Using Open Liberty with Docker

Open Liberty

Open Liberty is a lightweight Jave runtime that supports many modularized features. It is modularized and Docker friendly. It supports the full J2EE 8 Spec including, JNDI, JAX-WS/RS, and Spring Boot.

Docker Images

There are several variants of Open Liberty Docker containers available on DockerHub. The tags indicate what features are pre-installed. The kernel tag contains only the Liberty kernel; additional components are automatically downloaded from the online repository based on the contents of the server.xml.

While the kernel image is recommended as the basis for custom images, several other tags are available. There is also a full tag that enables all available components.

The remainder of the available tags is various permutations of the base operating system and the JDK. A complete list can be found at this location on Dockerhub. For the most part, IBM Liberty and Open Liberty interchanged with each other with no code or configurations modifications.

Setup Variables

  • MP_HEALTH_CHECK - Monitor the server runtime environment and application metrics by using Liberty features mpMetrics-1.1
  • MP_MONITORING Check the health of the environment using Liberty feature mpHealth-1.0
  • HTTP_ENDPOINT - Add configuration properties for an HTTP endpoint.
  • TLS - Enable Transport Security in Liberty by adding the transportSecurity-1.0 feature
  • IIOP_ENDPOINT - Add configuration properties for an IIOP endpoint.
  • JMS_ENDPOINT - Add configuration properties for an JMS endpoint.
  • VERBOSE - When set to true it outputs the commands and results to stdout from

Complete documentation of these options is available on GitHub.

Creating the Image

The most straightforward possible image can be created by extending the full tag and adding your application to the config/dropins directory.

1FROM open-liberty:full
2EXPOSE 9080
3EXPOSE 9443
5COPY --chown=1001:0 target/guide-rest-intro.war /config/dropins/guide-rest-intro.war

This Dockerfile will create a Liberty server that uses the javaee-8 profile and will configure the application based on the settings that we pass in.

The image runs the user as 10001, so we have to make sure all files copied into the container have the proper permissions such that Liberty can read them.


The server.xml used for the full profile is generated below based on the above Dockerfile.

 1<?xml version="1.0" encoding="UTF-8"?>
 2<server description="new server">
 4 <!-- Enable features -->
 5 <featureManager>
 6 <feature>javaee-8.0</feature>
 7 </featureManager>
 9 <!-- This template enables security. To get the full use of all the capabilities, a keystore and user registry are required. -->
11 <!-- For the keystore, default keys are generated and stored in a keystore. To provide the keystore password, generate an
12 encoded password using bin/securityUtility encode and add it below in the password attribute of the keyStore element.
13 Then uncomment the keyStore element. -->
14 <!--
15 <keyStore password=""/>
16 -->
18 <!--For a user registry configuration, configure your user registry. For example, configure a basic user registry using the
19 basicRegistry element. Specify your own user name below in the name attribute of the user element. For the password,
20 generate an encoded password using bin/securityUtility encode and add it in the password attribute of the user element.
21 Then uncomment the user element. -->
22 <basicRegistry id="basic" realm="BasicRealm">
23 <!-- <user name="yourUserName" password="" /> -->
24 </basicRegistry>
26 <!-- To access this server from a remote client add a host attribute to the following element, e.g. host="*" -->
27 <httpEndpoint id="defaultHttpEndpoint"
28 httpPort="9080"
29 httpsPort="9443" />
31 <!-- Automatically expand WAR files and EAR files -->
32 <applicationManager autoExpand="true"/>
34 <!-- Default SSL configuration enables trust for default certificates from the Java runtime -->
35 <ssl id="defaultSSLConfig" trustDefaultCerts="true" />

If the out-of-the-box server.xml shown below is not adequate, you may customize it and add it to the container config directory.

1FROM open-liberty:kernel
2EXPOSE 8080
3COPY --chown=1001:0 target/guide-rest-intro.war /config/dropins/guide-rest-intro.war
4COPY --chown=1001:0 server.xml /config/

In addition, you may compartmentalize your server.xml by including other XML files. Update the server.xml with an include block and ADD the file in your docker container.

1<include optional="true" location="pathname filename"/>

You can also include environment variable references in your server.xml


Starting the Server.

If you would like to skip all the autoconfiguration magic simply make sure to supply a server.xml and add the following RUN command to your Dockerfile.

1RUN installUtility install --acceptLicense defaultServer

The CMD element from the base Dockerfile is

1CMD ["/opt/ol/wlp/bin/server", "run", "defaultServer"]

If for some reason you need to do additional work before the app server starts you can simply replace this line in your Dockerfile with a shell script that ultimately calls the server run.

comments powered by Disqus