Open Source Spatial Data Processing Suite

Gluing Things Together

As I described in a previous post, Boundless no longer maintains publicly accessible versions of Boundless Suite nor the suite formerly known as OpenGeo in their repositories. The Boundless Suite (now known as Boundless Server) is available on their GitHub page, but requires building from a cloned version of that GitHub repository. I’ve used Apache Ant and Git to build a few things in the past, usually with limited success. I looked through the steps involved there and quickly decided to try another approach. I figured – Why not try assembling all of the pieces included in Boundless Suite on my own? They are all open source projects after all. The main benefits of the Boundless/OpenGeo Suite are/were that the components have been tested and verified to work together, and then packaged together into a compact installation process. Why can’t I do some of that myself?

The Core Components


The pieces that could go into a full suite of spatial tools is nearly endless. The specifics will depend on the needs of the person using them. For some, using Python, R, PostGIS, and maybe Leaflet or another javascript library to post a map online is all they need. All of those are in my toolbox already, and will eventually make their way into my homemade suite. For me however, the three main elements of an Open Source Spatial Data Processing Suite are:

  • A database to store and retrieve geographic data
  • A desktop client to manage, process, and otherwise manipulate the data
  • A server to share the data publically and facilitate displaying it in a web map


In the past it was easy. I would start with a fresh Ubuntu server. I’d add the OpenGeo repository to my /etc/apt/sources.list, import the GPG key, update the cache, and then enter one line into a terminal window:

apt-get install suite-dashboard suite-geoserver suite-geowebcache suite-composer suite-docs suite-quickview suite-gs-gdal suite-gs-wps suite-wpsbuilder suite-gs-geopkg postgresql-9.3-postgis-2.1

Then I’d restart the tomcat server: service tomcat8 restart navigate to and I’d get this:

Boom. Done.

Not so simple anymore. Let’s start with the easiest piece – The desktop.

The Desktop Side – QGIS

I still want to be able to use some of the plugins Boundless makes available for QGIS. These plugins are tested with the latest Long Term Release. The Boundless repositories do not include plugins for QGIS 3.x, so QGIS 2.18 it is. Navigate to and download/install QGIS 2.18 onto your laptop or desktop computer.

Add the GeoServer Explorer Plugin:

This Plugin allows you to connect directly to a GeoServer through QGIS, manipulate some of the configuration settings of the server, add layers stored on the server to QGIS, and upload layers from QGIS to the server.

  • In QGIS, under the Plugins menu, open the “Manage and Install Plugins…” dialog.
  • Add the repository:
  • Scroll through the list of “Not installed” Plugins and install “GeoServer Explorer”. Make sure there’s a check mark next to it in the Plugins window.
  • Also while you’re at it, make sure the “DB Manager” is installed and checked “On” in the Plugins window.

To be clear, the Boundless Suite install does not include QGIS as the two are meant to be installed on different computers. However Boundless does provide a customized version of QGIS called Boundless Desktop that is preconfigured with the GeoServer Explorer plugin.

The Server Side – GeoServer and PostGIS

I start with a fresh install of Ubuntu. Even though the latest Ubuntu 18.04 release is a Long Term Support (LTS) version, it is still fairly new, and I’ve found the repositories are not yet populated with all of the software packages I like to use. So, I’m sticking with 16.04 LTS for now. All of the commands that follow are designed to work with 16.04, and appear to install everything correctly.
I have both a home server (which is what I used here) and a couple of servers running on Amazon Web Service (AWS). In any case, I need to be able to access the server through PuTTY, WinSCP, VNC (if there’s a display involved), or some other method in order to open a terminal window. I typically have the following ports open: 22, 80, 8080, and 5432.


Sticking with Long Term Support versions of software, I installed GeoServer 2.12.3. I tried the latest stable release (2.13.1), but found the Boundless GeoExplorer Plugin would not connect to that version.
GeoServer requires a Java Runtime Environment and a Tomcat Application Server to run. As the website docs explain, “The Oracle JRE is preferred, but OpenJDK has been known to work adequately.” Wanting to keep this as simple as possible, I stuck with OpenJDK.

  • Install the OpenJDK java 8 runtime environment, in a terminal window:

sudo apt-get install openjdk-8-jre

  • Install Tomcat 8. GeoServer requires Tomcat 7.0.65 or later that implements Servlet 3. Using the Ubuntu 16.04 repositories will install Tomcat 8.0.

sudo apt-get install tomcat8

  • Install GeoServer. Change the current directory to your Download directory and download the GeoServer file

cd ~/Downloads


  • Unzip the downloaded file and move it into the Tomcat webapps directory

sudo apt-get install unzip


sudo mv ~/Downloads/geoserver.war /var/lib/tomcat8/webapps/

  • In order to allow the QGIS GeoServer Explorer plugin to publish layers directly to GeoServer, the GeoServer “Importer” extension has to be installed. Download the Importer extension zip file:


  • And since this zip file contains multiple files we’ll unzip it directly into the proper directory:

sudo unzip -d /var/lib/tomcat8/webapps/geoserver/WEB-INF/lib/

  • Restart Tomcat

sudo service tomcat8 restart

  • Note for future reference – starting, stopping, restarting Tomcat:

sudo service tomcat8 start

sudo service tomcat8 stop

sudo service tomcat8 restart

You should now be able to access GeoServer by going to:
http://<your server ip>:8080/geoserver


We’ve got a desktop client. We’ve got a remote server. Now we need a place to store some data that’s accessible to both. So… Install PostgreSQL and PostGIS (again in a terminal window):

