER_ADMIN_PASSWORD is set in the Geoserver container when I run something like docker-compose up?

I see in this section on upgrading image to use a specific version that I should have EXISTING_DATA_DIR set to any value if I don't want my passwords updated. The first time I rebuilt the container, I did not have this set. Since that first time, I have tried rebuilding the container with it set or not set and I can't login either way.

I also see in this section on changing Geoserver password and username that:

The username and password are reinitialized each time the container starts.

But that to set a new password I:

will need to mount the volume settings:/settings so that the lock-files generated by the update_password.sh are persistent during initialization.

I look at the logs after each attempt, and I am fairly certain that I have never seen any of the echo statements print out from update_password.sh. Is this enough confirmation that it is in fact not being run?

Also, as I mentioned above, I am upgrading from a previous version (2.17.2) and have an existing data directory. I obviously want this to persist whilst I upgrade the Geoserver container version. But could there be some configuration in there that is causing this chaos?

My situation right now is that no password seems to work for me. So, how do I set a GEOSERVER_ADMIN_PASSWORD that will work? In other words, do I need EXISTING_DATA_DIR? Do I need settings:/settings? Do I need to delete something from my existing GEOSERVER_DATA_DIR?

[NyakudyaA]

I am sure how the setup is not working on your side. Here is a simple demo of how this works properly on my side.

[NyakudyaA]

As a last restore please try to use the env variable USE_DEFAULT_CREDENTIALS=true; should be useful in the latest image. This will override the password env and allow you to login with credentials admin and geoserver

[kristofj-umd]

As a last restore please try to use the env variable USE_DEFAULT_CREDENTIALS=true; should be useful in the latest image. This will override the password env and allow you to login with credentials admin and geoserver

Thanks. I will give this a try.

[kristofj-umd]

The demo is helpful to see. I have never doubted that a fresh pull and build works as expected. Unfortunately, I am trying to do a version upgrade on an existing instance, which is a little different...

[rumski20]

Sorry for the confusion, @kristofj-umd is another account that I have.

[ggsggs]

@rumski20, @kristofj-umd Have you checked that in your existing GEOSERVER_DATA_DIR directory there isn't a .updatepassword.lock file?

If there is, the update_passwords.sh script will exit prematurely.

SETUP_LOCKFILE="${GEOSERVER_DATA_DIR}/.updatepassword.lock"
if [ -f "${SETUP_LOCKFILE}" ]; then
    exit 0

try stopping the geoserver instance, delete the file, and restarting it with the ADMIN environment variables.

[rumski20]

Thanks for the suggestion, @ggsggs. I tried it but I think I'm taking some steps backwards here. Now I can't even get the default page to load to attempt a login. 😞 There are no issues in the logs.

I had tried building the image locally and using that. I think I'll go back to pulling the image from docker hub.

[NyakudyaA]

@rumski20 Maybe we could have a quick meeting to resolve this as I can give you pointers and if you need any other support after we could assist at https://kartoza.com/product/support

[rumski20]

@NyakudyaA , thanks for your offer. I would be happy to meet with you about this. Let me know how we could make that happen.

I turned the Geoserver logging up to verbose and, accordingly, it spits out a much bigger log file while it starts up. I wonder if it may be of any use. Note that I've trimmed off the end of the file because the polling statements just continue for another 10,000 lines. geoserver_29032023_trimmed.log

[rumski20]

I tried running the health check curl command:

curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null -u ${GEOSERVER_ADMIN_USER}:'${GEOSERVER_ADMIN_PASSWORD}' http://localhost:8080/geoserver/rest/about/version.xml

locally on the container and it returned 401 authentication errors.

Now I am trying to build and run the container using this suggestion. It is taking a while to debug this because I have so many existing layers, styles, and geowebcache data (over 500 layers).

[rumski20]

The site still won't show up on the webserver that should be serving it (eg. http://some-domain/geoserver/web) but if I run this command: edit: this command is run from bash within the container

curl -vv -u 'admin:geoserver' http://localhost:8080/geoserver/rest/about/version.xml

It seems to connect. Here's the output:

*   Trying 127.0.0.1:8080...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8080 (#0)
* Server auth using Basic with user 'admin'
> GET /geoserver/rest/about/version.xml HTTP/1.1
> Host: localhost:8080
> Authorization: Basic YWRtaW46Z2Vvc2VydmVy
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200
< X-Frame-Options: SAMEORIGIN
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Access-Control-Allow-Origin,Access-Control-Allow-Credentials
< Content-Type: application/xml
< Transfer-Encoding: chunked
< Date: Wed, 29 Mar 2023 23:00:21 GMT
<
<about>
  <resource name="GeoServer">
    <Build-Timestamp>17-Feb-2023 17:46</Build-Timestamp>
    <Version>2.22.2</Version>
    <Git-Revision>78e7383a361356dabfc16b992ebcb0d9e623b831</Git-Revision>
  </resource>
  <resource name="GeoTools">
    <Build-Timestamp>17-Feb-2023 16:44</Build-Timestamp>
    <Version>28.2</Version>
    <Git-Revision>558cedba96f8d4c593a362982ce55b7a9e6942dc</Git-Revision>
  </resource>
  <resource name="GeoWebCache">
    <Version>1.22.1</Version>
    <Git-Revision>1.22.x/b01a7c3999377584b38466ade2f378bf744fb7d0</Git-Revision>
  </resource>
* Connection #0 to host localhost left intact

