Server Docker Container
NOM server in a Docker container can be run in several contexts such as a Docker compose environment or a in a Kubernetes cluster etc. In this chapter, we only focus on running a standalone NOM server in a Docker container (Henceforth referred as NOM server container).
Configuration
NOM server container run configuration involves setting required environment variables or passing them as commandline arguments.
Refer to Installation for the list of configuration options to be provided to NOM server.
Security
NOM server security involves configuring keys and certificates for the TLS connections that the server makes with the UI and the agents. For NOM server container, keys, and certificates should be mounted into the container as shown below:
-
As command line options
docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \ neo4j/neo4j-ops-manager-server:1.1.0 \ --server.ssl.key-store=<path/to/pfx/file/on/the/container> \ --grpc.server.security.key-store=<path/to/pfx/file/on/the/container>
-
As environment variables
docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \ neo4j/neo4j-ops-manager-server:1.1.0 \ -e "SERVER_SSL_KEY_STORE=<Value>" \ -e "GRPC_SERVER_SECURITY_KEY_STORE=<path/to/pfx/file/on/the/container>"
NOM server also includes a command to generate self-signed certificates which can be used for testing purpose but not recommended for production. This command could be run within the container and generate the certificates for the server. Refer to Installation > Self-Signed-Certificate |
Running a NOM server in a Docker container
To successfully start the NOM server container, mandatory runtime parameters should be set. There are two ways these parameters can be provided to the container:
Make sure to replace the arguments with values adjusted to your environment (<Value>). Refer to Installation > Server Installation |
Make sure ports are set as per the below commands. |
-
As command line options
docker run -e "JAVA_OPTS=<Value>" neo4j/neo4j-ops-manager-server:1.1.0 \ --spring.neo4j.uri=<Value> \ --spring.neo4j.authentication.username=<Value> \ --spring.neo4j.authentication.password=<Value> \ --server.port=8080 \ --server.ssl.key-store-type=PKCS12 \ --server.ssl.key-store=<Value> \ --server.ssl.key-store-password=<Value> \ --grpc.server.port=9090 \ --grpc.server.security.key-store-type=PKCS12 \ --grpc.server.security.key-store=<Value> \ --grpc.server.security.key-store-password=<Value> \ --jwt.secret=<Value>
-
As environment variables
docker run \ -e "JAVA_OPTS=<Value>" -e "SPRING_NEO4J_URI=<Value>" \ -e "SPRING_NEO4J_USERNAME=<Value>" \ -e "SPRING_NEO4J_PASSWORD=<Value>" \ -e "SERVER_PORT=8080" \ -e "SERVER_SSL_KEY_STORE_TYPE=PKCS12" \ -e "SERVER_SSL_KEY_STORE=<Value>" \ -e "SERVER_SSL_KEY_STORE_PASSWORD=<Value>" \ -e "GRPC_SERVER_PORT=9090" \ -e "GRPC_SERVER_SECURITY_KEY_STORE_TYPE=PKCS12" \ -e "GRPC_SERVER_SECURITY_KEY_STORE=<Value>" \ -e "GRPC_SERVER_SECURITY_KEY_STORE_PASSWORD=<Value>" \ -e "JWT_SECRET=<Value>" neo4j/neo4j-ops-manager-server:1.1.0
Maintainance
For a standalone NOM server container resource contraints can be set as documented by Docker runtime constraints on resources.
Was this page helpful?