geOrchestra comes with it's own GeoServer version, which is a very light fork for customization (header & geofence integration, mainly).

If needed, geOrchestra is able to work with an unmodified, standard GeoServer instance, provided the georchestra/geoserver_minimal_datadir custom datadir is used.

GeoServer:

make war

... or make deb to build a Debian package.

GeoServer with integrated GeoFence app:

make war-geofence

... or make deb-geofence to build a Debian package.

See the documentation.

geOrchestra's GeoServer runs behind a proxy which handles user authentication for on behalf of all geOrchestra back-end services (GeoServer, GeoNetwork, console, etc). Once authenticated, every proxied request contains a per-application configurable set of request headers with pre-authenticated user credentials.

GeoServer expects the standard sec-username and sec-roles headers, with the pre-authenticated username and list of roles respectively.

These headers will be picked up by org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilter.

When first starting a geOrchestra docker-compose cluster, this filter will be configured to use the above mentioned headers as established this configuration file at the georchestra/geoserver_minimal_datadir repository.