[GeoNode-users] Setting SSL in Geonode Docker Error
irland fardani
irlan128 at gmail.com
Wed Sep 15 20:48:51 PDT 2021
Dear All,
I install geonode 2.4.1 from docker in rhel 7,
I try to activate the ssl in geonode in port 8080, I use cert from
letsencrypt
When i compose the docker without the https, it run perfectly (I attached
my .env and docker-compose.yml),
but when i configure to the https, it won`t start (failed)
the error is like this
**Trying to get STAGING certificate*
*--server value conflicts with --staging*
*Failed to get the certificates !**
Can somebody give me a clue to solve this problem?
thanks
--
Irland Fardani M.T.
+628562257785
+6281223261345
Program Studi Perencanaan Wilayah Kota <http://planologi.unisba.ac.id/>
Fakultas Teknik <http://planologi.unisba.ac.id/>
Universitas Islam Bandung <http://planologi.unisba.ac.id/>
Hatur Nuhun
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Virus-free.
www.avg.com
<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.osgeo.org/pipermail/geonode-users/attachments/20210916/a6aadc00/attachment.html>
-------------- next part --------------
COMPOSE_PROJECT_NAME=geonode
DOCKER_HOST_IP=
DOCKER_ENV=production
# See https://github.com/geosolutions-it/geonode-generic/issues/28
# to see why we force API version to 1.24
DOCKER_API_VERSION="1.24"
BACKUPS_VOLUME_DRIVER=local
TZ=Asia/Jakarta
C_FORCE_ROOT=1
FORCE_REINIT=false
INVOKE_LOG_STDOUT=true
# LANGUAGE_CODE=pt
# LANGUAGES=(('en','English'),('pt','Portuguese'))
DJANGO_SETTINGS_MODULE=geonode.settings
GEONODE_INSTANCE_NAME=geonode
GEONODE_LB_HOST_IP=
GEONODE_LB_PORT=
# #################
# backend
# #################
POSTGRES_USER=postgres
POSTGRES_PASSWORD=p0stgr3$2021
GEONODE_DATABASE=geonode
GEONODE_DATABASE_PASSWORD=geonode
GEONODE_GEODATABASE=geonode_data
GEONODE_GEODATABASE_PASSWORD=geonode_data
GEONODE_DATABASE_SCHEMA=public
GEONODE_GEODATABASE_SCHEMA=public
GEONODE_DATABASE_HOST=db
GEONODE_DATABASE_PORT=5432
DATABASE_URL=postgis://geonode:geonode@11.13.0.17:5432/geonode
GEONODE_GEODATABASE_HOST=db
GEONODE_GEODATABASE_PORT=5432
GEODATABASE_URL=postgis://geonode_data:geonode_data@11.13.0.17:5432/geonode_data
GEONODE_DB_CONN_MAX_AGE=0
GEONODE_DB_CONN_TOUT=5
DEFAULT_BACKEND_DATASTORE=datastore
BROKER_URL=amqp://guest:guest@rabbitmq:5672/
ASYNC_SIGNALS=True
SITEURL=http://gis-pmt.teamdev.id:8080/
ALLOWED_HOSTS="['django', '*']"
# Data Uploader
DEFAULT_BACKEND_UPLOADER=geonode.importer
TIME_ENABLED=True
MOSAIC_ENABLED=False
HAYSTACK_SEARCH=False
HAYSTACK_ENGINE_URL=http://elasticsearch:9200/
HAYSTACK_ENGINE_INDEX_NAME=haystack
HAYSTACK_SEARCH_RESULTS_PER_PAGE=200
# #################
# nginx
# HTTPD Server
# #################
GEONODE_LB_HOST_IP=gis-pmt.teamdev.id
GEONODE_LB_PORT=8080
# IP or domain name and port where the server can be reached on HTTPS (leave HOST empty if you want to use HTTP only)
# port where the server can be reached on HTTPS
HTTP_HOST=gis-pmt.teamdev.id
HTTPS_HOST=
HTTP_PORT=8080
HTTPS_PORT=