Note that I couldn't use the user and password set in the env variables as in this command:

 curl -vv -u ${GEOSERVER_ADMIN_USER}:'${GEOSERVER_ADMIN_PASSWORD}' http://localhost:8080/geoserver/rest/about/version.xml

[NyakudyaA]

@rumski20 send me an email

[rumski20]

@rumski20 send me an email

Sure. What's your e-mail? I'm at rumski20@msn.com if you want to contact me.

[rumski20]

Okay, some progress, but I'm still not there.

I fixed the issue with the site not coming up at all. For some reason the Apache web proxy container needed its config slightly tweaked. So now I can try logging in again.

I created a container with

USE_DEFAULT_CREDENTIALS=true
GEOSERVER_ADMIN_USER=admin
GEOSERVER_ADMIN_PASSWORD=geoserver

and I was able to login. However, the link to change the admin and master passwords from the web interface didn't work. Possibly related to this issue: https://stackoverflow.com/questions/66526411/geoserver-advice-please-http-status-400-bad-request So I found the section in the docs regarding the proxy url (https://github.com/kartoza/docker-geoserver#proxy-base-url) and I added these settings

HTTP_PROXY_NAME=nrri-atlas2.d.umn.edu
HTTP_SCHEME=https

I changed the GEOSERVER_ADMIN_PASSWORD to something more secure and started up the container again. But now I'm back to not being able to login.

I found this in the logs after that failed attempt if it helps:

30 Mar 18:28:18 WARN   [geoserver.security] - Failed login, user admin from 172.19.0.6, forwarded for 10.140.192.223
30 Mar 18:28:18 INFO   [geoserver.security] - Brute force attack prevention, delaying login for 3245ms
30 Mar 18:28:21 DEBUG  [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Authentication request failed: org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
org.springframework.security.authentication.ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:232)
    at org.geoserver.security.GeoServerSecurityManager$1.authenticate(GeoServerSecurityManager.java:314)
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:212)
    at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
    at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
    at org.geoserver.security.filter.GeoServerUserNamePasswordAuthenticationFilter.doFilter(GeoServerUserNamePasswordAuthenticationFilter.java:122)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:71)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
    at org.geoserver.security.filter.GeoServerSecurityContextPersistenceFilter$1.doFilter(GeoServerSecurityContextPersistenceFilter.java:52)
    at org.geoserver.security.filter.GeoServerCompositeFilter$NestedFilterChain.doFilter(GeoServerCompositeFilter.java:75)
    at org.geoserver.security.filter.GeoServerCompositeFilter.doFilter(GeoServerCompositeFilter.java:92)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
    at org.geoserver.security.GeoServerSecurityFilterChainProxy.doFilter(GeoServerSecurityFilterChainProxy.java:142)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:358)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:271)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.geoserver.filters.XFrameOptionsFilter.doFilter(XFrameOptionsFilter.java:77)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.geoserver.filters.GZIPFilter.doFilter(GZIPFilter.java:48)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.geoserver.filters.SessionDebugFilter.doFilter(SessionDebugFilter.java:49)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.geoserver.filters.FlushSafeFilter.doFilter(FlushSafeFilter.java:42)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:189)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:162)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:177)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:97)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:135)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:687)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:78)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:360)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:399)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:891)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1784)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)
    at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.base/java.lang.Thread.run(Thread.java:829)
30 Mar 18:28:21 DEBUG  [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Updated SecurityContextHolder to contain null Authentication
30 Mar 18:28:21 DEBUG  [filter.GeoServerUserNamePasswordAuthenticationFilter$1] - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@493bc0aa
30 Mar 18:28:21 DEBUG  [rememberme.GeoServerTokenBasedRememberMeServices] - Interactive login attempt was unsuccessful.
30 Mar 18:28:21 DEBUG  [rememberme.GeoServerTokenBasedRememberMeServices] - Cancelling cookie
30 Mar 18:28:21 DEBUG  [filter.GeoServerSecurityContextPersistenceFilter$1] - SecurityContextHolder now cleared, as request processing completed

[rumski20]

I should also add that I see this message on one of the first lines of the log file

(Re)setting GEOSERVER_ADMIN_PASSWORD because it has changed

Also, I just tried logging in again and user: admin and pass: geoserver worked to login 😕 So maybe the password didn't really get updated?? 🤷‍♂️

[NyakudyaA]

If you use USE_DEFAULT_CREDENTIALS the passwords will be geoserver. Let's try to confirm if setting a password and updating the passwords works on a simple container

[rumski20]

Let's try to confirm if setting a password and updating the passwords works on a simple container

As in a fresh install stand alone container?

