camptocamp / docker-qgis-server Goto Github PK

View Code? Open in Web Editor NEW

20.0 17.0 7.0 1.03 MB

All that is needed to generate a proper QGIS server image

License: GNU General Public License v2.0

Makefile 10.42% Python 16.52% Shell 13.63% Dockerfile 59.44%

geospatial

docker-qgis-server's Introduction

Docker image for QGIS server

Usage

The Docker container needs to have access to all files of the QGIS project to be published. Either you create another image to add the files or you inject them using a volume. For example, if your QGIS project is stored in ./qgis/project.qgz:

docker run --detach --publish=8380:80 --volume=${PWD}/qgis:/etc/qgisserver camptocamp/qgis-server

With the previous command, you'll get to your server with this URL: http://localhost:8380/?MAP=/etc/qgisserver/project.qgz&SERVICE=WMS&REQUEST=GetCapabilities

Tuning

You can use the following variables (-e option in docker run):

QGIS_CATCH_SEGV: Set to 1 if you want stacktraces in the logs in case of segmentation faults.
FCGID_MAX_REQUESTS_PER_PROCESS: The number of requests a QGIS server will serve before being restarted by apache
FCGID_MIN_PROCESSES: The minimum number of fcgi processes to keep (defaults to 1)
FCGID_MAX_PROCESSES: The maximum number of fcgi processes to keep (defaults to 5)
FCGID_IO_TIMEOUT: This is the maximum period of time the module will wait while trying to read from or write to a FastCGI application (default is 40)
FCGID_BUSY_TIMEOUT: The maximum time limit for request handling (defaults to 300)
FCGID_IDLE_TIMEOUT: Application processes which have not handled a request for this period of time will be terminated (defaults to 300)
FILTER_ENV: Filter the environment variables with e.g.: | grep -vi _SERVICE_ | grep -vi _TCP | grep -vi _UDP | grep -vi _PORT to remove the default Kubernetes environment variables (default in an empty string)
GET_ENV: alternative to FILTER_ENV, a command that return the environment variables (defaults to env)

Running the client

If you want to edit a project file, you can run the client from a Linux machine with the following command:

docker run --rm -ti --env=DISPLAY=unix${DISPLAY} --volume=/tmp/.X11-unix:/tmp/.X11-unix --volume=${HOME}:${HOME} camptocamp/qgis-server:master-desktop

Changelog

QGIS 3.22

We removed the default values for the following environment variables to better fit with the QGIS documentation:

QGIS_SERVER_LOG_LEVEL, was 0
QGIS_PROJECT_FILE, was /etc/qgisserver/project.qgs
MAX_CACHE_LAYERS, was ""
QGIS_AUTH_DB_DIR_PATH, was /etc/qgisserver/
PGSERVICEFILE, was /etc/qgisserver/pg_service.conf

Contributing

Install the pre-commit hooks:

pip install pre-commit
pre-commit install --allow-missing-config

docker-qgis-server's People

Contributors

Stargazers

Watchers

Forkers

ismailsunni ye-lin-aung jgrocha pfedorov7 marcoteixeira1977 ambrazasp curtis18

docker-qgis-server's Issues

Support for auth config

I'm trying to use auth config like explained in this documentation: https://docs.qgis.org/3.22/en/docs/user_manual/auth_system/auth_workflows.html#qgis-server-support

Setting the environment variables in Docker does not work for me: QGIS_AUTH_DB_DIR_PATH and QGIS_AUTH_PASSWORD_FILE
It seems that Qgis Server ignores the variables.

Is this supported in the image? There is any solution or workaround?

Should take only the last tagged commit, not the tip of the branches

Currently, for example, we take the tip of the release-2_18 branch and build that. That is wrong since it contains additional commits that are not yet released.

We should checkout the last tagged commit of the branch (final-2_18_*).

Q: How to enable SSL/https for WFS3 HTML View

Could not find in the QGIS Server documentation. May apply also to WMS, WFS, WMTS.
Our QGIS Desktop version is 3.16.0-Hannover | QGIS code revision | 4af1cbfb97

Our QGIS Server instance runs behind Traefik using https://.