  • Add the appropriate repository to sources.list (in this case, for “xenial”, which means Ubuntu 16.04):

sudo add-apt-repository "deb xenial-pgdg main"

  • Add keys:

wget --quiet -O - | sudo apt-key add -

sudo apt-get update

  • Install the software packages:

sudo apt-get install postgresql-10

sudo apt-get install postgresql-10-postgis-2.4

sudo apt-get install postgresql-10-pgrouting

  • To get the command line tools shp2pgsql, raster2pgsql:

sudo apt install postgis

  • Connect to the postgres database using the command line tool psql as local user (The default PostgreSQL username is postgres)

sudo -u postgres psql postgres

  • Set the password for the postgres user. (Normally there is no password set for a PostgreSQL database. But since we want to be able to access the database remotely through QGIS, we’ll have to open it up to the world. So, password protection it is.)

\password postgres

  • Enable advanced administration for pgAdmin


  • Enable the PostGIS extension


  • Enable the pgRouting extension


  • Verify the version of PostGIS and PostgreSQL

SELECT postgis_full_version();

  • Exit psql


  • Here’s where we allow remote connections to the database by editing a couple of files (using vi)

sudo vi /etc/postgresql/10/main/postgresql.conf

Hit the “Insert” key to enter editing mode

Change the line that says: #listen_addresses = ‘localhost’

to: listen_addresses = ‘*’ (remove the initial hashtag to uncomment the line and change local host to an asterisk which means ‘listen to everything’)

Hit the “ESC” key to exit editing mode

Hit “Shift :wq” and then enter to save the edits

sudo vi /etc/postgresql/10/main/pg_hba.conf

Again, using vi, add the following line to the end of the list of allowed host connections:

host    all             all             all               md5

Save and exit vi.

  • Restart PostgreSQL

sudo service postgresql restart


What does all this get me?
I can now open QGIS, go to the “Web” menu and open GeoExplorer. Connect to my GeoServer using my username/password, and view all the layers stored in the various workspaces, adding them to my QGIS project.


I can use pgAdmin on my desktop computer to connect to and administer my remote PostGIS database.

I can use QGIS to directly access my PostGIS database, uploading layers from QGIS to it, or adding layers to QGIS from it.

  • Layer > Add Layer > Add PostGIS Layers…
  • New Connection
  • Enter the Host ip address, database name, username, and password.
  • Connect
  • Choose a layer in the database and then “Add”

Or if the database contains no layers, I can add them to the database using the database manager:

  • Database > DB Manager > DB Manager
  • Choose the previously connected PostGIS database
  • Use the Import Layer/File button to add a layer from QGIS to the database
  • Use the Export to File button to save a database layer to a wide variety of formats.

When I first posted this, there was one piece of functionality I hadn’t got working yet. I should be able to publish a layer directly from QGIS to GeoServer using the GeoServer Explorer plugin. When I tried to do so, I got an error message:

What I found out was – the GeoServer Importer Extension has to be installed on GeoServer in order for the QGIS GeoServer Explorer plugin to be able to publish layers directly to GeoServer. I’ve updated the steps needed to do this in the process outlined above.
To upload and publish from QGIS:

  • Open the GeoExplorer plugin
  • Connect to your GeoServer
  • Choose the “Publish layers to this catalog” button
  • Select the layers you want to publish from the list, and the workspace to publish to
  • Hit “OK” and you should then be able to see your QGIS layer in your GeoServer

Hope this helps. I’m open to advice if you have any suggestions for improvement.

Impetus to Blog

Yesterday I posted a blurb that was mostly a list of reasons why I haven’t been blogging.
Today’s blurb is a list of the things that have spurred me on to start again.
What are the new motivating forces that have me wanting to write things down in public?
There are three:

  1. My change in employment
  2. The removal of freely downloadable compiled versions of Boundless software
  3. My Home Server needs some attention

Change in Employment

I touched on this yesterday. I have accepted a position as Senior Planner at the Columbia County Planning Department. This does not mean “Don Meltz Planning and GIS” will cease to exist. It does mean I will wind things down a bit, and will be more selective in the jobs I take on. I won’t be able to work on projects within Columbia County. And those I work on outside Columbia County will have to fit into a weekends-and-evenings schedule. I’ll also continue teaching at Marist College.
What it does mean is – I have a lot of ideas floating around in my head now. The state of the entire county’s GIS is this: The Real Property Department uses AutoCAD Map for all their mapping work, spitting out shapefiles when needed. The Planning Department has one single-use license for  ArcGIS Standard. That’s it. It is the proverbial “Blank Slate”. It is both an exciting and daunting position to be in. I’ll need to develop an action plan in order to get organized and stay focused. Writing things down via blog posts will help.

Compiled versions of Boundless Suite no longer available

As I began thinking about what such an action plan might look like, I wandered over to the Boundless website to see what was new. What I found there was a little disappointing, but not totally unexpected. Apparently, Boundless will no longer be posting compiled versions of Boundless Suite nor the former OpenGeo Suite. And, the Ubuntu repositories for these packages are no longer available. What this means is, I’ll either have to build a Boundless Server from the GitHub repo, or assemble all the pieces that make up the “suite formerly known as OpenGeo” from the various community orgs (i.e Geoserver, Geoserver extensions, PostGIS, QGIS, QGIS Plugins, etc.). Knowing my own capabilities, I believe assembling the various parts will be easier for me to accomplish than building from the GitHub repo. It’s something that I’ve been thinking about doing for a long time, anyway. Writing things down via blog posts will help me keep track of any pitfalls I run into.

