diff --git a/data-discovery/src/main/resources/formatresponsefilter.properties b/data-discovery/src/main/resources/formatresponsefilter.properties
index 997168d9f7d169b023c3379863e3cc9e9fd37a3c..179196d9730a483fe04015190da42a0aa1714ca6 100644
--- a/data-discovery/src/main/resources/formatresponsefilter.properties
+++ b/data-discovery/src/main/resources/formatresponsefilter.properties
@@ -8,7 +8,10 @@ db_password=
# VLKB-legacy: surveys metadata in csv file
surveys_metadata_abs_pathname=
-# these URL's are used in response.xml so client can access those services
+# these URL's (up to '?') are used in response.xml so client can access those services
cutout_url=
merge_url=
+# set reponse format
+# response_format=application/x-votable+xml
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1e4b48efa3302a7335f7e0e59cebf0d21622d1e7
--- /dev/null
+++ b/docker/Dockerfile
@@ -0,0 +1,41 @@
+FROM debian:bullseye-slim
+LABEL Description="vlkb tomcat9"
+
+WORKDIR /root
+ENV HOME /root
+
+
+RUN apt -y update \
+ && apt -y install sudo procps psmisc tree wget curl vim make build-essential checkinstall git \
+ libcfitsio-dev libpqxx-dev librabbitmq-dev libcsv-dev gfortran \
+ openjdk-17-jre-headless unzip \
+ rabbitmq-server openjdk-17-jre openjdk-17-jdk tomcat9 tomcat9-admin \
+ postgresql-client
+
+ENV JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64
+ENV CATALINA_BASE=/var/lib/tomcat9
+ENV CATALINA_HOME=/usr/share/tomcat9
+ENV CATALINA_TMPDIR=/tmp
+ENV WEBAPP_DIR=/webapps/vlkb-search
+
+RUN mkdir -p ${WEBAPP_DIR}
+ARG VLKB_VERSION
+COPY vlkb-search-${VLKB_VERSION}.war ${WEBAPP_DIR}/
+RUN cd ${WEBAPP_DIR} && jar -xf vlkb-search-${VLKB_VERSION}.war \
+ && mkdir /srv/surveys
+
+# Tomcat must load postgresql DB driver, vlkb-search does not explicitely load it
+COPY deps/postgresql-*.jar /var/lib/tomcat9/lib
+
+# configure
+
+COPY deps/server.xml deps/server-connector.xml /etc/tomcat9/
+COPY entrypoint.sh /root
+
+RUN echo "alias log-catalina='ls -t /var/log/tomcat9/catalina*.log | head -n 1 | xargs tail -200 '" >> /root/.bashrc
+
+# run
+
+RUN pwd && chmod +x /root/entrypoint.sh
+CMD ["sh", "-c", "/root/entrypoint.sh"]
+
diff --git a/docker/Dockerfile.vlkb b/docker/Dockerfile.vlkb
deleted file mode 100644
index 688cfb6ddd0975099fcdb718cc15742ea004a0ec..0000000000000000000000000000000000000000
--- a/docker/Dockerfile.vlkb
+++ /dev/null
@@ -1,44 +0,0 @@
-FROM debian:bullseye-slim
-LABEL Description="vlkb tomcat9"
-
-WORKDIR /root
-ENV HOME /root
-
-
-RUN apt -y update \
- && apt -y install sudo procps psmisc tree wget curl vim make build-essential checkinstall git \
- libcfitsio-dev libpqxx-dev librabbitmq-dev libcsv-dev gfortran \
- openjdk-17-jre-headless unzip \
- rabbitmq-server openjdk-17-jre openjdk-17-jdk tomcat9 tomcat9-admin \
- postgresql-client
-
-
-RUN mkdir -p /webapps/vlkb-search
-ARG VLKB_VERSION
-COPY vlkb-search-${VLKB_VERSION}.war /webapps/vlkb-search/
-RUN cd /webapps/vlkb-search && jar -xf vlkb-search-${VLKB_VERSION}.war \
- && mkdir /srv/surveys
-COPY postgresql-*.jar /var/lib/tomcat9/lib
-
-# Lines with postgresql_*.jar: provide DB-driver so Tomcat loads it