[NyakudyaA]

Yes, stand-alone container

[rumski20]

Yes, I can confirm this works. I essentially repeated what you did here:

1. clone repo
2. update GEOSERVER_ADMIN_PASSWORD=newpassword in .env
3. run docker-compose up -d
4. login using password specified in .env

[rumski20]

I've tried everything I can think of to change the password, but it still seems stuck at user: admin pass: geoserver

Here is my setup:

  geoserver:
    depends_on:
      postgis:
        condition: service_started
    environment:
      APIPORT: '42080'
      CATALINA_OPTS: -DHTTP_PROXY_NAME=nrri-atlas2.d.umn.edu
      COMPOSE_PROJECT_NAME: nra_prod_umdserver
      ENV_FILE: nra_prod_umdserver.env
      GEOSERVER_ADMIN_PASSWORD: changeme
      GEOSERVER_ADMIN_USER: admin
      GEOSERVER_DATA_DIR: /opt/geoserver/data_dir
      GSHOST: geoserver
      GSPORT_EXT: '32780'
      GS_VERSION: 2.22.2
      HTTPS_PROXY_NAME: nrri-atlas2.d.umn.edu
      HTTPS_PROXY_PORT: '32780'
      HTTPS_SCHEME: https
      HTTP_PROXY_NAME: nrri-atlas2.d.umn.edu
      HTTP_SCHEME: https
      PGDATABASE: nra
      PGHOST: postgis
      PGPASSWORD: thepgpass
      PGPORT: '5432'
      PGRST_DB_ANON_ROLE: anon
      PGUSER: nra_admin
      READONLY_PASSWORD: somepass
      READONLY_USER: readonly
      RECREATE_DATADIR: "false"
      VOL_GSCACHE: /usr/local/nrri_deploy/nra/nra_deploy/geowebcache
      VOL_GSDATA: /usr/local/nrri_deploy/nra/nra_deploy/geoserver_data
      VOL_PGCACHE: /usr/local/nrri_deploy/nra/nra_deploy/pgcache
      VOL_PGDATA: /usr/local/nrri_deploy/nra/nra_deploy/postgres_data
      VOL_atlas_backup: /mnt/nrgisl/proj/Atlas/backup
      VOL_atlas_data_other: /usr/local/nrri_deploy/nra/nra_deploy/data
      VOL_atlas_data_root: /mnt/nrgisl/proj/Atlas/data
      VOL_import_inputs: /usr/local/nrri_deploy/nra/nra_deploy/import_inputs
      VOL_import_outputs: /usr/local/nrri_deploy/nra/nra_deploy/import_outputs
      VOL_import_src: /usr/local/nrri_deploy/nra/nra_docker/nra_atlas2/import
      VOL_restapi_src: /usr/local/nrri_deploy/nra/nra_deploy/restapi_code
      VOL_testing_outputs: /usr/local/nrri_deploy/nra/nra_deploy/testing
      VOL_testing_src: /usr/local/nrri_deploy/nra/nra_docker/nra_atlas2/testing
      geos_url: http://geoserver:8080/geoserver/
    image: kartoza/geoserver:2.22.2
    networks:
      atlas_network: null
    restart: unless-stopped
    volumes:
    - /usr/local/nrri_deploy/nra/nra_deploy/geoserver_data:/opt/geoserver/data_dir:rw
    - /usr/local/nrri_deploy/nra/nra_deploy/geowebcache:/opt/geoserver/data_dir/gwc:rw
    - settings:/settings:rw
    - /usr/local/nrri_deploy/nra/nra_docker/nra_atlas2/docker-geoserver/build_data/web.xml:/settings/web.xml:rw

[jasny]

+1

I'm facing the same issue: No admin password is generated and GEOSERVER_ADMIN_PASSWORD is ignored.

[jasny]

@rumski20 Could you please change the title to state there are issues with the admin password? I can help others that are facing the same problem to know that it's a known issue.

[jasny]

There seem to be multiple issues with v2.22.2. Some of these have been resolved in the develop branch. When building an image from that branch and using it, I do see that the admin password is generated (when none is supplied).

However, even with that build, it's still not possible to log in with a supplied or generated password.