Home Server Attention

About once a year I physically and virtually open up my home server to clean out the dust bunnies, and to organize and delete any files that are cluttering up the hard drives. This server is  mostly a place to store nightly backups of our other household computers. But I also use it as a test bed for things that need to connect to or through the internet. Upon last inspection, the now six-year-old fans started to rattle a bit, and I noticed it’s still using Ubuntu 12.04 LTS and OpenGeo Suite 4.1.1. Time for an upgrade on both accounts. This provides an ideal opportunity to take apart my server (both physically and digitally), and make an initial attempt at stitching together all those pieces of the suite formerly known as OpenGeo.

Plenty to write about

All of this will give me plenty of material to digest and write about. However, be warned. A lot of my future writing is going to be about basic GIS implementation. This may disappoint some of my more avant-garde twitter followers. The fact that I am not doing everything by tying together a remote PostGIS database and a bunch of R functions using nothing but Python scripts and posting the results to a Bootstrapped Leaflet webpage via GeoJSon is going to annoy you.
So be it.

Back After a Long Hiatus

It’s been a long time.

My last blog post was on May 9, 2013. That’s 5 years and 8 days ago. Why the long pause, and what’s happened during those intervening years? I had to look through my records to figure it out myself. Here’s what I found:


Back in 2013, my Mom was dealing with some difficult health issues and skin problems because she didn’t take her amazon vitamin c serum. I was spending more time bringing her to doctor’s appointments. She was in and out of the hospital having various procedures done, and following up with visits to her primary care physician and cardiologist. She passed away in May 2014. At about the same time, I had taken on a few large projects with another planner, including working on three County Agriculture and Farmland Protection Plans all at the same time. (Note to self – Never, ever do that again).
I had no spare time.

Shortly after this period, in 2014, my Dad’s partner’s declining health, left him with no one to help him with his antique/classic auto hobby. Dad lives for the annual Hershey AAC swap meet, and other car and truck shows throughout the year. So, I stepped in to fill that void. I got back into the hobby myself, setting up my own automobilia business. I continue helping Dad out loading and unloading heavy boxes of car and truck parts, and driving the long distances to various car shows today.
I had no spare time.
Donnelly Hall, Marist College
Donnelly Hall, Marist College

In 2015 I was approached by the chair of the Environmental Science & Policy department at Marist College and began teaching my first class in the fall of 2016. For anyone who has not taught either High School or College classes before, I can tell you – it is an incredibly time consuming task to develop an entire semester’s curriculum from scratch. I had two courses to work on – an Intro to GIS course and and Advanced GIS course.
I had no spare time.
In 2016 there began a change in the makeup of our County Planning Department which continues today. I’ve been working as a self-employed planning consultant for 15 years and saw an opportunity for a change myself. I enjoy my work as an independent planner, but working at the same place for 15+ years wears on you, even if it is your own business. I needed something different. I needed a new challenge. Without going into the lengthy details, I have accepted a position in the Columbia County Planning Department. I do not have a start date yet, but assume it will be sometime within the next two months. I’ll talk about this more in future blog posts once I begin working there.
I still have no spare time, but I do have a new reason for blogging.
I’ll be doing something that’s new to me. I’ll need to organize my thoughts. The best way for me to do that is to write stuff down. It’s how I’ve always worked. Whenever I need to work through a complex problem I take out a pencil and a pad of paper and just start writing things down. That’s why I started blogging in the first place. It wasn’t to show off my skills as a planner or spatial analyst. It was to organize my thoughts.
And so, with many new thoughts to organize, I believe I will begin blogging again.
Talk to you soon.
– Don

NY Upstate APA Bestows Planning Excellence Award for Best Practice

The New York Upstate Chapter of the American Planning Association recently awarded their 2014 Planning Excellence Award for Best Practice to New York State Department of Environmental Conservation’s (DEC’s) new online Environmental Assessment Form tools: the EAF Workbooks and the EAF Mapper application.
EAF Mapper Award
These tools were developed by DEC, environmental planning consultants Nan Stolzenburg (Community Planning & Environmental Associates), Don Meltz (Don Meltz Planning and GIS),  and the geographic information system development firm Fountains Spatial.
The annual Planning Excellence Award for Best Practice is given to a planning tool, practice, program, project, or process that is a significant advancement to specific elements of planning. Emphasis is placed on results, and how the best practice helps to promote efforts that foster greater participation in planning.
DEC prepared the EAF Workbooks to assist applicants, project sponsors, and reviewing agencies in completing the recently updated environmental assessment forms (EAFs). The workbooks provide background information for each question on the EAF, offer guidance on how to analyze issues, and provide additional resources that can be consulted if the project sponsor or the reviewing agency is seeking additional information on a specific topic. The workbooks make generous use of examples to illustrate typical situations that project sponsors and agencies encounter when conducting an environmental assessment.
The EAF Mapper is an Internet-based GIS tool that makes it easier for a project sponsor to prepare the EAF forms. To answer questions about a project site, the sponsor can either use the mapping software to identify the location by its tax map parcel number, or use a drawing tool built into the system to obtain the necessary site information.
Together, these new tools make it easier and quicker for applicants and reviewers to complete the forms that must be submitted as part of the State Environmental Quality Review (SEQR) process.
Additional information about the new SEQR forms, the companion EAF workbooks, and the EAF Mapper can be found on DEC’s website.