-# vlkb-search does not explicitely load DB-driver
-
-
-# configure instance
-
-COPY config-vlkb/auth.properties config-vlkb/neatoken.properties config-vlkb/iamtoken.properties config-vlkb/formatresponsefilter.properties /webapps/vlkb-search/WEB-INF/classes/
-
-#COPY ssl/keystore.jks /root/
-COPY ssl/server.xml ssl/server-connector-8080.xml ssl/server-connector-8443.xml /etc/tomcat9/
-
-# configure during docker run-time
-
-COPY entrypoint.sh /root
-
-RUN echo "alias log-catalina='ls -t /var/log/tomcat9/catalina*.log | head -n 1 | xargs tail -200 '" >> /root/.bashrc
-
-# run
-
-RUN pwd && chmod +x /root/entrypoint.sh
-CMD ["sh", "-c", "/root/entrypoint.sh"]
-
diff --git a/docker/Makefile b/docker/Makefile
index 71fa449a7fc3272c2094e513d916e7771b6b703d..edcbc73939708e3d0fe0215e928b79f654043a29 100644
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -32,7 +32,7 @@ ast-9.2.9.tar.gz:
.PHONY: build
build:
- docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile.vlkb .
+ docker build --build-arg VLKB_VERSION=$(VERSION) -t siav2 -f Dockerfile .
# the docker-login below needed a ca-cert(?) which in the middle of the certificate-chain,
# but was not automatically downloaded and also local cert/ket pair(?) ->
diff --git a/docker/config-vlkb/Obsolete/context-cutout.xml b/docker/config-vlkb/Obsolete/context-cutout.xml
deleted file mode 100644
index 4f5f504df9c52f4119d68bf48434f3afb0ae3861..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/Obsolete/context-cutout.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<Context docBase="/webapps/vlkb-cutout">
-
- <Resources allowLinking="true">
- <PostResources readOnly="false"
- className="org.apache.catalina.webresources.DirResourceSet"
- base="/srv/cutouts"
- webAppMount="/cutouts"/>
- <PostResources readOnly="true"
- className="org.apache.catalina.webresources.DirResourceSet"
- base="/srv/surveys"
- webAppMount="/surveys"/>
- </Resources>
-
-</Context>
-
diff --git a/docker/config-vlkb/Obsolete/tomcat-users.xml b/docker/config-vlkb/Obsolete/tomcat-users.xml
deleted file mode 100644
index 6587e75e97ec68e52749cd93b9e2a54f5a28e76d..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/Obsolete/tomcat-users.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<tomcat-users xmlns="http://tomcat.apache.org/xml"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
- version="1.0">
-<!--
- NOTE: By default, no user is included in the "manager-gui" role required
- to operate the "/manager/html" web application. If you wish to use this app,
- you must define such a user - the username and password are arbitrary. It is
- strongly recommended that you do NOT use one of the users in the commented out
- section below since they are intended for use with the examples web
- application.
--->
-<!--
- NOTE: The sample user and role entries below are intended for use with the
- examples web application. They are wrapped in a comment and thus are ignored
- when reading this file. If you wish to configure these users for use with the
- examples web application, do not forget to remove the <!.. ..> that surrounds
- them. You will also need to set the passwords to something appropriate.