It looks like there is a problem with the generated users.xml and roles.xml. It has GEOSERVER_ADMIN_USER as username instead of admin. I tried the web interface and am indeed able to log in with GEOSERVER_ADMIN_USER and the supplied password.

root@66a04ef63173:/opt/geoserver/data_dir/security# cat usergroup/default/users.xml
<?xml version="1.0" encoding="UTF-8"?>
<userRegistry version="1.0" xmlns="http://www.geoserver.org/security/users">
    <users>
        <user enabled="true" name="GEOSERVER_ADMIN_USER" password="digest1:uswIiZGM9GWXmOpyv/E7oVGSSqIwBuqetmYCe2PrTpN8Pqgx1UPt88pvyKpPsggF"/>
    </users>
    <groups/>
</userRegistry>
root@66a04ef63173:/opt/geoserver/data_dir/security# cat role/default/roles.xml
<?xml version="1.0" encoding="UTF-8"?>
<roleRegistry version="1.0" xmlns="http://www.geoserver.org/security/roles">
    <roleList>
        <role id="ADMIN"/>
        <role id="GROUP_ADMIN"/>
    </roleList>
    <userList>
        <userRoles username="GEOSERVER_ADMIN_USER">
            <roleRef roleID="ADMIN"/>
        </userRoles>
    </userList>
    <groupList/>
</roleRegistry>

[rumski20]

It looks like there is a problem with the generated users.xml and roles.xml. It has GEOSERVER_ADMIN_USER as username instead of admin. I tried the web interface and am indeed able to log in with GEOSERVER_ADMIN_USER and the supplied password.

@jasny Does this mean you were able to log in to the web interface using the GEOSERVER_ADMIN_USER and GEOSERVER_ADMIN_PASSWORD you had as environment variables?

[jasny]

No, I literally need to use "GEOSERVER_ADMIN_USER" as username. I didn't supply a password and use the randomly generated one. But it should take the value of the env var afaics.

Note that this is on the develop branch. The v2.22.2 I couldn't get working at all.

[rumski20]

No, I literally need to use "GEOSERVER_ADMIN_USER" as username.

😲 Yeah, that don't seem like how it's supposed to work.

[rumski20]

Anyhow, I finally got an instance up and running that I was able to login to with the GEOSERVER_ADMIN_USER and GEOSERVER_ADMIN_PASSWORD that I had specied in the .env file.

@NyakudyaA , @ggsggs thanks for all your help and support.

I can't be sure that it's entirely reproducible (given that this container is part of a whole docker-compose setup with multiple moving parts), but for posterity here (after much trial and error) is what seems to be the correct workflow:

problem: couldn't login using the GEOSERVER_ADMIN_USER and GEOSERVER_ADMIN_PASSWORD env variables specified in .env file.

solution:

1. Reset everything back to default credentials

   USE_DEFAULT_CREDENTIALS=true
   GEOSERVER_ADMIN_USER=admin
   GEOSERVER_ADMIN_PASSWORD=geoserver

2. Make sure proxy base URL is properly configured. See this portion of the docs and this helpful issue and this comment, in particular.
3. Login using default credentials.
4. Use web interface to change admin and master passwords (not sure on the difference here). If you did step 2 properly this should work fine.
5. Update GEOSERVER_ADMIN_PASSWORD env variable with new password, and get rid of USE_DEFAULT_CREDENTIALS
6. Rebuild container

If all goes as planned, you should be able to login with the password that is actually specified for GEOSERVER_ADMIN_PASSWORD

[NyakudyaA]

@jasny @rumski20 I have just tried this and all is working properly on the latest develop. Here is what I have done

• Git clone the repo

  git@github.com:kartoza/docker-geoserver.git

• Run the build script

  
  docker compose -f docker-compose-build.yml build

* Run the container without a password. i.e

docker run -it -p 8600:8080 kartoza/geoserver:2.22.2

Use the password specified in the startup logs to log in on the browser.
* Run the container with a password

docker run -it -e GEOSERVER_ADMIN_PASSWORD="fabulous" -p 8600:8080 kartoza/geoserver:2.22.2

Log in using `admin` and password: `fabulous`

Can you try the above and confirm if it gives errors? If we can confirm this, I can update the images. 

[jasny]

@NyakudyaA :+1: Yes, I can confirm that everything works when using the image build from the develop branch.

To solve the username issue in my environment, I needed to delete the geoserver_data volume.

[NyakudyaA]

@jasny Please check he 2.23.0 images released. They have the password fixes

[dblodgett-usgs]

So... for the record, we have an instance that is doing the same thing after upgrading to 2.18.7 -- "admin" user no longer works with our admin password that gets included as an environment variable. But GEOSERVER_ADMIN_USER works! 10:30 on a Saturday I found this thread and solved the weeks old mystery.

🤷‍♂️

[Promise-Igbo]

I keep getting application error when i mount a volume, any help please?