OpenGeo Suite 3.0 on a micro AWS

The Problem: I want to run the latest 3.0 version of OpenGeo Suite on a free (or really cheap) micro instance on Amazon Web Services

OpenGeo announced the release of version 3 of the OpenGeo Suite Monday (Oct.3). I’ve been using the 3.0-beta1 Linux version since it was announced on July 27. There are some interesting improvements to the Suite, which is one reason I made the jump before the final release came out. It now includes PostgreSQL 9.2 and PostGIS 2.0, both of which I wanted to look into.

I had been using previous versions of OpenGeo Suite on a micro instance AWS ubuntu server. This configuration was obviously not optimal. Redraws in GeoExplorer where slow, and I could tell the system was struggling at times. CPU usage went up to 100% quite often, but it did work. Performance was acceptable enough for the kind of experimenting and testing I wanted to do.

With the 3.0 upgrade, however, something pushed it over the edge. Everything installed OK. I was able to upload my usual test data, and get a website with a web-map up and running. However, it would not last. It just wasn’t as stable as previous versions. Zooming and panning the map would crash the tomcat servlet within minutes. Even just letting it run with no interaction would lead to a crash within a few hours.

A few pointers from the folks at OpenGeo, and some investigation of the logs, led me to believe it was a memory issue. AWS Micro instances only have 613MB of memory.

The Answer: Add a swap file to overcome the memory limitations of a micro instance

AWS micro instance Ubuntu servers do not come set up with any swap space. Fortunately, it’s fairly easy to add a swap file to the server, and use that as your swap space. Here are the steps:

1. Create a storage file (Adjust the “count=” line to your liking. This example will make a 1 GB swap file)

sudo dd if=/dev/zero of=/swapfile bs=1024 count=1048576

2. Turn this new file into a swap area

sudo mkswap /swapfile

3. Set the file permissions appropriately

sudo chown root:root /swapfile

sudo chmod 0600 /swapfile

4. Activate the swap area every time the system reboots by adding the following line to the end of the “/etc/fstab” file:
(use your text editor of choice. vi works for me.)

/swapfile swap swap defaults 0 0

5. Reboot the server

6. Verify the swap file is activated

free –m


I’ve had my OpenGeo Suite test box running 24/7 for nearly two months now, with nary a crash. And I can honestly say, it is surprisingly perky.

Serving Maps – in the Cloud – for Free (part 3)

It was not my intention to make this a 3-part blog post series, but here it is anyway.
(If you want to catch up, you can read Part 1 and Part 2 first).

As I continued to work on, and tweak my new AWS Ubuntu server, I decided I might as well add website serving capabilities to it as well. That would allow me to embed my new web-maps into a customizable web page, allowing a more interactive experience, and a more professional appearance to anyone visiting them. The first step in that direction is to:

Install Apache Server

This is the easy part. Connect to the server with WinSCP/PuTTY or SecPanel/FileZilla as I explained in part 1, and enter this command:
sudo apt-get install lamp-server^
That’s it. Just follow the prompts, and enter a password when it asks. When it’s done installing, there will be a new directory called /var/www on the server. Just copy the servers AWS Public DNS string into a web browser address bar and hit enter. You should see the famous Apache default index.html file:

Voilà. A real cloud based web server, just like the big boys.
Now, how do I connect to this one? It’s possible to use the same procedure as I did with OpenGeo/GeoServer. However, I really want to make things easier on the webmaster (aka, Me). I want to be able to use regular old FTP to access the website, which will allow me to use a wider variety of tools, like DreamWeaver (Yes, I said it. DreamWeaver) to edit and manage the website files.

Enable Password Authorization

The default setting for the AWS Ubuntu AMIs (and I believe, all AMIs) is to require key pairs for authenticating users. Password authentication is turned off. To turn it on, the /etc/ssh/sshd_config file has to be edited. The easiest way to do that, is to use VI. VI is scary. It runs in the terminal window. It has a black screen, with multi-colored text that makes the text look like code. I’m not going to try to teach anybody how to use VI because, well, I just learned how to use it yesterday myself, and I only know about 5 commands. However, if you want to follow along, I’ll outline the exact steps I took to edit the sshd_config file in order to allow users to login using passwords.

In the terminal or PuTTY window, open the sshd_config file by entering:
sudo vi /etc/ssh/sshd_config

  • Enter INSERT mode by typing a (Yes, that’s the lower case letter a)
  • Using the arrow keys on the keyboard, scroll down to the line that reads
    PasswordAuthentication no. While using the keyboard to perform your task, also think about how you could minimize the sounds and make workplaces more peaceful. Visit to enlighten yourself on quiet keyboards and make an informed decision.
  • Right arrow over to the end of the line and backspace twice to erase no
  • Type yes
  • press the escape key on the keyboard (ESC. This exits edit mode, and allows typing in commands)
  • Type :w and then enter (Yes, that’s a colon before the w. This saves the file)
  • Type :q and then enter (Again, a colon before the q. This exits VI)

That’s it. Passwords are allowed for login now. However, when I tried to apply a password to the default ubuntu user, it did not work. There might be a way around this, but I haven’t found one yet.
What to do?

