The containerization of GeoServer represents a pivotal shift in geospatial data infrastructure, transitioning from monolithic, manual installations to scalable, reproducible, and portable environments. By leveraging Docker, administrators can encapsulate the entire GeoServer runtime—including the Java Runtime Environment (JRE), the Apache Tomcat servlet container, and the GeoServer web application—into a single immutable image. This approach eliminates the "it works on my machine" syndrome and allows for rapid deployment across various environments, from local developer workstations to massive cloud clusters. The integration of Docker ensures that all dependencies, such as specific JDK versions or native libraries like GDAL, are bundled together, reducing the friction associated with version mismatches and system-level conflicts.
Core Infrastructure and Image Variants
The GeoServer Docker landscape is diverse, with multiple images tailored for specific use cases, ranging from official general-purpose deployments to specialized builds for the GeoNode ecosystem.
The official images maintained by GeoSolutions are built upon the Apache Tomcat docker image. This foundational choice allows GeoServer to benefit from the stability and widespread adoption of Tomcat as a web container. These images are designed for high availability and general-purpose geospatial sharing.
Another significant variant is the GeoNode-specific GeoServer image. This image is specifically engineered to facilitate the setup of GeoServer when it is used as a component of a GeoNode installation. It features a separated data directory and is based on the official Tomcat 9 image.
For those requiring the most flexible and recent build options, the Dockerfiles available in the official GitHub repository allow for the creation of images across all GeoServer versions since 2.5. These builds utilize a modern stack consisting of:
- Ubuntu Noble (24.04 LTS) as the base operating system.
- JDK 17 (Eclipse Temurin) for the Java runtime.
- Tomcat 9 for GeoServer 2.x series deployments.
- Tomcat 11 for GeoServer 3.x series deployments.
The diversity of these images ensures that whether a user needs a lightweight instance for testing or a hardened production server with GDAL bindings, there is a corresponding image available.
Detailed Image Selection and Acquisition
Acquiring the correct GeoServer image is the first critical step in the deployment process. Depending on the requirements, users can pull pre-built images or construct their own from source.
To utilize an official image, the following command structure is employed:
docker pull docker.osgeo.org/geoserver:{{VERSION}}
For instance, to pull version 2.28.2, the command is:
docker pull docker.osgeo.org/geoserver:2.28.2
If the deployment requires the Geospatial Data Abstraction Library (GDAL) with Java Bindings, the -gdal suffix must be appended to the version:
docker pull docker.osgeo.org/geoserver:2.28.2-gdal
For users within the GeoNode ecosystem, the recommended method is to pull the trusted build from Docker Hub:
docker pull geonode/geoserver
Alternatively, the GeoNode image can be built locally to allow for customization of the build process:
git clone https://github.com/geonode/geoserver-docker.git
cd geoserver-docker
docker build -t "geonode/geoserver" .
Deployment Strategies: Docker Run and Persistence
Running a GeoServer container involves configuring port mapping, environment variables, and volume mounts to ensure that configuration and data survive container restarts.
Basic Execution
A simple, non-persistent instance can be started with a single command:
docker run --name gs -p 8080:8080 geosolutionsit/geoserver
In this configuration, the host's port 8080 is mapped to the container's port 8080. Once the container is running, the GeoServer web interface is accessible at http://localhost:8080/geoserver. The default credentials for the administrative interface are username admin and password geoserver.
Data Persistence and Volume Mapping
Because containers are ephemeral, any changes made to the GeoServer data directory (such as adding workspaces, stores, or styles) will be lost when the container is deleted. To prevent this, persistent volumes must be mapped.
To save the default data directory from a running container to the local host, the following sequence is used:
docker cp gs:/var/geoserver/datadir ./datadir
docker stop gs
Then, the container is restarted with a volume mount:
docker run -v ./datadir:/var/geoserver/datadir --name gs -p 8080:8080 geosolutionsit/geoserver
For deployments utilizing the docker.osgeo.org images, the bind mount syntax is recommended:
docker run -it -p 80:8080 --mount src="/absolute/path/on/host",target=/opt/geoserver_data/,type=bind docker.osgeo.org/geoserver:2.28.2
When an empty directory is mounted, GeoServer will automatically populate it during the first boot sequence.
