NOM Server Docker container
For every NOM release, a Docker image for the NOM server is published to the Docker Hub verified repository.
Getting the NOM server Docker image
The latest NOM server image can be pulled from the verified repository by running the following command.
docker pull neo4j/neo4j-ops-manager-server:latest
NOM server in a Docker container can be run in several contexts such as a Docker compose environment or a in a Kubernetes cluster etc. In this chapter, we only focus on running a standalone NOM server in a Docker container (Henceforth referred as NOM server container).
Configuration
NOM server container run configuration involves setting required environment variables or passing them as commandline arguments.
Refer to Server installation for the list of configuration options to be provided to NOM server.
Security
NOM server security involves configuring keys and certificates for the TLS connections that the server makes with the UI and the agents. For NOM server container, keys, and certificates should be mounted into the container as shown below:
-
As command line options
docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \ neo4j/neo4j-ops-manager-server \ --server.ssl.key-store=<path/to/pfx/file/on/the/container> \ --grpc.server.security.key-store=<path/to/pfx/file/on/the/container>
-
As environment variables
docker run -v <path/to/pfx/file/on/the/host>:<path/to/pfx/file/on/the/container> \ neo4j/neo4j-ops-manager-server \ -e "SERVER_SSL_KEY_STORE=<Value>" \ -e "GRPC_SERVER_SECURITY_KEY_STORE=<path/to/pfx/file/on/the/container>"
NOM server also includes a command to generate self-signed certificates which can be used for testing purpose but not recommended for production. This command could be run within the container and generate the certificates for the server. Refer to Installation > Self-Signed-Certificate |
Running a NOM server in a Docker container
To successfully start the NOM server container, mandatory runtime parameters should be set. There are two ways these parameters can be provided to the container:
Make sure to replace the arguments with values adjusted to your environment (<Value>). Refer to Installation > Server Installation |
Make sure ports are set as per the below commands. |
-
As command line options
docker run -e "JAVA_OPTS=<Value>" neo4j/neo4j-ops-manager-server \ --spring.neo4j.uri=<Value> \ --spring.neo4j.authentication.username=<Value> \ --spring.neo4j.authentication.password=<Value> \ --server.port=8080 \ --server.ssl.key-store-type=PKCS12 \ --server.ssl.key-store=<Value> \ --server.ssl.key-store-password=<Value> \ --grpc.server.port=9090 \ --grpc.server.security.key-store-type=PKCS12 \ --grpc.server.security.key-store=<Value> \ --grpc.server.security.key-store-password=<Value> \ --grpc.server.security.clientAuth=OPTIONAL --jwt.secret=<Value>
-
As environment variables
docker run \ -e "JAVA_OPTS=<Value>" -e "SPRING_NEO4J_URI=<Value>" \ -e "SPRING_NEO4J_USERNAME=<Value>" \ -e "SPRING_NEO4J_PASSWORD=<Value>" \ -e "SERVER_PORT=8080" \ -e "SERVER_SSL_KEY_STORE_TYPE=PKCS12" \ -e "SERVER_SSL_KEY_STORE=<Value>" \ -e "SERVER_SSL_KEY_STORE_PASSWORD=<Value>" \ -e "GRPC_SERVER_PORT=9090" \ -e "GRPC_SERVER_SECURITY_KEY_STORE_TYPE=PKCS12" \ -e "GRPC_SERVER_SECURITY_KEY_STORE=<Value>" \ -e "GRPC_SERVER_SECURITY_KEY_STORE_PASSWORD=<Value>" \ -e 'GRPC_SERVER_SECURITY_CLIENT_AUTH="OPTIONAL"' -e "JWT_SECRET=<Value>" neo4j/neo4j-ops-manager-server
Maintainance
For a standalone NOM server container resource contraints can be set as documented by Docker runtime constraints on resources.
Was this page helpful?