GeoJSON Features are returned ok.
But as HTML internal requests requests are using http://. For example:
https://apitestbed.geonovum.nl/qgis/wfs3/collections/dutch_addresses_4326%20OGRGeoJSON/items.html?
The map remains empty and in the browser Console we see this error:

jquery-3.4.1.min.js:2 Mixed Content: The page at 'https://apitestbed.geonovum.nl/qgis/wfs3/collections/dutch_addresses_4326%20OGRGeoJSON/items.html' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://apitestbed.geonovum.nl/qgis/wfs3/collections/dutch_addresses_4326%20OGRGeoJSON/items.geojson?'. This request has been blocked; the content must be served over HTTPS.
send @ jquery-3.4.1.min.js:2

There may be a setting or so, but can't find. The QGIS Server service is defined in GitHub:
https://github.com/Geonovum/ogc-api-testbed/tree/main/services/qgis . The Docker Image we use is:
camptocamp/qgis-server latest 7fb64088c423 14 months ago 1.35GB.

Ok very old...I tried newer Docker Image versions like master and 3.16 but then got other errors like on the landing page:
https://apitestbed.geonovum.nl/qgis/wfs3/

[
  {
    "code": "Bad request error",
    "description": "Template not found: getLandingPage.html"
  }
]

How do we go about adding PostgreSQL

I tried adding the QGIS_SERVER_LANDING_PAGE_PROJECTS_PG_CONNECTIONS var but it wouldn't connect to my server

Error while loading shared libraries: libQt5Core.so.5

I had an error while setting an container working with this image. In Docker for windows with WSL 2 it worked fine, but in an VM with Docker in CentOS i got an error when started the container.

Error output:

wms_server | /usr/local/bin/qgis_mapserv.fcgi: error while loading shared libraries: libQt5Core.so.5: cannot open shared object file: No such file or directory
wms_server |  [warn] [pid 12] mod_fcgid: error reading data from FastCGI server
wms_server |  [error] [pid 12] End of script output before headers: qgis-mapserv-wrapper

I thought it was permissions or something, but i got it working by making an Dockerfile where i do this:

FROM camptocamp/qgis-server

RUN apt-get update && apt-get install -y \
    binutils \
    && strip --remove-section=.note.ABI-tag /usr/lib/x86_64-linux-gnu/libQt5Core.so.5

EXPOSE 80

And it works, thanks to this comment linuxserver/docker-qbittorrent#103 (comment).

I just wanted to leave it here in the issues in case that someone got the same problem.

privilegs problem in mounted /etc/qgisserver path

qgis tries to create files in /etc/qgisserver which is a mounted volume on the host. (the user running) qgis was not authorised to write in the folder.

we only got it working by not mounting /etc/qgisserver, but mount an alternative path and set the path to the project file explicitly

    environment:
      - QGIS_PROJECT_FILE:/myqgisserver/project.qgs
 
    volumes:
      - ./data:/myqgisserver

maybe you can mention this aspect in docs?

request for license

Can you add a license to this repo ?

poetry-1.2.2-py3-none-any.whl: 1 vulnerabilities (highest severity is: 6.8)

Vulnerable Library - poetry-1.2.2-py3-none-any.whl

Path to dependency file: /requirements.txt

Path to vulnerable library: /acceptance_tests/requirements.txt,/requirements.txt

Vulnerabilities

CVE	Severity	CVSS	Dependency	Type	Fixed in (poetry version)	Remediation Available
CVE-2022-23491	Medium	6.8	certifi-2022.9.24-py3-none-any.whl	Transitive	N/A*	❌

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2022-23491

Vulnerable Library - certifi-2022.9.24-py3-none-any.whl

Python package for providing Mozilla's CA Bundle.

Library home page: https://files.pythonhosted.org/packages/1d/38/fa96a426e0c0e68aabc68e896584b83ad1eec779265a028e156ce509630e/certifi-2022.9.24-py3-none-any.whl

Path to dependency file: /acceptance_tests/requirements.txt

Path to vulnerable library: /acceptance_tests/requirements.txt,/requirements.txt

Dependency Hierarchy:

poetry-1.2.2-py3-none-any.whl (Root Library)
- requests-2.28.1-py3-none-any.whl
  - ❌ certifi-2022.9.24-py3-none-any.whl (Vulnerable Library)

Found in base branch: master

Vulnerability Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi 2022.12.07 removes root certificates from "TrustCor" from the root store. These are in the process of being removed from Mozilla's trust store. TrustCor's root certificates are being removed pursuant to an investigation prompted by media reporting that TrustCor's ownership also operated a business that produced spyware. Conclusions of Mozilla's investigation can be found in the linked google group discussion.