Configuration via Environment Variables
GeoServer Docker images allow for runtime configuration through environment variables, which eliminate the need to manually edit XML files inside the container.
ADMIN_PASSWORD: Used to set a secure password for the admin user at startup.GEOSERVER_DATA_DIR: Defines the location of the GeoServer data directory.GEOSERVER_LOG_DIR: Customizes where log files are placed.GEOWEBCACHE_CONFIG_DIR: Sets the location for GeoWebCache configuration.GEOWEBCACHE_CACHE_DIR: Specifies the directory for the GeoWebCache cache.NETCDF_DATA_DIR: Defines the path for NETCDF data.GRIB_CACHE_DIR: Sets the path for GRIB cache.CATALINA_OPTS: Used to pass custom options to the Tomcat JVM.
An example of running a container with a custom admin password and persistent data is:
docker run -e ADMIN_PASSWORD=securepassword -v datadir:/var/geoserver/datadir --name gs -p 8080:8080 geosolutionsit/geoserver
Advanced Orchestration with Docker Compose
For production-grade deployments, Docker Compose is the preferred method as it allows for the definition of multi-container architectures, including database backends and cache layers.
Scaling and Catalog Backends
For scalability, GeoServer Cloud recommends using the pgconfig backend. This approach moves the GeoServer catalog and configuration from the traditional file-based data directory into a PostgreSQL database. This enables multiple GeoServer instances to share the same configuration, facilitating horizontal scaling.
Two primary Docker Compose strategies are highlighted:
- pgconfig Catalog Backend: Stores all configuration in PostgreSQL, optimized for cloud scalability.
- Shared Data-Directory: Uses a mounted volume to share a traditional data directory across all services.
Service Definition and User Permissions
A critical aspect of running GeoServer in Docker is managing file system permissions. To avoid running containers as the root user, service definitions should specify the user ID and group ID.
The standard configuration is:
user: 1000:1000
This ensures that the process inside the container runs with non-privileged permissions. However, this requires that the host directories mapped as volumes are owned by the same UID.
To correctly align host permissions with the container user, the following commands should be executed on the host system:
sudo chown -R 1000:1000 /path/custom-war
sudo chmod -R 755 /path/custom-war
Compose Configuration Example
A typical Docker Compose service definition for GeoServer involves several keys:
image: Specifies the image version, such asgeosolutionsit/geoserver:2.23.0.volumes: Maps host paths to container paths, such as mapping a custom.warfile to/usr/local/tomcat/webapps/geoserver.environment: Sets runtime variables, such asEXTRA_GEOSERVER_OPTS="-DGEOSERVER_CSRF_WHITELIST=example.org -DENABLE_JSONP=true".depends_on: Ensures the database (e.g., PostgreSQL) is healthy before GeoServer starts.ports: Maps the internal port (8080) to the host.networks: Assigns the container to a specific network, such asgeoserver-network.
Specialized Configurations and Extensions
GeoServer's utility is greatly expanded through the use of extensions and custom configurations, which can be integrated during the Docker build process.
Dynamic Installation and Customization
The Dockerfile-based approach allows for several advanced configurations:
- Dynamic Installation of Extensions: Extensions can be added during the build phase to provide additional geospatial capabilities.
- Custom Fonts: To ensure SLD (Styled Layer Descriptor) styling is consistent across environments, the
CUSTOM_FONTSbuild argument can be used to point to a host directory containing the necessary fonts. - CORS Configuration: Cross-Origin Resource Sharing can be configured to allow web applications on different domains to access GeoServer services.
- PostgreSQL JNDI: For optimized database connectivity, JNDI (Java Naming and Directory Interface) can be configured.
- HTTPS: Secure communication can be implemented by configuring the Tomcat layer within the container.
GeoNode-Specific Data Handling
For those using the GeoNode image, data management is handled through a specific versioning system. Users must download the appropriate data-2.xx.x.zip file from the build server.
