Public | Automated Build

Last pushed: 2 years ago
Short Description
shp2pgsql RESTful API on a imatia/docker-postgis container
Full Description


shp2pgsql RESTful API on a imatia/docker-postgis container


docker run -p 29643:9643 -p 25432:5432 --name imatia-rest-shp2pgsql-postgis \
-e POSTGRES_USER=docker \
-e POSTGRES_PASSWORD=mysecretpassword \
-e REMOTE_PGDB=gistest \
-e SG_OAUTH2_APP_SECRET=oauth2sgappsecret \
-d imatia/docker-rest-shp2pgsql-postgis

The generated SQL will be imported on the postgres+postgis deployed on the container.

The HTTPS certificate is taken from /keystore.jks file placed on the container.

If you want to modify these and other settings, you can also provide the following env vars:

-e REMOTE_PGHOST=localhost
-e SHP2PGSQL_KEYSTORE_PATH=/keystore.jks 
-e SG_OAUTH2_CLIENT_ID=sgclientapp
-e SG_OAUTH2_ACCESS_TOKEN_URI=https://localhost:8080/oauth/token
-e SG_OAUTH2_USER_AUTHORIZATION_URI=https://localhost:8080/oauth/authorize
-e SG_OAUTH2_TOKEN_NAME=oauth2sgappsecret
-e SG_OAUTH2_LOGIN_ENDPOINT=https://localhost:8080/login
-e SG_OAUTH2_USER_INFO_URI=https://localhost:8080/me

If you want to provide your own HTTPS certificate without rebuilding the container you can use the -v flag to mount a host keystore location on the container, then specify its path and access credentials using the available env vars. e.g.:

docker run \
-v /path/to/keystore:/usr/share/keystores \
-e SHP2PGSQL_KEYSTORE_PATH=/usr/share/keystores/keystore.jks \


This service expects a .zip file with containing a shp layer definition and its related resources. It will execute the shp2pgsql command on the container with the provided parameters.


  1. Open a browser on the docker host and navigate to https://localhost:29643/swagger-ui.html
  2. Provide the authorization credentials, when required
  3. Fill the provided HTML form as the embedded documentation indicates to send a request and display its response


OAuth Service Invocation (gets an access token):

curl -X POST -d "client_id=oauth2clientid&client_secret=secret&grant_type=password&username=myuser&password=mypass" http://myoauth2authorizationservicehost:port/path/to/token
  • client_id must match --oauth2clientid app.jar command line parameter (defaults to sgclientapp)
    Service Invocation:
    curl -k \
    --header "Authorization: Bearer my-oauth-access-token" \
    -F "shpzipfile=@/data/" \
    -F "srid=4269:2163" \
    -F "geocolumn=mycolumn" \
    -F "indexgeocolumn=true" \
    -F "schemaandtable=myschema.mytable" \
    -F "droptable=true" \
    -F "returnsql=false" \
    -F "importsql=true" \
    -F "metadata={\"test\":\"This is a test\"}" \


  • You can run the service without requiring authentication using the env var -e SG_OAUTH2_DISABLE_SECURIZATION=true

  • Metadata is a required parameter but it only serves logging purposes. Any valid JSON string will do.

  • Basic input parameter validation is being tested. Try not to rely on it for production deployments.

  • Destination database and schema are not created by the service. They must exist and be write accessible with the provided credentials.

  • All non user/admin fixable errors give a 50X server error response with little to no further info. This is by design. For better error tracing you can enable JVM TI remote debugging on port 8000: -p 8000:8000 -e SHP2PGSQL_REMOTE_DEBUG=true



  • OAuth2 authentication
  • Param data is now named shpzipfile
  • database moved from request parameter to service configuration parameter
  • srid, geocolumn, indexgeocolumn request parameters are now optional
  • New parameter metadata: JSON object providing information on the request
  • Issue an error if the provided schema does not exist
  • Allow/disallow CORS through SHP2PGSQL_ENABLE_CORS env var
  • Enable/disable CSRF protection through SHP2PGSQL_DISABLE_CSRF_PROTECTION env var
  • Enable/disable JVM TI remote debugging through SHP2PGSQL_REMOTE_DEBUG env var


  • Allow providing the keystore on container deployment by using the environment variable SHP2PGSQL_KEYSTORE_PATH
  • Basic input parameter validation (This feature is being tested. Try not to rely on it for production deployments.)
  • Use Spring MVC Handler Interceptors to cleanup generated temporary files after serving requests

See also

Docker Pull Command