Skip to content

Docker Installation

This page describes how to deploy Galigeo using the official Docker image.

Prerequisites

  • Docker Engine 20.10 or higher installed on the host server
  • Network access to the Docker Hub registry (docker.io)
  • A GALIGEO_HOME directory prepared on the host server, containing the Galigeo configuration (database, license, etc.)

Pull the image

docker pull galigeodocker/galigeo-web:release-galigeo-g26.0-sp1

Run the container

Minimal startup

docker run -d -p 8080:8080 \
  -v /path/to/galigeo-home:/opt/galigeo \
  galigeodocker/galigeo-web:release-galigeo-g26.0-sp1

The application is available at http://<server>:8080/Galigeo.

note The GALIGEO_HOME directory defaults to /opt/galigeo in the image. It can be overridden with the -e GALIGEO_HOME=/other/path parameter.

Environment variables

Variable Default value Description
GALIGEO_HOME /opt/galigeo Galigeo configuration directory
JAVA_OPTS -Dfile.encoding=UTF-8 Additional JVM options

GALIGEO_HOME structure

All client-specific configuration is done through subfolders of GALIGEO_HOME. At startup, the entrypoint detects and applies them automatically.

galigeo-home/
├── ...                    # Standard Galigeo configuration (license, DB, etc.)
├── certs/                 # CA certificates to import into the JVM truststore
│   ├── my-internal-ca.crt
│   └── other-ca.crt
└── tomcat-conf/           # Custom Tomcat configuration files
    ├── server.xml         # Replaces the default server.xml
    └── keystore.p12       # SSL keystore for HTTPS

advice The certs/ and tomcat-conf/ subfolders are optional. If they are missing or empty, the container starts with the default configuration.

SSL / TLS Certificates

Adding certificates to the JVM truststore

If Galigeo needs to communicate with internal services using self-signed certificates or an internal CA (LDAP, SSO, database, API...), those certificates must be added to the JVM truststore.

Simply place the .crt certificate files in the certs/ subfolder of GALIGEO_HOME:

galigeo-home/
└── certs/
    ├── internal-ca.crt
    └── ldap-server.crt

At startup, the entrypoint automatically imports all .crt files found in this folder into the Java truststore (cacerts).

Enabling HTTPS on Tomcat

To expose Galigeo over HTTPS directly from the container, place a server.xml file and a keystore in the tomcat-conf/ subfolder of GALIGEO_HOME:

galigeo-home/
└── tomcat-conf/
    ├── server.xml
    └── keystore.p12

The server.xml file must include an HTTPS connector, for example:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="conf/keystore.p12"
                     certificateKeystorePassword="changeit"
                     type="RSA" />
    </SSLHostConfig>
</Connector>

note Remember to expose port 8443 when starting the container: -p 8443:8443

Full example

docker run -d \
  --name galigeo \
  -p 8080:8080 \
  -p 8443:8443 \
  -v /data/galigeo-home:/opt/galigeo \
  galigeodocker/galigeo-web:release-galigeo-g26.0-sp1

With the following directory structure on the host:

/data/galigeo-home/
├── ...                    # Galigeo configuration
├── certs/
│   └── internal-ca.crt
└── tomcat-conf/
    ├── server.xml
    └── keystore.p12

A single volume is all you need: everything is centralized in GALIGEO_HOME.