--->
-<!--
- <role rolename="tomcat"/>
- <role rolename="role1"/>
- <user username="tomcat" password="<must-be-changed>" roles="tomcat"/>
- <user username="both" password="<must-be-changed>" roles="tomcat,role1"/>
- <user username="role1" password="<must-be-changed>" roles="role1"/>
--->
-
- <role rolename="manager-script"/>
- <user username="admin" password="IA2lbt09" roles="manager-script"/>
-</tomcat-users>
-
diff --git a/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf b/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf
deleted file mode 100644
index 9572cd452614d5a6e0de043eaed03c2d1c168f82..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/Obsolete/vlkb-obscore.datasets.conf
+++ /dev/null
@@ -1,15 +0,0 @@
-
-# root of path for local access
-fits_path_surveys=/srv/surveys
-
-# obs_publisher_did = <obscore publisher> ? <generated-pubdid>
-obscore_publisher=ivo://ia2.inaf.it/vlkb/datasets
-
-# full access URL: <obscore_access_url>/<storage-path>/<file-name>
-obscore_access_url=https://vlkb-devel.ia2.inaf.it:8443/vlkb/datasets/surveys
-obscore_access_format=application/fits
-
-# logging (holds last exec only)
-# log_dir=/tmp
-# log_filename=vlkb-obscore.log
-
diff --git a/docker/config-vlkb/Obsolete/vlkbd.datasets.conf b/docker/config-vlkb/Obsolete/vlkbd.datasets.conf
deleted file mode 100644
index bccc41819036738345cde389866cc381c672eb2f..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/Obsolete/vlkbd.datasets.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-
-# path to original files
-fits_path_surveys=/srv/surveys
-# path to generated cutouts
-fits_path_cutouts=/srv/cutouts
-
-# logging records last request only
-# log_dir=/tmp
-# log_filename=vlkbd.log
-
diff --git a/docker/config-vlkb/Obsolete/web-cutout.xml b/docker/config-vlkb/Obsolete/web-cutout.xml
deleted file mode 100644
index fc812cff418fd6ce0a87c7a737cad77b02efc2f7..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/Obsolete/web-cutout.xml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
- Copyright 2004-2005 Sun Microsystems, Inc. All rights reserved.
- Use is subject to license terms.
--->
-
-<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
- <display-name>Via Lactea. Query FITS datacubes.</display-name>
- <distributable/>
-
-
-
-<!-- no authorization filter configured -->
-
- <servlet>
- <servlet-name>default</servlet-name>
- <servlet-class>
- org.apache.catalina.servlets.DefaultServlet
- </servlet-class>
- <init-param>
- <param-name>debug</param-name>
- <param-value>1</param-value>
- </init-param>
- <init-param>
- <param-name>listings</param-name>
- <param-value>true</param-value>
- </init-param>
- <load-on-startup>1</load-on-startup>
- </servlet>
- <servlet-mapping>
- <servlet-name>default</servlet-name>
- <url-pattern>/</url-pattern>
- </servlet-mapping>
-
-
-
-
-
-
-
-
- <servlet>
- <servlet-name>vlkb_cutout</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_cutout</servlet-name>
- <url-pattern>/vlkb_cutout</url-pattern>
- </servlet-mapping>
-
- <servlet>
- <servlet-name>vlkb_mcutout</servlet-name>
- <servlet-class>ServletMCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_mcutout</servlet-name>
- <url-pattern>/vlkb_mcutout</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_merge</servlet-name>
- <servlet-class>ServletMerge</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_merge</servlet-name>
- <url-pattern>/vlkb_merge</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_availability</servlet-name>