The deployment process for GeoNode follows these steps:
- Create a host directory:
sudo mkdir /opt/geoserver/ - Unzip the data:
sudo unzip ~/Dowmload/data-2.18.2.zip -d /opt/geoserver/ - Run the container:
docker run --name "geoserver" -v /var/run/docker.sock:/var/run/docker.sock -v /opt/geoserver/data/:/geoserver_data/data -d -p 8080:8080 geonode/geoserver
It is vital to maintain a one-to-one correspondence between the data directory version and the tag of the GeoServer image used.
Database Integration and Networking
GeoServer is rarely deployed in isolation; it almost always requires a spatial database to manage vector data.
PostGIS Integration
PostGIS is the recommended spatial database. A common deployment involves running a PostGIS container:
docker run -d --name="postgis" kartoza/postgis
To connect GeoServer to this database, the --link option can be used in the docker run command:
--link postgis:postgis
This creates a network bridge that allows the GeoServer container to resolve the hostname postgis to the IP address of the database container.
Lifecycle Management and Maintenance
Maintaining a GeoServer Docker environment requires an understanding of image retention and container lifecycle.
Image Retention Policy
Starting in November 2025, GeoSolutions implemented a strict image retention policy. As new versions of GeoServer are released, older images are moved to a dedicated archive repository. This archive is read-only and intended for legacy use and backward compatibility. Users are strongly encouraged to upgrade to the latest supported versions to maintain security, stability, and compliance.
Container State and Data Loss
When using Docker Compose, the behavior of the data varies depending on the command used:
docker-compose stop: The containers are stopped, but the data in theGEOSERVER_DATA_DIRis retained. The services can be resumed usingdocker-compose up.docker-compose down: The containers and their internal network are removed. If volumes were not properly mapped to the host, the data is completely lost. In the GeoNode environment, this allows the user to restart from the base GeoServer Data Directory.
Technical Specifications Summary
The following table outlines the core specifications and requirements for GeoServer Docker deployments.
| Component | Specification | Notes |
|---|---|---|
| Base OS | Ubuntu Noble (24.04 LTS) | Used in recent official Dockerfiles |
| Java Runtime | JDK 17 (Eclipse Temurin) | Standard for current versions |
| Servlet Container | Tomcat 9 / Tomcat 11 | Version depends on GeoServer 2.x vs 3.x |
| Default User UID | 1000 | Required for non-root execution |
| Default Port | 8080 | Internal container port |
| Default Credentials | admin / geoserver | Must be changed in production |
| Recommended DB | PostgreSQL / PostGIS | Necessary for scalability and spatial queries |
Detailed Analysis of Deployment Impact
The transition to Docker for GeoServer deployments has profound implications for the operational lifecycle of geospatial services. By decoupling the application from the underlying host operating system, organizations can achieve a level of environmental parity that was previously impossible.
From a technical perspective, the use of the pgconfig backend is the most significant advancement for cloud-native geospatial services. Traditionally, the GeoServer data directory was a bottleneck for scaling; since it relied on a local file system, scaling horizontally required complex network file system (NFS) setups which often introduced latency and locking issues. By moving the configuration to a PostgreSQL database, the state is centralized, allowing any number of GeoServer containers to spin up and synchronize their configuration instantaneously.
Furthermore, the security posture is significantly improved through the enforcement of non-root users (1000:1000). Running a web-facing service like GeoServer as root inside a container poses a critical security risk; if the application is compromised, the attacker may gain root access to the container and potentially the host. The requirement to recursively chown host directories to match the container UID ensures that security is maintained without sacrificing the ability to persist data.
Finally, the implementation of the image retention policy reflects a mature approach to software maintenance. In the geospatial world, where specific plugins may only work with specific versions of GeoServer, the provision of a read-only archive repository allows legacy systems to remain functional while pushing the community toward more secure, updated versions. This prevents the "version lock" common in older GIS deployments, where fear of breaking a complex workflow prevents critical security updates.