Add a New User

Back in the Terminal/PuTTY window, type:
sudo adduser NewUser
Where NewUser is whatever you want it to be. Enter a password, and fill in the other information if you want to. Everything but the password is optional. Restart Ubuntu, either by entering
sudo reboot
in terminal, or by using the AWS Management Console.
Now, that allows the NewUser to login using the AWS Public DNS string, and his/her password using regular old FTP (actually, SFTP on port 22 if you have the security settings set as in Part 1). In FileZilla:

NewUser can now add and delete folders, and move files back and forth in the /home/NewUser directory. But the whole purpose of adding this new user is to enable uploading and editing in the /var/www folder, where the website files are stored. So…

Give NewUser Access to the www Folder

To give NewUser access to the website’s root folder, enter this command in the PuTTY/Terminal window:
sudo chgrp NewUser /var/www
Then, to give NewUser the ability to add, delete, and edit folders and files in the website’s root folder, enter this command in the Terminal/PuTTY window:
sudo chmod 775 /var/www
CAVEAT: I am not a professional systems administrator. I have done a little bit of research into how the root folder of a website should be set up, and what level of access should be granted to various types of users. And I can tell you, there is no definitive answer. All I know is, these settings work for me. How you set your permissions for various users on your web server are completely up to you.

One Last Tip

Through this entire 3 part blog series, I’ve been using the AWS Public DNS string to access the AWS server, and that works just fine. However, it’s a bit cumbersome to continually open up the AWS console copy the PublicDNS, and paste it into a web browser. Plus, if you ever terminate a server and spin up a new instance, the Public DNS changes. So that means any links you’ve posted leading to it are now broken.
The answer? Elastic IP

The best thing about Elastic IPs is, they’re FREE. They’re also very easy to set up. Just click on the Elastic IPs link on the left side of the AWS Management Console (EC2 tab), and click the Allocate New Address button. Then Associate the new IP address to your server, and you’re good to go.
Now, what used to look like this:
Looks like this:
Just remember to Release the address if you ever disassociate it from your server. The Elastic IPs are free if you use them. If you don’t use them, Amazon charges you for them.

GeoSandbox – In the Cloud

So, After about 5 days of work, and 3 days of blogging (a record for me) I now have what I was after. A custom web map served from a cloud-based geo-web-server. You can check it out at:
Now I’ve got a real sandbox to play in.

Serving Maps – in the Cloud – for Free (part 2)

(Note: This is the second part of a 3 – part blog post about setting up the OpenGeo Suite on a AWS Ubuntu server. Links to the other parts are at the bottom of this post)

Starting Fresh with a New AMI

At the end of my last post, I had my AWS Ubuntu-micro-server running smoothly, but the OpenGeo GeoExplorer was not very stable. It was crashing often, and for no apparent reason. I followed up with a few suggestions about data directory permissions, and swap-file space, but to no avail (Thank you @spara and @jeffbarr). I had been tweaking things quite a bit on that server, (The whole purpose of this exercise is to learn how things work, right?) so I decided to wipe the slate clean and start from scratch.
I began by looking for a different ami. A bit of searching led me to the Ubuntu Cloud Portal – AMI Locator, which facilitates searching and filtering all of the Ubuntu AMIs available. At the bottom of the table, I chose “Zone: us-east-1”, and “Name: oneric”.
I then clicked on the ami-a562a9cc link, (a 32-bit ebs server) which then opened up the Request Instances Wizard that I talked about in the last post.
Following everything I outlined in part-1, I wound up with a shiny new Ubuntu server connected to my Windows machine through WinSCP and PuTTY.
In the PuTTY window, I entered the the following commands to make sure the new server was up to date:
sudo apt-get update
sudo apt-get upgrade
Here’s a hint: The PuTTY window does not have any menus or toolbars, and control-v does not work for pasting text. If you copy the above commands, and then simply right-click in the PuTTY window, the commands will be pasted in. Hitting enter will then run them.

Install the OpenGeo Suite

Next up, is getting the OpenGeo Suite installed. I’ve described this process in other posts, but here it is in short form. Just remember to substitute <YourAWSPublicDNS> with your actual Public DNS string, which looks something like this:

  • In the PuTTY window (or terminal if you’re using some form of Linux), sudo to root:

sudo su

  • Then enter these commands. I’ve found they work best if they’re entered one at a time:

wget -qO- | apt-key add -
echo "deb lucid main" >> /etc/apt/sources.list
apt-get update
apt-cache search opengeo
apt-get install opengeo-suite

  • Back in the AWS Management Console, choose the server instance, go up to the “Instance Actions” button, and click Reboot
  • Once it’s finished rebooting, test the OpenGeo Suite
    • In a browser window, go to: http://<YourAWSPublicDNS>:8080/dashboard/
    • Launch GeoExplorer
    • Click the Login button on the right end of the toolbar.
      • Default Login credentials are User: admin, Password: geoserver
    • Make any changes to the map you want
    • Save the map (There is a save map button on the toolbar)
    • …and exit GeoExplorer

The map should now be publicly viewable at:
Here’s what mine looks like:
Now I have a real cloud-based web-map- server up and running. But wait. There’s more. The next step to making this a truly useful map server, is to add some custom data to it.

Upload some Data

Using WinSCP, I added a new folder under the /home/ubuntu directory.