- <url-pattern>/availability</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <servlet-class>VlkbServletFile</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_vosi_capabilities</servlet-name>
- <url-pattern>/capabilities</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>vlkb_soda</servlet-name>
- <servlet-class>ServletCutout</servlet-class>
- </servlet>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/soda</url-pattern>
- </servlet-mapping>
- <servlet-mapping>
- <servlet-name>vlkb_soda</servlet-name>
- <url-pattern>/vlkb_soda</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_merge</servlet-name>
- <servlet-class>UWSMerge</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>merge</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_merge</servlet-name>
- <url-pattern>/uws_merge/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_mcutout</servlet-name>
- <servlet-class>UWSMCutout</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>mcutout</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_mcutout</servlet-name>
- <url-pattern>/uws_mcutout/*</url-pattern>
- </servlet-mapping>
-
-
- <servlet>
- <servlet-name>uws_soda</servlet-name>
- <servlet-class>UWSSoda</servlet-class>
- <init-param>
- <param-name>name</param-name>
- <param-value>soda_uws</param-value>
- </init-param>
- <init-param>
- <param-name>rootDirectory</param-name>
- <param-value>/tmp</param-value>
- </init-param>
- </servlet>
- <servlet-mapping>
- <servlet-name>uws_soda</servlet-name>
- <url-pattern>/soda_uws/*</url-pattern>
- </servlet-mapping>
-
-</web-app>
diff --git a/docker/config-vlkb/auth.properties b/docker/config-vlkb/auth.properties
deleted file mode 100644
index c9c8aee27f0017b03a10a17896236eae4a93a018..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/auth.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-rap_uri=https://sso.ia2.inaf.it/rap-ia2
-gms_uri=https://sso.ia2.inaf.it/gms
-client_id=vospace_ui_demo
-client_secret=VOSpaceDemo123
-
-groups_autoload=true
-store_state_on_login_endpoint=true
-scope=openid email profile read:rap
-
-allow_anonymous_access=true
diff --git a/docker/config-vlkb/authpolicy.properties b/docker/config-vlkb/authpolicy.properties
deleted file mode 100644
index 1c59ef6ea99316ff778ca7dda6cb2cb3493aa9b3..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/authpolicy.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-db_uri=jdbc:postgresql://127.0.0.1:5432/vialactea
-db_schema=datasets
-db_user_name=vialactea
-db_password=ia2vlkb
-
-
diff --git a/docker/config-vlkb/formatresponsefilter.properties b/docker/config-vlkb/formatresponsefilter.properties
deleted file mode 100644
index aefae40446688958293732b5e57cfcb24caa57ec..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/formatresponsefilter.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-
-# used to retrieve extraCards to add to FITS_header (VLKB-only)
-surveys_metadata_abs_pathname=/srv/surveys/survey_populate.csv
-
-# these URL's are used to construct cutout merge requests strings in response.xml
-cutout_url=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_cutout
-merge_url=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_merge
diff --git a/docker/config-vlkb/iamtoken.properties b/docker/config-vlkb/iamtoken.properties
deleted file mode 100644
index e0935bb1f2d6f832b04b22c9dac817eac6741e5d..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/iamtoken.properties
+++ /dev/null
@@ -1,10 +0,0 @@
-
-#jwks_url=https://iam-escape.cloud.cnaf.infn.it/jwk
-introspect=https://iam-escape.cloud.cnaf.infn.it/introspect
-client_name=02cc260f-9837-4907-b2cb-a1a2d764fb15