# Let's Encrypt certificates for https encryption. You must have a domain name as HTTPS_HOST (doesn't work
# with an ip) and it must be reachable from the outside. This can be one of the following :
# disabled : we do not get a certificate at all (a placeholder certificate will be used)
# staging : we get staging certificates (are invalid, but allow to test the process completely and have much higher limit rates)
# production : we get a normal certificate (default)
LETSENCRYPT_MODE=disabled
#LETSENCRYPT_MODE=staging
#LETSENCRYPT_MODE=production
RESOLVER=127.0.0.11
PROXY_ALLOWED_HOSTS=['10.31.0.13', 'localhost', 'django', 'geonode', 'spatialreference.org', 'nominatim.openstreetmap.org', 'dev.openlayers.org','103.8.238.60:8080']
# #################
# geoserver
# #################
GEOSERVER_WEB_UI_LOCATION=http://bumibiru.com/geoserver
GEOSERVER_PUBLIC_LOCATION=http://bumibiru.com/geoserver
GEOSERVER_LOCATION=http://geoserver:8080/geoserver/
GEOSERVER_ADMIN_USER=admin
GEOSERVER_ADMIN_PASSWORD=Kominfo2021Asik
OGC_REQUEST_TIMEOUT=30
OGC_REQUEST_MAX_RETRIES=1
OGC_REQUEST_BACKOFF_FACTOR=0.3
OGC_REQUEST_POOL_MAXSIZE=10
OGC_REQUEST_POOL_CONNECTIONS=10
# Java Options & Memory
ENABLE_JSONP=true
outFormat=text/javascript
GEOSERVER_JAVA_OPTS="-Djava.awt.headless=true -Xms128G -Xmx128G -XX:+UnlockDiagnosticVMOptions -XX:+LogVMOutput -XX:LogFile=/var/log/jvm.log -XX:PerfDataSamplingInterval=500 -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:-UseGCOverheadLimit -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:ParallelGCThreads=4 -Dfile.encoding=UTF8 -Djavax.servlet.request.encoding=UTF-8 -Djavax.servlet.response.encoding=UTF-8 -Duser.timezone=GMT -Dorg.geotools.shapefile.datetime=false -DGEOSERVER_CSRF_DISABLED=true -DPRINT_BASE_URL=http://geoserver:8080/geoserver/pdf -DALLOW_ENV_PARAMETRIZATION=true -Xbootclasspath/a:/usr/local/tomcat/webapps/geoserver/WEB-INF/lib/marlin-0.9.3-Unsafe.jar -Dsun.java2d.renderer=org.marlin.pisces.MarlinRenderingEngine"
# #################
# Security
# #################
# Admin Settings
ADMIN_USERNAME=admin
ADMIN_PASSWORD=admin
ADMIN_EMAIL=admin at localhost
# EMAIL Notifications
EMAIL_ENABLE=False
DJANGO_EMAIL_BACKEND=django.core.mail.backends.smtp.EmailBackend
DJANGO_EMAIL_HOST=localhost
DJANGO_EMAIL_PORT=25
DJANGO_EMAIL_HOST_USER=
DJANGO_EMAIL_HOST_PASSWORD=
DJANGO_EMAIL_USE_TLS=False
DJANGO_EMAIL_USE_SSL=False
DEFAULT_FROM_EMAIL='GeoNode <no-reply at geonode.org>'
# Session/Access Control
LOCKDOWN_GEONODE=False
CORS_ORIGIN_ALLOW_ALL=True
X_FRAME_OPTIONS="SAMEORIGIN"
SESSION_EXPIRED_CONTROL_ENABLED=True
DEFAULT_ANONYMOUS_VIEW_PERMISSION=True
DEFAULT_ANONYMOUS_DOWNLOAD_PERMISSION=True
# Users Registration
ACCOUNT_OPEN_SIGNUP=False
ACCOUNT_EMAIL_REQUIRED=True
ACCOUNT_APPROVAL_REQUIRED=False
ACCOUNT_CONFIRM_EMAIL_ON_GET=False
ACCOUNT_EMAIL_VERIFICATION=none
ACCOUNT_EMAIL_CONFIRMATION_EMAIL=False
ACCOUNT_EMAIL_CONFIRMATION_REQUIRED=False
ACCOUNT_AUTHENTICATION_METHOD=username_email
AUTO_ASSIGN_REGISTERED_MEMBERS_TO_REGISTERED_MEMBERS_GROUP_NAME=True
# OAuth2
OAUTH2_API_KEY=
OAUTH2_CLIENT_ID=Jrchz2oPY3akmzndmgUTYrs9gczlgoV20YPSvqaV
