Upgrading Geoserver in IN‐CORE kube cluster

1. Upgrade from Kartoza to official geoserver
   1. Reason for the upgrade - Current geoserver kartoza 2.17.1 is too old - current version is 2.23.x - there was security issue in the version that we are using - Decided to use official geoserver - when kartoza was chosen there is not official goeserver docker release - the reason why kartoza was set in in [here](https://opensource.ncsa.illinois.edu/confluence/display/INCORE1/History+of+geoserver+docker+in+IN-CORE)
   2. Things to check - Kartoza and official image's data mounting points are different - katoza: /opt/geoserver/data_dir - official: /opt/geoserver_data
   3. Modification - there are hardcoded data path and url of the namespace - those are recorded in xml files - there is a script in dev-scripts repository [utils/geoserver_utils/fix_datastore_url.py](https://github.com/IN-CORE/dev-scripts/blob/master/utils/geoserver_utils/fix_datastore_url.py) the script will scan the xml files then will replace necessary path and URLs - after script ran, the geoserver pod must be restarted
   4. General problems in upgrading
      1. POST/DELETE and preview are working - posting and deleting from incore-services were working okay. - layer preview from data viewer also worked okay after changing the local path change by fix_datastore_url.py
      2. GUI doesn't work - whether using newer version of kartoza or geoserver, there was a problem of GUI - GUI doesn't do pagination, search, and other settings - There were some logs and but not really fixed the problems - Browser console reported errors like POST https://maindomain.com/geoserver/web/wicket/bookmarkable/org.geoserver.web.data.layer.LayerPage?6-1.IBehaviorListener.0-table-filterForm-submit&filter=false 400
   5. How to Fix
      1. Updating the web.xml file in webapps folder - There was an information about this saying adding the white list inside the web.xml of the geoserver https://osgeo-org.atlassian.net/jira/software/c/projects/GEOS/issues/GEOS-9353/?filter=allissues&orderby=priority%20DESC&keyword=Csrf • <context-param> • <param-name>GEOSERVER_CSRF_WHITELIST</param-name> • <param-value>geodaten.metropoleruhr.de</param-value> • </context-param> • • <context-param> • <param-name>PROXY_BASE_URL</param-name> • <param-value>https://main-domain.com/geoserver</param-value> </context-param> - Since above block needs to have hard coded url, there were three images based on official 2.23.1 images has been made for tst, dev, and prod - Modify web.xml in container by adding above information - Deployed to dev and it worked okay - You can mount web.xml to your host machine so the above changes can be applied if you're use docker or docker-compose Fix without modifying web.xml file - by doing the following, the official geoserver image can be used as it is without building the custom image with the above web.xml file
      2. PROXY_BASE_URL - this can be fixed by using geoserver GUI - from left side menu bar of the geoserver GUI select Global under Settings menu - in Global Setting page, put Proxy Base URL to something like "[https://maindomain.com/geoserver](https://maindomain-dev.com/geoserver)"
      3. GEOSERVER_CSRF_WHITELIST - this can be fixed by giving the environment variable in to docker setting - GEOSERVER_CSRF_WHITELIST should be something like "maindomain.com"
   6. Summary of the process - add white list in web.xml of the geoserver - build geoserver image using official geoserver and replace the web.xml with the whitelist. The location is /opt/geoserver/apache-xxx/webapps/geoserver/WEB-INF - fix hard coded URL and data directory path in datastore xml files in mounted volume using fix_datastore_url.py in dev-scripts repository of IN-CORE github - deploy and test