tacticalrmm/docker
wh1te909 0737766a47 restart uwsgi workers after a while to free up memory 2020-03-01 12:31:04 +00:00
..
api restart uwsgi workers after a while to free up memory 2020-03-01 12:31:04 +00:00
app Fix dockerfile 2020-02-18 19:33:01 -05:00
meshcentral Add inital docker container support 2020-02-12 11:18:43 -05:00
nginx-proxy Fixed Scripts. Modified Nginx proxy to not depend on downstream containers being available on the network. 2020-02-17 11:33:47 -05:00
salt Remove debug from salt api config 2020-02-17 12:12:49 -05:00
.env.example Fixed file upload issue by modifying the reverse proxy to allow a higher body size 2020-02-16 19:25:15 -05:00
.gitignore Add inital docker container support 2020-02-12 11:18:43 -05:00
docker-compose.yml Fixed Scripts. Modified Nginx proxy to not depend on downstream containers being available on the network. 2020-02-17 11:33:47 -05:00
readme.md Fix Salt container and create a user/password from .env 2020-02-16 20:26:26 -05:00

readme.md

Docker Setup

  • install docker and docker-compose
  • Obtain wildcard cert or individual certs for each subdomain

Generate certificates with certbot

Install Certbot

sudo apt-get install certbot

Generate the wildcard certificate. Add the DNS entry for domain validation.

sudo certbot certonly --manual -d *.example.com --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns

Copy the fullchain.pem and privkey.pem to the cert directory.

Configure DNS and Firewall

You will need to add DNS entries so that the three subdomains resolve to the IP of the docker host. There is a reverse proxy running that will route the hostnames to the correct container. On the host, you will need to ensure the firewall is open on tcp ports 80, 443, 8123, 4505, 4506.

Run the environment with Docker

Copy the .env.example to .env then change values in .env to match your environment

cd docker
sudo docker-compose up -d

You may need to run this twice since some of the dependant containers won't be ready

Create a super user

sudo docker exec -it docker_api_1 python manage.py createsuperuser

Setup 2FA authentication

Get the 2FA code with

sudo docker exec -it docker_api_1 python manage.py generate_totp

Add the generated code to the .env file TWO_FACTOR_OTP in the docker folder

Rebuild the api container

sudo docker-compose up -d --build api

Use the generated code and the username to generate a bar code for your authenticator app

sudo docker exec -it docker_api_1 python manage.py generate_barcode [OTP_CODE] [username]

Connect to a container instance shell

run docker ps to get the name of the running container instance.

Then use the name in the below command. It will use the api container instance as an example

sudo docker exec -it docker_api_1 /bin/bash

If /bin/bash doesn't work then /bin/sh might need to be used.