Publish Date: 2022-12-07

URL: CVE-2022-23491

CVSS 3 Score Details (6.8)

Base Score Metrics:

Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Scope: Changed
Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-23491

Release Date: 2022-12-07

Fix Resolution: certifi - 2022.12.07

Step up your Open Source Security Game with Mend here

Error while loading shared libraries: libQt5Core.so.5 in Debian Bullseye

This is the same as issue #166, only on Debian. the strip command worked there as well, but whatever binaries are being produced are not compatible with the OS install.

This prevents the install of qgis, and I nearly gave up on the application before I found bug 166.
My sources is : deb https://qgis.org/debian bullseye main
Maybe it should be debian-lts? But I still had the same issue with debian-lts.

Dockerfile is exposing port 8080 but Apache Server listening to port 80

Here:

docker-qgis-server/Dockerfile

Line 221 in 071fde5

EXPOSE 8080

Dockerfile is exposing port 8080, however Apache Server in the container listens to 80. If docker image is not run with a port setting, it does not work properly.

WMS GetCapabilities does not work and prevents from accessing QGis Server from the desktop application

Hi and thank you for this working docker version of the QGis Server.
Everything went fine with the deployment but for some reason I am unable to get the capabilities of the server, which has a lot of downstream consequences.
The error I get when I do http://g11.qtpl.net:8380/?SERVICE=WMS&REQUEST=GetCapabilities (I only use the server within my local network, so I am sure no firewall is the culprit) is:

<ServerException>
Project file error. For OWS services: please provide a SERVICE and a MAP parameter pointing to a valid QGIS project file
</ServerException>

Which does not really make sense as I am checking the capabilities of the server here.

Please help.
Stephen

Use /tmp/in empty-dir in openshift

Current behaviour

Temporary files for QGIS (QGIS project file) are opened in /tmp/ which could be full of previous project file.

Behaviour to implemented

/tmp should be "linked" to an empty-dir config in our openshift infrastructure. Doing so free space will be better managed but we need to move custom script out of this script: https://github.com/camptocamp/docker-qgis-server/blob/3.18/runtime/usr/local/bin/start-server#L11 :

requirements.txt
init-env
pass-env
profiles (a QGIS files probably)

sql server layer

when project have layer from sql server?
i got error 500
Layer(s) not valid

Disable core dumps

Current behaviour

When QGIS crash this creates a core dump file in /tmp/ which could be very big (160 Mo). If QGIS crash often this will lead to some isse on free disk space.

Behaviour to implement

Disable core dump file in /tmp (or in option ?)

The version 3.28 will be delayed

Because it needs a new version of GDAL, see: OSGeo/gdal#6223

*.conf files missing

Synology DSM DSM 7.1.1-42962 Update 1
Synology DS918+ X86
Apache HTTP Server 2.4 PHP 7.4
Python 3.9
Container: camptocamp/docker-qgis-server 3.8.0

My Synology map: docker/qgisserver

On starting the container, it stops running, and in my log:

apache2.conf and port.conf missing
Configuration error: No MPM loaded.

[q] Does the image support `PGSERVICEFILE` ?

This environment variable is listed here:
https://docs.qgis.org/3.22/en/docs/user_manual/managing_data_source/opening_data.html?highlight=pgservicefile#postgresql-service-connection-file

... and mentioned here only by the way:
https://docs.qgis.org/3.22/en/docs/server_manual/config.html?highlight=environment#environment-variables

However the README.md only says that the default value of it was removed:
https://github.com/camptocamp/docker-qgis-server/blob/3.22/README.md#changelog

So I decided to ask the repo maintainer before diving in.

Getting "PassEnv variable _ was undefined" on M1 mac

Here is my docker-compose file:

version: '3.7'

services:
  qgis-server:
      image: camptocamp/qgis-server:3.30
      volumes:
        - ./qgis:/etc/qgisserver

And here is the error I am getting:

AH01506: PassEnv variable _ was undefined
AH01506: PassEnv variable _ was undefined
AH00023: Couldn't create the fcgid-proctbl mutex

Is the error on my side or is this project not compatible with M1 Macs? Or is it something else?