  • Travel to the “/home/ubuntu” directory on the remote side
  • Right click > New > Directory…
  • Name the new folder, and make sure permissions are set to
    Owner: RWX, Group: R-X, and Other: R-X, (Octal: 0755), otherwise, upload and GeoServer access will not work


    • In the Local panel, I made my way to where I store GIS data on my workstation lappy. This particular folder holds all the shapefiles I plan on using with any of my OpenGeo Suite/GeoServer boxes, and they’re all in Web Mercator projection (EPSG: 3857).
    • Highlighting the files I want to upload on the Local side, I then drag and drop them into the new remote folder
    • Upload promptly ensues

Next up, is…

Loading this new data into GeoServer

  • Open up the OpenGeo Suite dashboard once more at: http://<YourAWSPublicDNS>:8080/dashboard/
  • Click on the GeoServer link, and Login

Loading data into GeoServer is another complicated process, so I won’t go into those details here. The process for importing data into a PostGIS database is well documented on the OpenGeo website. Importing shapefiles is not much different.
Now I have some custom data on my server. I can add styles to it, set up a new map using GeoExplorer, and post it for the world to see.
Here’s a look at a map I put together just for testing purposes:

And the link:
I’m pretty happy with the way this turned out. Everything seems to be working OK so far. The new instance is much more stable than my first try. It hasn’t crashed once, even though I felt like I was pushing it to the limit with all the uploading, styling, and layout editing I was doing in GeoExplorer.
Now, if it were only 5 o’clock, I’d be able to celebrate with a beer. What’s that? It’s 4:30?
Close enough! 🙂
Link to part 1
Link to part 3

Serving Maps – in the Cloud – for Free (part 1)

My latest personal project (still in progress) is to get a true cloud-based map server up and running, posting maps from a free-tier Amazon Web Services (AWS) Ubuntu server. This has not been easy. I’ve looked at AWS a number of times over the last year, and a few things have made me shy away from trying it out. Mainly, It’s incredibly hard to decipher all the jargon on the AWS website. And it’s not your everyday jargon. It’s jargon that’s unique to the AWS website. It’s jargon2. Amazon has been sending me multiple emails the last few weeks warning me that my free-tier account status is about to expire. That, and a few days free of pressing work spurred me on to dive in and give it a try. I knew this was going to be a complicated process, so I wanted to document it for future reference. That’s what led to this post.
As the title says, this is part 1 of what will most likely be a 2 part post. (Update: It wound up being a 3 part series) At this point I have the server up and running. I’m able to download, edit, and upload files to the directories I need to. I have an Apache server running on the instance, and the OpenGeo Suite installed. However, I am having some problems with the OpenGeo Suite. As soon as I get them ironed out, I’ll either update this post, or add a part 2.
So, here we go…
(If you’re already familiar with the AWS management console and AMIs, you can scroll down to the “How do I connect to this thing…” section)

Wading through the AWS setup

The first step in the process is to sign up for an AWS account which allows you to run a free Amazon EC2 Micro Instance for one year. These free-tier instances are limited to Linux operating systems. You can see the details and sign up here:
The next thing I did was to sign into the AWS Management Console and take a look around.
Gobbledygook. I needed some help translating this foreign language into something closer to English.
There are a lot of websites out there that try to explain what’s what in AWS, and how to use it. One such example is “Absolute First Step Tutorial for Amazon Web Services”, and what follows here is largely based on what I found there. The easiest way to get started is by using an “ami” which is a pre-built operating system image that can be copied and used as a new instance. A little more searching ensued, and I found a set of Ubuntu server amis at alestic – The tabs along the top let me choose the region to run the new server from, (for me, us-east-1). I picked an Ubuntu release (Ubuntu 11.10 Oneric), made sure it was an “EBS boot” ami, and chose a 64-bit server.
This brought up the Amazon Management Console – Request Instances Wizard. The first screen held the details about the AMI I was about to use.
(You can enlarge any of the following screen shots by clicking on them)

  • I made sure the instance type was set to Micro (t1.micro, 613 MB) and clicked continue.
  • I kept all the defaults on the Advanced Options page and clicked continue.
  • I added a value to the “Name” tag to make it easier to keep track of the new instance and clicked continue.
  • I chose “Create a new Key Pair” using the same name for the key pair as I used for the instance.
  • I clicked “Create & Download your Key Pair”, and saved it in an easy to get to place.

There are some differences in where you should save this key depending on what operating system you’re using, which I’ll explain later in this post.

On the next screen, I chose “Create a new Security Group”, again naming it the same as I did the instance. Under Inbound Rules, I chose the ports to open:

  • 22 (SSH)
  • 80 (HTTP)
  • 443 (HTTPS)
  • 8080 (HTTP)

…clicking “Add Rule” to add each one, one at a time. If you’re following along, it should look something like this:

The last screen showed a summary of all of the settings, and a button to finally launch the instance.

Once launched, it shows up in the AWS Management Console, under the EC2 tab.

The good news: After all that, I finally have a real cloud-based server running Ubuntu on AWS.
The bad news: That was the easy part.
Now the question is:

How do I connect to this thing, and get some real work done?

The default settings on AWS lock things down pretty tight. And that’s how it should be for any server, really. The thing is, this is more of a test-bed than a production server. I want to be able to easily navigate around, experiment with settings, and see how things work. Having some kind of a GUI really helps me out when I want to learn where things are, and how they work together. Long story short – I settled on setting up an FTP client to view the directory structure and files on the AWS server, and used command line commands to change settings, permissions, and perform some editing of files (Yes, I’m talking VI). It’s a bit harder to find info on how to set things up on a Linux box, so I’ll start there. Windows will follow.