-client_password=AJMi3qrB6AHRp_6y55tEwU-IpJ8uZ6X4QXeQ3W4la6dc-BlkzAY1OQpAE9hb1W7-VfYl4208FUtjE2Cl3hUYLkQ
-
-resource_id=vlkb
-
-non_authn_username=anonymous
-
diff --git a/docker/config-vlkb/neatoken.properties b/docker/config-vlkb/neatoken.properties
deleted file mode 100644
index 21793e2600441bc6122e1ce54387ad8525bbd297..0000000000000000000000000000000000000000
--- a/docker/config-vlkb/neatoken.properties
+++ /dev/null
@@ -1,7 +0,0 @@
-
-jwks_url=https://sso.neanias.eu/auth/realms/neanias-production/protocol/openid-connect/certs
-
-resource_id=vlkb
-
-non_authn_username=anonymous
-
diff --git a/docker/postgresql-42.2.5.jar b/docker/deps/postgresql-42.2.5.jar
similarity index 100%
rename from docker/postgresql-42.2.5.jar
rename to docker/deps/postgresql-42.2.5.jar
diff --git a/docker/ssl/server-connector-8080.xml b/docker/deps/server-connector.xml
similarity index 100%
rename from docker/ssl/server-connector-8080.xml
rename to docker/deps/server-connector.xml
diff --git a/docker/ssl/server.xml b/docker/deps/server.xml
similarity index 100%
rename from docker/ssl/server.xml
rename to docker/deps/server.xml
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 8a6f9cc88f6c03b37d2b9c7360629a9a5edec966..7b38f2ea824ab431e1e7c8eaad3d09d55d9bf107 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -7,89 +7,79 @@ LOG_FILE=/tmp/entrypoint.log
date
whoami
env
-#########################################################################
-#INST_DIR="/usr/local"
-WEBAPP_DIR=/webapps
+#########################################################################
+echo "run-time config (compose.yaml):"
echo "SECURITY : "$SECURITY
echo "DISCOVERY_CONTEXT_ROOT : "$DISCOVERY_CONTEXT_ROOT
-echo "DISCOVERY_DB_URI : "$DISCOVERY_DB_URI
-echo "RESPONSE_FORMAT : "$RESPONSE_FORMAT
-echo "URL_CUTOUTS : "$URL_CUTOUTS
-echo "INST_DIR : "$INST_DIR
+echo "DB_* : "$DB_URI" ["$DB_SCHEMA"] "$DB_USERNAME" / "$DB_PASSWORD
+echo "METADATA_PATHNAME : "$METADATA_PATHNAME
+echo "CUTOUT_SERVICE_URL : "$CUTOUT_SERVICE_URL
+echo "MERGE_SERVICE_URL : "$MERGE_SERVICE_URL
+echo "RESPONSE_FORMAT : "$RESPONSE_FORMAT
+
+echo "build-time config'd (Dockefile):"
echo "WEBAPP_DIR : "$WEBAPP_DIR
+echo "JAVA_HOME : "$JAVA_HOME
+echo "CATALINA_BASE : "$CATALINA_BASE
+echo "CATALINA_HOME : "$CATALINA_HOME
+echo "CATALINA_TMPDIR : "$CATALINA_TMPDIR
#########################################################################
+echo "<Context docBase=\"$WEBAPP_DIR\"/>" > $CATALINA_BASE/conf/Catalina/localhost/$DISCOVERY_CONTEXT_ROOT.xml
-if test -n "$DISCOVERY_CONTEXT_ROOT" && test -n "$DISCOVERY_DB_URI"
-then
- if test -n "$SECURITY"
- then
- cd $WEBAPP_DIR/vlkb-search/WEB-INF/ && rm -f web.xml && cp web-search-$SECURITY.xml web.xml && cd -
- fi
+# configure DB with ObsCore
+
+{
+ echo "db_uri=$DB_URI"
+ echo "db_schema=$DB_SCHEMA"
+ echo "db_user_name=$DB_USERNAME"
+ echo "db_password=$DB_PASSWORD"
+} >> $WEBAPP_DIR/WEB-INF/classes/search.properties
- echo "<Context docBase=\"$WEBAPP_DIR/vlkb-search\"/>" > /var/lib/tomcat9/conf/Catalina/localhost/$DISCOVERY_CONTEXT_ROOT.xml
- echo "db_uri=$DISCOVERY_DB_URI" > $WEBAPP_DIR/vlkb-search/WEB-INF/classes/search.properties
- echo "db_schema=datasets" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/search.properties
- echo "db_user_name=$DB_USERNAME" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/search.properties
- echo "db_password=$DB_PASSWORD" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/search.properties
- # use the same DB for authz permissions (ObsCore with extensions)