OAUTH2_CLIENT_SECRET=rCnp5txobUo83EpQEblM8fVj3QT5zb5qRfxNsuPzCqZaiRyIoxM4jdgMiZKFfePBHYXCLd7B8NlkfDBY9HKeIQPcy5Cp08KQNpRHQbjpLItDHv12GvkSeXp6OxaUETv3
# GeoNode APIs
API_LOCKDOWN=False
TASTYPIE_APIKEY=
# #################
# Production and
# Monitoring
# #################
DEBUG=True
SECRET_KEY='myv-y4#7j-d*p-__ at j#*3z@!y24fz8%^z2v6atuy4bo9vqr1_a'
STATIC_ROOT=/mnt/volumes/statics/static/
MEDIA_ROOT=/mnt/volumes/statics/uploaded/
GEOIP_PATH=/mnt/volumes/statics/geoip.db
CACHE_BUSTING_STATIC_ENABLED=False
CACHE_BUSTING_MEDIA_ENABLED=False
MEMCACHED_ENABLED=False
MEMCACHED_BACKEND=django.core.cache.backends.memcached.MemcachedCache
MEMCACHED_LOCATION=127.0.0.1:11211
MEMCACHED_LOCK_EXPIRE=3600
MEMCACHED_LOCK_TIMEOUT=10
MAX_DOCUMENT_SIZE=1000
CLIENT_RESULTS_LIMIT=5
API_LIMIT_PER_PAGE=1000
# GIS Client
GEONODE_CLIENT_LAYER_PREVIEW_LIBRARY=mapstore
MAPBOX_ACCESS_TOKEN=
BING_API_KEY=
GOOGLE_API_KEY=
# Monitoring
MONITORING_ENABLED=True
MONITORING_DATA_TTL=365
USER_ANALYTICS_ENABLED=True
USER_ANALYTICS_GZIP=True
CENTRALIZED_DASHBOARD_ENABLED=False
MONITORING_SERVICE_NAME=local-geonode
MONITORING_HOST_NAME=geonode
# Other Options/Contribs
MODIFY_TOPICCATEGORY=True
AVATAR_GRAVATAR_SSL=True
EXIF_ENABLED=True
CREATE_LAYER=True
FAVORITE_ENABLED=True
# LDAP
LDAP_ENABLED=False
LDAP_SERVER_URL=ldap://<the_ldap_server>
LDAP_BIND_DN=uid=ldapinfo,cn=users,dc=ad,dc=example,dc=org
LDAP_BIND_PASSWORD=<something_secret>
LDAP_USER_SEARCH_DN=dc=ad,dc=example,dc=org
LDAP_USER_SEARCH_FILTERSTR=(&(uid=%(user)s)(objectClass=person))
LDAP_GROUP_SEARCH_DN=cn=groups,dc=ad,dc=example,dc=org
LDAP_GROUP_SEARCH_FILTERSTR=(|(cn=abt1)(cn=abt2)(cn=abt3)(cn=abt4)(cn=abt5)(cn=abt6))
LDAP_GROUP_PROFILE_MEMBER_ATTR=uniqueMember
# CELERY
# expressed in KB
# CELERY__MAX_MEMORY_PER_CHILD="200000"
# ##
# Note right autoscale value must coincide with worker concurrency value
# CELERY__AUTOSCALE_VALUES="1,4"
# CELERY__WORKER_CONCURRENCY="4"
# ##
# CELERY__OPTS="--without-gossip --without-mingle -Ofair -B -E"
# CELERY__BEAT_SCHEDULE="/mnt/volumes/statics/celerybeat-schedule"
# CELERY__LOG_LEVEL="INFO"
# CELERY__LOG_FILE="/var/log/celery.log"
# CELERY__WORKER_NAME="worker1@%h"
OGC_REQUEST_TIMEOUT=30
OGC_REQUEST_MAX_RETRIES=1
OGC_REQUEST_BACKOFF_FACTOR=0.3
OGC_REQUEST_POOL_MAXSIZE=10
OGC_REQUEST_POOL_CONNECTIONS=10
-------------- next part --------------
version: '3.4'
services:
# Common Django template for GeoNode and Celery services below
x-common-django:
&default-common-django
image: geonode/geonode:latest
restart: on-failure
env_file:
- .env
volumes:
# - '.:/usr/src/geonode'
- statics:/mnt/volumes/statics
- geoserver-data-dir:/geoserver_data/data
- backup-restore:/backup_restore
- data:/data
- tmp:/tmp
services:
# Our custom django application. It includes Geonode.
django:
<< : *default-common-django
build:
context: ./
dockerfile: Dockerfile
container_name: django4${COMPOSE_PROJECT_NAME}
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8001/"
interval: 60s
timeout: 10s
retries: 1
start_period: 60s
environment:
- IS_CELERY=False
entrypoint: ["/usr/src/geonode/entrypoint.sh"]
command: "uwsgi --ini /usr/src/geonode/uwsgi.ini"
# Celery worker that executes celery tasks created by Django.
celery:
<< : *default-common-django
image: geonode/geonode:latest
container_name: celery4${COMPOSE_PROJECT_NAME}
depends_on:
- django
environment:
- IS_CELERY=True
entrypoint: ["/usr/src/geonode/entrypoint.sh"]
command: "celery-cmd"
# Nginx is serving django static and media files and proxies to django and geonode
geonode:
image: geonode/nginx:3.x
build: ./scripts/docker/nginx/
container_name: nginx4${COMPOSE_PROJECT_NAME}
environment:
- HTTPS_HOST=${HTTPS_HOST}
- HTTP_HOST=${HTTP_HOST}
- HTTPS_PORT=${HTTPS_PORT}
- HTTP_PORT=${HTTP_PORT}
- LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
- RESOLVER=127.0.0.11
ports:
- "${HTTP_PORT}:8080"
volumes:
- nginx-confd:/etc/nginx
- nginx-certificates:/geonode-certificates
- statics:/mnt/volumes/statics
restart: on-failure
# Gets and installs letsencrypt certificates
letsencrypt:
image: geonode/spcgeonode:letsencrypt-3.1
build: ./scripts/spcgeonode/letsencrypt/
container_name: letsencrypt4${COMPOSE_PROJECT_NAME}
environment:
- HTTPS_HOST=${HTTPS_HOST}
- HTTP_HOST=${HTTP_HOST}
- ADMIN_EMAIL=${ADMIN_EMAIL}
- LETSENCRYPT_MODE=${LETSENCRYPT_MODE}
volumes:
- nginx-certificates:/geonode-certificates
restart: on-failure
# Geoserver backend
geoserver:
image: kiripayun/geonode-custom-vectornetcdf:latest
container_name: geoserver4${COMPOSE_PROJECT_NAME}
healthcheck:
test: "curl --fail --silent --write-out 'HTTP CODE : %{http_code}\n' --output /dev/null http://127.0.0.1:8080/geoserver/rest/workspaces/geonode.html"
interval: 60s
timeout: 10s
retries: 1
start_period: 60s
env_file:
- ./scripts/docker/env/${DOCKER_ENV}/geoserver.env
volumes:
- statics:/mnt/volumes/statics
- geoserver-data-dir:/geoserver_data/data
- backup-restore:/backup_restore
- data:/data
- tmp:/tmp
restart: on-failure
data-dir-conf:
image: geonode/geoserver_data:2.18.2
container_name: gsconf4${COMPOSE_PROJECT_NAME}
command: /bin/true
volumes:
- geoserver-data-dir:/geoserver_data/data
restart: on-failure
# # PostGIS database.
# db:
# # use geonode official postgis 13 image
# image: geonode/postgis:13
# container_name: db4${COMPOSE_PROJECT_NAME}
# env_file:
# - ./scripts/docker/env/${DOCKER_ENV}/db.env
# volumes:
# - dbdata:/var/lib/postgresql/data
# - dbbackups:/pg_backups
# restart: on-failure
# # uncomment to enable remote connections to postgres
# #ports:
# # - "5432:5432"
# Vanilla RabbitMQ service. This is needed by celery
rabbitmq:
image: rabbitmq:3.7-alpine
container_name: rabbitmq4${COMPOSE_PROJECT_NAME}
volumes:
- rabbitmq:/var/lib/rabbitmq
restart: on-failure
volumes:
statics:
name: ${COMPOSE_PROJECT_NAME}-statics
nginx-confd:
name: ${COMPOSE_PROJECT_NAME}-nginxconfd
nginx-certificates:
name: ${COMPOSE_PROJECT_NAME}-nginxcerts
geoserver-data-dir:
name: ${COMPOSE_PROJECT_NAME}-gsdatadir
# dbdata:
# name: ${COMPOSE_PROJECT_NAME}-dbdata
# dbbackups:
# name: ${COMPOSE_PROJECT_NAME}-dbbackups
backup-restore:
name: ${COMPOSE_PROJECT_NAME}-backup-restore
data:
name: ${COMPOSE_PROJECT_NAME}-data
tmp:
name: ${COMPOSE_PROJECT_NAME}-tmp
rabbitmq:
name: ${COMPOSE_PROJECT_NAME}-rabbitmq
More information about the geonode-users
mailing list