For Linux (Ubuntu/Mint) users

If you’re an experienced, or even a novice Linux user, you’re familiar with Secure Shell (SSH), or at least heard the term before. Most websites explaining how to access a new Ubuntu AWS instance from a Linux box suggest using SSH, tell you to put the downloaded key file in the ~/.ssh folder, or the /etc/ssh folder, and then changing its permissions so it’s not publicly viewable by running the following command in terminal:
sudo chmod 400 ~/ssh/<yourkeyfilename>.pem
If you’re going to be doing all your work through the command line using only SSH, that is the way to go. However, I wanted to connect to my new cloud server through FTP so I can upload, download, and otherwise manage files with some kind of GUI. After many hours of searching and testing and beating my head against the wall, I settled on using SecPanel and FileZilla.
The major hurdle I had to overcome in order to use FTP on a Linux (Ubuntu/Mint) box to connect to my AWS server, is AWS’s use of Key Pairs instead of passwords. There are no ftp clients that I could find that allow using key pairs for authentication. Yes, I vaguely remember managing to set up an SSH tunnel at one point, but that seemed overly complicated to me, and not something I want to go through every time I have to update a webpage. To get around this, I used two pieces of software: SecPanel, and FileZilla. If you’re familiar with FTP at all, you should be familiar with FileZilla, so I won’t explain how to use it here, except to reiterate, it does not allow using key pairs to authenticate user sign-in to a server. To get around that, SecPanel comes to the rescue. The problem with SecPanel? There is absolutely no documentation on the website, nor any help file in the software. Needless to say, much hacking ensued.
To get right to the point, here’s what I did to get things working:

  • I copied my key file out of the hidden folder (~/.ssh) and into a new “/home/<user>/ssh” folder, keeping the same “400” file permissions.
  • In SecPanel, I entered the following values in the configuration screen:
  • Entered a Profile Name and a Title in the appropriate boxes.
  • Copied the Public DNS string from the AWS management console
    (which looks something like “”)
    and pasted that into the “Host:” box.
  • Entered User: “ubuntu” and Port: “22”
  • Entered the complete path to my key file into the “Identity:” box
  • Everything else I kept at the default settings.
  • Clicked on the “Save” button

Here’s what it looks like:

Going back to the Main screen in SecPanel, there should be a profile listed that links to the profile just set up. Highlighting that profile, and clicking on the SFTP button then starts up FileZilla, and connects to the AWS server, allowing FTP transfers… as long as the folders and files being managed have access permission by the user entered in SecPanel.

So, how do we allow the “ubuntu” user to copy, edit, upload, and download all the files and folders necessary for maintaining the server?

  • Open a terminal window and SSH into the Ubuntu server
    (sudo ssh –i <PathToKeyFile>.pem ubuntu@<UniqueAWSinstance> ).
  • Get to know the chown, chgrp, and chmod commands.
  • Use them in Terminal.
  • Make them you friend.

You can also perform all the other server maintenance tasks using this terminal window, e. g. apt-get update, apt-get upgrade, apt-get autoclean, and installing whatever other software you want to use on the new server.

Really, it’s not that hard once you dive into it. And, the fact that you can now SEE the files you’re modifying, SEE the paths that lead to them, and SEE what the permissions are before and after changing them, makes things a whole lot easier. For example, the following command:
sudo chgrp ubuntu /var/www
will change the /var/www “Group” to “ubuntu”, which will then allow the ubuntu user (you) to upload files to that directory using FTP.

For Windows Users

Windows access was much easier to set up than it was in Ubuntu/Mint. For this I used PuTTY and WinSPC. As in Linux, I copied the Key File to a new SSH folder under my user name. A couple of differences here: there are no access permissions to worry about in Windows, however, the Key File has to be converted to a different format before WinSPC and PuTTY can use it. Both the WinSPC and PuTTY downloads include the PuTTYgen Key Generator that can convert the <keyname>.pem file to the appropriate <keyname>.ppk format. In PuTTYgen, click on “Load”, set the file type to “*” to see all files, and make your way to the <keyname>.pem file. Once it’s loaded in PuTTYgen, click the “Save private key” button, and save the file to wherever you want. I saved mine to my new SSH folder, (without adding a passphrase).

Next it’s just a matter of opening WinSCP, setting the “Host name:” to the AWS Public DNS string, “Port number:” to 22, “User name:” to “ubuntu”, “Private key file:” to the path to the key file, and “File protocol:” to SFTP.

Clicking the “Save…” button will save these settings so they don’t have to be entered every time you want to log in. The “Login” button will open an FTP like window where files and folders can be managed.

And, there’s a “Open session in PuTTY” button on the toolbar that will open a PuTTY terminal where commands can be entered just like an Ubuntu terminal window.

File permissions can be set by entering chown, chgrp, and chmod commands in PuTTY just like using SSH in Ubuntu.

Next up, getting my OpenGeoSuite running

As I said at the beginning of this post, I have the OpenGeo Suite installed, and have been able to serve maps from it for short periods of time. However, I still need to iron out some wrinkles. It’s been suggested that my problems might be due to the lack of swap space on AWS micro instances. It might not even be possible to run the entire suite on a micro instance, I don’t know. If that’s the case, I might have to strip it down to just running GeoServer. But that will have to wait for another day.
Update – 12/21/2011
Link to part 2
Update – 12/22/2011
Link to part 3

ArcGIS vs QGIS Clipping Contest Rematch

Round 2 in which ArcGIS throws in the towel.