- cp $WEBAPP_DIR/vlkb-search/WEB-INF/classes/search.properties $WEBAPP_DIR/vlkb-search/WEB-INF/classes/authpolicy.properties
+# configure response format
+
+grep db_ $WEBAPP_DIR/WEB-INF/classes/search.properties > $WEBAPP_DIR/WEB-INF/classes/formatresponsefilter.properties
+{
+ echo "surveys_metadata_abs_pathname=$METADATA_PATHNAME"
+ echo "cutout_url=$CUTOUT_SERVICE_URL"
+ echo "merge_url=$MERGE_SERVICE_URL"
if test -n "$RESPONSE_FORMAT"
then
- echo "response_format=$RESPONSE_FORMAT" >> $WEBAPP_DIR/vlkb-search/WEB-INF/classes/formatresponsefilter.properties
+ echo "response_format=$RESPONSE_FORMAT"
fi
+} >> $WEBAPP_DIR/WEB-INF/classes/formatresponsefilter.properties
-fi
+# configure security
-
-# configure port/SSL connector: (path is relative to the dir where compose.yaml is
-# - web.xml to run filters set above
-# * ssl: set tomcat connector with certificates (ia2 needs SECTIGO, iam needs self-signed keystore.jks)
-# * keep right jjwt*.jar libs (ia2 authlib needs v0.11, iam needs v0.12)
-# assume all files in ssl sub-dir relative to where compose.yaml is
-# set volume mapping in compose.yaml: ssl/ -> /etc/pki/tls/
case $SECURITY in
ia2token)
- cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
- rm /webapps/vlkb-search/WEB-INF/lib/jjwt-*0.12*.jar
- ;;
+ cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+ cp /etc/pki/tls/server-connector.xml /etc/tomcat9/
+ cp /etc/pki/tls/auth*.properties $WEBAPP_DIR/WEB-INF/classes/
+ rm -f /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.12*.jar
+ ;;
iamtoken)
- cp /root/ssl/server-connector-8443.xml /etc/tomcat9/server-connector-8443.xml
- rm /webapps/vlkb-search/WEB-INF/lib/jjwt-*0.11*.jar
- ;;
- *)
+ cd $WEBAPP_DIR/WEB-INF/ && rm -f web.xml && cp web-cutout-$SECURITY.xml web.xml && cd -
+ cp /etc/pki/tls/server-connector.xml /etc/tomcat9/
+ cp /etc/pki/tls/iamtoken.properties $WEBAPP_DIR/WEB-INF/classes/
+ rm -f /webapps/vlkb-cutout/WEB-INF/lib/jjwt-*0.11*.jar
+ ;;
+ *)
echo "Security not configured, runs open."
- ;;
+ ;;
esac
-
-if test -n "$SECURITY"
-then
- cd /etc/tomcat9/ && ln -s server-connector-8443.xml server-connector.xml && cd -
-else
- cd /etc/tomcat9/ && ln -s server-connector-8080.xml server-connector.xml && cd -
-fi
-
-
-
-# configure access-token validation
-if test -f /srv/surveys/iamtoken.properties
-then
- cp /srv/surveys/iamtoken.properties $WEBAPP_DIR/vlkb-search/WEB-INF/classes/
-fi
-
-
-
+###################################################################
date
} 1> $LOG_FILE 2>&1
-JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64 CATALINA_BASE=/var/lib/tomcat9 CATALINA_HOME=/usr/share/tomcat9 CATALINA_TMPDIR=/tmp /usr/libexec/tomcat9/tomcat-start.sh &
+/usr/libexec/tomcat9/tomcat-start.sh &
wait -n
diff --git a/docker/compose-example.yaml b/docker/example-compose.yaml
similarity index 77%
rename from docker/compose-example.yaml
rename to docker/example-compose.yaml
index 5bfbbbfa115342ced9f5c74556a56b7653de4382..7b64047fb2b6c2d21f0418fb2854367f4a0af248 100644
--- a/docker/compose-example.yaml
+++ b/docker/example-compose.yaml
@@ -26,12 +26,15 @@ services:
- SECURITY=
#- SECURITY=ia2token
- DISCOVERY_CONTEXT_ROOT=vlkb#datasets#vlkb_search
- - DISCOVERY_DB_URI=jdbc:postgresql://vlkb-db:5432/vialactea
+ - DB_URI=jdbc:postgresql://vlkb-db:5432/vialactea
- DB_USERNAME=vialactea
- DB_PASSWORD=ia2vlkb
- #- VLKBOBSCORE_PG_URI=postgresql://vialactea:ia2vlkb@localhost:5432/vialactea
+ - METADATA_PATHNAME=/srv/surveys/survey_populate.csv
+ - CUTOUT_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_cutout
+ - MERGE_SERVICE_URL=http://vlkb-devel.ia2.inaf.it:8004/vlkb/datasets/vlkb_merge
#- RESPONSE_FORMAT=application/x-vlkb+xml
#- RESPONSE_FORMAT=application/x-votable+xml
+ #- VLKBOBSCORE_PG_URI=postgresql://vialactea:ia2vlkb@localhost:5432/vialactea
volumes:
- /srv/vlkb/surveys:/srv/surveys:z
#- ./ssl:/etc/pki/tls:z
diff --git a/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf b/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf
deleted file mode 100644
index 2d7b3fd09bb0a24f3f7a1f04af33ee0ec8269d5e..0000000000000000000000000000000000000000
Binary files a/docker/ssl/How to generate a self-signed SSL certificate using OpenSSL - Stack Overflow.pdf and /dev/null differ
diff --git a/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf b/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf
deleted file mode 100644
index c2e26bc3bcf6a7aadf1b8ab23fab0434464168ba..0000000000000000000000000000000000000000
Binary files a/docker/ssl/How to use OpenSSL and the Internet PKI on Linux systems Enable Sysadmin.pdf and /dev/null differ
diff --git a/docker/ssl/Makefile b/docker/ssl/Makefile
deleted file mode 100644
index cdc5c8deb2b2141a315d28b58e362d658237b0f7..0000000000000000000000000000000000000000
--- a/docker/ssl/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-
-
-
-keystore.jks:
- keytool -genkey -keyalg RSA -noprompt -alias tomcat -dname "CN=localhost, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore keystore.jks -validity 9999 -storepass tomcatskassl -keypass tomcatskassl
-
-
-showxml:
- xmlstarlet c14n server.xml
-
diff --git a/docker/ssl/keystore.jks b/docker/ssl/keystore.jks
deleted file mode 100644
index 57c469584925bdc3de5f6919123d67c5a3189560..0000000000000000000000000000000000000000
Binary files a/docker/ssl/keystore.jks and /dev/null differ
diff --git a/docker/ssl/server-connector-8443.xml b/docker/ssl/server-connector-8443.xml
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8443.xml
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it b/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8443.xml-SECTIGO-vlkb.ia2.inaf.it
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks
deleted file mode 100644
index 02ca4500189bcdf839f61eb03958e8284c4c9205..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyAlias="tomcat"
- certificateKeystoreFile="/etc/pki/tls/keystore.jks"
- certificateKeystorePassword="tomcatskassl"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG b/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
deleted file mode 100644
index 323456aa568ff5e7589dd347879f495d63833b51..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector-8443.xml-self-signed-keystore-jks-ORIG
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyAlias="tomcat"
- certificateKeystoreFile="/root/keystore.jks"
- certificateKeystorePassword="tomcatskassl"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-
diff --git a/docker/ssl/server-connector.xml b/docker/ssl/server-connector.xml
deleted file mode 100644
index 1ad61476dbe60e77851fa636d3c40009af30232e..0000000000000000000000000000000000000000
--- a/docker/ssl/server-connector.xml
+++ /dev/null
@@ -1,11 +0,0 @@
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- sslImplementationName="org.apache.tomcat.util.net.jsse.JSSEImplementation"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeyFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.key"
- certificateFile="/etc/pki/tls/SECTIGO/vlkb_ia2_inaf_it.crt"
- certificateChainFile="/etc/pki/tls/SECTIGO/CA.crt"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
-