Server Docker Container

NOM server in a Docker container can be run in several contexts such as a Docker compose environment or a in a Kubernetes cluster etc. In this chapter, we only focus on running a standalone NOM server in a Docker container (Henceforth referred as NOM server container).

Configuration

NOM server container run configuration involves setting required environment variables or passing them as commandline arguments.

Refer to Installation for the list of configuration options to be provided to NOM server.

Security

NOM server security involves configuring keys and certificates for the TLS connections that the server makes with the UI and the agents. For NOM server container, keys, and certificates should be mounted into the container as shown below:

  1. As command line options

    docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \
        neo4j/neo4j-ops-manager-server:1.1.0 \
        --server.ssl.key-store=<path/to/pfx/file/on/the/container> \
        --grpc.server.security.key-store=<path/to/pfx/file/on/the/container>
  2. As environment variables

    docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \
        neo4j/neo4j-ops-manager-server:1.1.0 \
        -e "SERVER_SSL_KEY_STORE=<Value>" \
        -e "GRPC_SERVER_SECURITY_KEY_STORE=<path/to/pfx/file/on/the/container>"
NOM server also includes a command to generate self-signed certificates which can be used for testing purpose but not recommended for production. This command could be run within the container and generate the certificates for the server. Refer to Installation > Self-Signed-Certificate

Running a NOM server in a Docker container

To successfully start the NOM server container, mandatory runtime parameters should be set. There are two ways these parameters can be provided to the container:

Make sure to replace the arguments with values adjusted to your environment (<Value>). Refer to Installation > Server Installation
Make sure ports are set as per the below commands.
  1. As command line options

    docker run -e "JAVA_OPTS=<Value>" neo4j/neo4j-ops-manager-server:1.1.0 \
        --spring.neo4j.uri=<Value> \
        --spring.neo4j.authentication.username=<Value> \
        --spring.neo4j.authentication.password=<Value> \
        --server.port=8080 \
        --server.ssl.key-store-type=PKCS12 \
        --server.ssl.key-store=<Value> \
        --server.ssl.key-store-password=<Value> \
        --grpc.server.port=9090 \
        --grpc.server.security.key-store-type=PKCS12 \
        --grpc.server.security.key-store=<Value> \
        --grpc.server.security.key-store-password=<Value> \
        --jwt.secret=<Value>
  2. As environment variables

    docker run \
        -e "JAVA_OPTS=<Value>"
        -e "SPRING_NEO4J_URI=<Value>" \
        -e "SPRING_NEO4J_USERNAME=<Value>" \
        -e "SPRING_NEO4J_PASSWORD=<Value>" \
        -e "SERVER_PORT=8080" \
        -e "SERVER_SSL_KEY_STORE_TYPE=PKCS12" \
        -e "SERVER_SSL_KEY_STORE=<Value>" \
        -e "SERVER_SSL_KEY_STORE_PASSWORD=<Value>" \
        -e "GRPC_SERVER_PORT=9090" \
        -e "GRPC_SERVER_SECURITY_KEY_STORE_TYPE=PKCS12" \
        -e "GRPC_SERVER_SECURITY_KEY_STORE=<Value>" \
        -e "GRPC_SERVER_SECURITY_KEY_STORE_PASSWORD=<Value>" \
        -e "JWT_SECRET=<Value>"
        neo4j/neo4j-ops-manager-server:1.1.0

Maintainance

For a standalone NOM server container resource contraints can be set as documented by Docker runtime constraints on resources.