Edit: I don't have the issue with 3.26 and under.

Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Awaiting Schedule

These updates are awaiting their schedule. Click on a checkbox to get an update now.

Update all patch versions (master) (patch) (asottile/pyupgrade, c2cciutils, codespell-project/codespell, pre-commit, pyjson5, pytest, python, python-jsonschema/check-jsonschema)
Update all minor versions (master) (minor) (asottile/pyupgrade, pytest)
Lock file maintenance (master)
Update dependency python to v3.8.17 (3.16)
Update dependency python to v3.8.17 (3.22)
Update python Docker tag to v3.11.4 (3.28)

Detected dependencies

Branch master

docker-compose

acceptance_tests/docker-compose.yaml

camptocamp/postgres 14-postgis-3

dockerfile

Dockerfile

ghcr.io/osgeo/gdal ubuntu-small-3.7.0

Dockerfile-fillcache

ghcr.io/osgeo/gdal ubuntu-small-3.7.0

acceptance_tests/Dockerfile

python 3.11.3

acceptance_tests/config/Dockerfile

github-actions

.github/workflows/audit.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

andstor/file-existence-action v2

asdf-vm/actions v2

.github/workflows/auto-review.yaml

.github/workflows/backport.yaml

.github/workflows/changelog.yaml

actions/checkout v3

actions/cache v3

.github/workflows/clean.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

.github/workflows/delete-old-workflows-run.yaml

MajorScruffy/delete-old-workflow-runs v0.3.0

.github/workflows/main.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

actions/cache v3

actions/cache v3

actions/cache v3

.github/workflows/pr-checks.yaml

actions/checkout v3

.github/workflows/rebuild.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

actions/cache v3

npm

package.json

yarn 1.22.19

pip_requirements

acceptance_tests/requirements.txt

poetry ==1.5.1

pip ==23.1.2

ci/requirements.txt

c2cciutils ==1.5.3

pre-commit ==3.3.2

requirements.txt

poetry ==1.5.1

pip ==23.1.2

poetry

acceptance_tests/pyproject.toml

c2cwsgiutils ==5.2.2

pytest ==7.3.1

pyproject.toml

geolinks 0.2.1

six 1.16.0

nose2 0.13.0

mock 5.0.2

lxml 4.9.2

pre-commit

.pre-commit-config.yaml

pre-commit/mirrors-prettier v2.7.1

pre-commit/pre-commit-hooks v4.4.0

sbrunner/hooks 0.5.0

codespell-project/codespell v2.2.4

jumanjihouse/pre-commit-hooks 3.0.0

python-jsonschema/check-jsonschema 0.23.1

sirwart/ripsecrets v0.1.5

PyCQA/autoflake v2.1.1

asottile/pyupgrade v3.4.0

PyCQA/isort 5.12.0

psf/black 23.3.0

regex

.pre-commit-config.yaml

poetry 1.5.1

poetry 1.5.1

pyjson5 1.6.2

Branch 3.16

asdf

.tool-versions

python 3.8.16

docker-compose

acceptance_tests/docker-compose.yaml

camptocamp/postgres 9.6

dockerfile

Dockerfile

Dockerfile-fillcache

acceptance_tests/Dockerfile

camptocamp/c2cwsgiutils 3

acceptance_tests/config/Dockerfile

github-actions

.github/workflows/auto-review.yaml

.github/workflows/backport.yaml

.github/workflows/main.yaml

actions/checkout v2

camptocamp/initialise-gopass-summon-action v2

actions/cache v2

actions/cache v2

.github/workflows/pr-checks.yaml

actions/checkout v3

pip_requirements

ci/requirements.txt

c2cciutils ==1.1.23

pip >=21.1

pipenv >=2022.1.8

setuptools >=65.5.1

urllib3 >=1.26.5

certifi >=2022.12.7

cryptography >=39.0.1

requests >=2.31.0

requirements.txt

pipenv ==2022.1.8

pipenv

Pipfile

psycopg2 ==2.8.6

numpy ==1.22.4

pyyaml ==5.4.1

pythonqwt ==0.8.3

pre-commit

.pre-commit-config.yaml

pre-commit/mirrors-prettier v2.7.1

Branch 3.22

asdf

.tool-versions

python 3.8.16

docker-compose

acceptance_tests/docker-compose.yaml

camptocamp/postgres 9.6

dockerfile

Dockerfile

Dockerfile-fillcache

acceptance_tests/Dockerfile

acceptance_tests/config/Dockerfile

github-actions

.github/workflows/auto-review.yaml

.github/workflows/backport.yaml

.github/workflows/clean.yaml

actions/checkout v2

camptocamp/initialise-gopass-summon-action v2

.github/workflows/main.yaml

actions/checkout v2

camptocamp/initialise-gopass-summon-action v2

actions/cache v2

actions/cache v2

.github/workflows/pr-checks.yaml

actions/checkout v3

.github/workflows/rebuild.yaml

actions/checkout v2

camptocamp/initialise-gopass-summon-action v2

npm

package.json

yarn 1.22.19

pip_requirements

acceptance_tests/requirements.txt

pipenv ==2021.5.29

ci/requirements.txt

c2cciutils ==1.1.23

pip >=21.1

pipenv >=2022.1.8

setuptools >=65.5.1

urllib3 >=1.26.5

certifi >=2022.12.7

cryptography >=39.0.1

requests >=2.31.0

requirements-desktop.txt

lxml ==4.8.0

requirements.txt

pipenv ==2022.1.8

pipenv

Pipfile

geolinks ==0.2.1

six ==1.16.0

nose2 ==0.10.0

mock ==4.0.3

acceptance_tests/Pipfile

c2cwsgiutils ==4.1.4

pytest ==6.2.5

Branch 3.28

asdf

.tool-versions

python 3.10.12

docker-compose

acceptance_tests/docker-compose.yaml

camptocamp/postgres 14-postgis-3

dockerfile

Dockerfile

Dockerfile-fillcache

acceptance_tests/Dockerfile

python 3.11.3

acceptance_tests/config/Dockerfile

github-actions

.github/workflows/auto-review.yaml

.github/workflows/backport.yaml

.github/workflows/changelog.yaml

actions/checkout v3

actions/cache v3

heinrichreimer/github-changelog-generator-action v2.3

.github/workflows/clean.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

.github/workflows/delete-old-workflows-run.yaml

MajorScruffy/delete-old-workflow-runs v0.3.0

.github/workflows/main.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

actions/cache v3

actions/cache v3

.github/workflows/pr-checks.yaml

actions/checkout v3

.github/workflows/rebuild-310.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

.github/workflows/rebuild.yaml

actions/checkout v3

camptocamp/initialise-gopass-summon-action v2

actions/cache v3

npm

package.json

yarn 1.22.19

pip_requirements

acceptance_tests/requirements.txt

poetry ==1.2.2

pip ==22.3.1

cryptography >=41.0.0

ci/requirements.txt

c2cciutils ==1.3.18

setuptools >=65.5.1

certifi >=2022.12.7

cryptography >=41.0.0

requirements.txt

poetry ==1.2.2

poetry-core >=1.1.0a7

pip ==22.3.1

cryptography >=41.0.0

poetry

acceptance_tests/pyproject.toml

c2cwsgiutils ==5.1.6

pytest ==7.2.2

pyproject.toml

geolinks 0.2.1

six 1.16.0

nose2 0.12.0

mock 4.0.3

lxml 4.9.2

Check this box to trigger a request for Renovate to run again on this repository

camptocamp / docker-qgis-server Goto Github PK

docker-qgis-server's Introduction

Docker image for QGIS server

Usage

Tuning

Running the client

Changelog

QGIS 3.22

Contributing

docker-qgis-server's People

Contributors

Stargazers

Watchers

Forkers

docker-qgis-server's Issues

Vulnerabilities

Details

Vulnerable Library - certifi-2022.9.24-py3-none-any.whl

Vulnerability Details

CVSS 3 Score Details (6.8)

Suggested Fix

Current behaviour

Behaviour to implemented

Current behaviour

Behaviour to implement

Awaiting Schedule

Detected dependencies

Recommend Projects

Recommend Topics

Recommend Org