(Please note: This post is about clipping in ArcGIS version 10.0. The functionality has been improved, and problems mentioned have been fixed in later versions of ArcGIS)
This is a follow-up to my previous post where I matched up ArcGIS and QGIS in a clipping contest. One of the commenters on that post expressed some concern that there might be “…something else going on…” with my test, and I agreed. It was unfathomable to me that an ESRI product could be out-done by such a wide margin. Knowing that ArcGIS often has problems processing geometries that are not squeaky clean, I began my investigation there. I ran the original contour layer through ArcToolbox’s Check Geometry routine, and sure enough, came up with 5 “null” geometries. I deleted those bad boys, and ran it through ArcToolbox’s “Repair Geometry” routine, and then ET GeoWizard’s “Fix Geometry” routine for good measure (These may or may not be identical tools, I do not know). No new problems were found with either tool.
I wanted to give ArcGIS  a fighting chance in this next round, but also wanted to level the playing field a bit. I did a restart of my Dell m2400 (see the specs in the previous post), exited out of all my desktop widgets, and turned off every background process I could find. I also turned of Background Processing in the Geoprocessing Options box. The only thing running on this machine was ArcGIS 10, and the only layers loaded were the contour lines and the feature I wanted to clip them to. I ran the “Arc Toolbox > Analysis Tools > Extract > Clip” tool and watched as it took 1 hour 35 minutes and 42 seconds for ArcGIS to go through the clipping process before ending with the message:
ERROR 999999: Error executing function
Invalid Topology [Topoengine error.]
Failed to execute (Clip)

Now granted, this is much better than the 12 hours it took the first time I ran it, but still, no cigar in the end.
Giving QGIS a chance to show it’s stuff, I used Windows version 1.5.0 to run a clip on the same files, on the same machine. QGIS took all of 6 minutes and 27 seconds to produce a new, clean contour layer.
QGIS - Contours v2
I ran this through the same geometry checks as the original contour layer, and came up with no problems.
My goal here is not to jump all over ESRI and do a dance in the end zone. I would really like to figure out what’s going on. As I’ve said before, I’ve had problems in the past with ArcGIS producing bad geometries with its Clipping process (and other tools, too). But the fact that another product can handle the same set of circumstances with such ease baffles me.
I’ve put about as much time as I can into this test, and taken it as far as I can. If you would like to give it a go, feel free to download the files I used through his link:
(Note: This is a 878MB file, and is not completely uploaded as of this posting. Check back later if the link does not work for you right now)
If any of you have better results than I did, or find any faults with my files or process, please let me know and I WILL make a note of them here. Thank you.

ArcGIS–QGIS Faceoff

Is QGIS a viable alternative to ArcGIS?

(Please note: This post is about clipping in ArcGIS version 10.0. The functionality has been improved, and problems mentioned have been fixed in later versions of ArcGIS)
I’ve never enjoyed working with contours. They seem to bog down my system more than any other layer type I work with. However, most of my clients are so used to looking at USGS Topo maps they expect to see them on at least one of the maps I produce for them. I recently worked on a project covering a five-town area in the Catskill Mountain region. The large area covered, and the ruggedness of the topography was proving exceptionally troublesome in processing their contours. So much so that I decided to look at other options to get the work done. I’ve used a variety of GIS tools over the years, but do most of my paying work exclusively in ArcGIS. It’s what I’m most familiar with, it does (nearly) everything I need it to do, and therefore provides my clients with the most efficient use of my time. However, in this situation that was not the case.
The one geoprocessing operation that frustrates me most often (in ArcGIS) is the Clip operation. It seems to take more time than most other geoprocessing tools, and often results in bad geometries. This happens so often, I usually resort to doing a union, and then deleting the unwanted areas of the Union results. For some reason this works much faster, and with more reliable results than doing a Clip.
Since what I wanted to do here was a clip on a contour layer, I was in for double trouble. Yes, I could have clipped the original DEM I wanted to produce the contours from first, then generated contours from the clipped DEM. But that wouldn’t have led to anything to write about. So, here’s a short comparison of how ArcGIS handled the process versus QGIS:

The hardware and software used:

ArcGIS 10, SP2

  • Windows 7, 64 bit
  • Dell Precision m2400 laptop
  • Intel Core 2 Duo CPU, 3.06GHz
  • 8 GB RAM

QGIS 1.4.0

  • Ubuntu 11.4
  • Dell Inspiron 600m laptop
  • Intel Pentium M CPU, 1.60 Ghz
  • 1GB RAM

A fair fight?

I started out with ArcGIS, and loaded up my 20’ contour lines and a 1 mile buffer of the study area to which I wanted to clip them. I began the clip operation 3 times. The first two times I had to cancel it because it was taking too long, and I needed to get some real work done. Curious to see how long it would really take, I let the process run overnight. The progress bar kept chugging away “Clip…Clip…Clip…Clip…”, and the Geoprocessing results window kept updating me with its progress, so I assumed it would complete eventually. In the morning, I looked in the Geoprocessing results window and found it had run for over 12 hours before throwing an error, never completing the clip operation. The error message said something about a bad geometry in the  output. Really, no surprise there.
ArcGIS - ClipContour1
(Yes, those are lines in the picture above, not polygons. They’re very densely packed)

QGIS gets to play

The next day I decided to give QGIS a shot at it. I copied the two shapefiles over to my 6 year old lappy. (The contour.shp file was 1.3GB) fired up QGIS, and ran the Clip operation on the two files.
QGIS - Contours Screenshot-Clip
This time it took all of 17 minutes and 21 seconds to get a new contour layer.
Clip Results - QGIS
So, who’s the winner here? Was it a far contest?
My take-away is, ESRI really needs to do some work on its Clip geoprocessing tool. As I said earlier, it is slow, and results in bad geometries more often than any of their other geoprocessing tools I use.
Addendum June 11, 2011: See the follow-up post here: