summaryrefslogtreecommitdiffstats
path: root/docker/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'docker/README.md')
-rw-r--r--docker/README.md117
1 files changed, 117 insertions, 0 deletions
diff --git a/docker/README.md b/docker/README.md
new file mode 100644
index 00000000..d624855f
--- /dev/null
+++ b/docker/README.md
@@ -0,0 +1,117 @@
+# Install netdata with Docker
+
+> :warning: As of Sep 9th, 2018 we ship [new docker builds](https://github.com/netdata/netdata/pull/3995), running netdata in docker with an ENTRYPOINT directive, not a COMMAND directive. Please adapt your execution scripts accordingly.
+> More information about ENTRYPOINT vs COMMAND is presented by goinbigdata [here](http://goinbigdata.com/docker-run-vs-cmd-vs-entrypoint/) and by docker docs [here](https://docs.docker.com/engine/reference/builder/#understand-how-cmd-and-entrypoint-interact).
+>
+> Also, the `latest` is now based on alpine, so **`alpine` is not updated any more** and `armv7hf` is now replaced with `armhf` (to comply with https://github.com/multiarch naming), so **`armv7hf` is not updated** either.
+
+## Limitations
+
+Running netdata in a container for monitoring the whole host, can limit its capabilities. Some data is not accessible or not as detailed as when running netdata on the host.
+
+## Run netdata with docker command
+
+Quickly start netdata with the docker command line.
+Netdata is then available at http://host:19999
+
+This is good for an internal network or to quickly analyse a host.
+
+For a permanent installation on a public server, you should [[secure the netdata instance|netdata-security]]. See below for an example of how to install netdata with an SSL reverse proxy and basic authentication.
+
+```bash
+docker run -d --name=netdata \
+ -p 19999:19999 \
+ -v /proc:/host/proc:ro \
+ -v /sys:/host/sys:ro \
+ -v /var/run/docker.sock:/var/run/docker.sock:ro \
+ --cap-add SYS_PTRACE \
+ --security-opt apparmor=unconfined \
+ netdata/netdata
+```
+
+above can be converted to docker-compose file for ease of management:
+
+```yaml
+version: '3'
+services:
+ netdata:
+ image: netdata/netdata
+ hostname: example.com # set to fqdn of host
+ ports:
+ - 19999:19999
+ cap_add:
+ - SYS_PTRACE
+ security_opt:
+ - apparmor:unconfined
+ volumes:
+ - /proc:/host/proc:ro
+ - /sys:/host/sys:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+```
+
+### Docker container names resolution
+
+If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable `PGID=999` to netdata container, where `999` is a docker group id from your host. This number can be found by running:
+```bash
+grep docker /etc/group | cut -d ':' -f 3
+```
+
+## Install Netdata using Docker Compose with SSL/TLS enabled http proxy
+
+You can use use the following docker-compose.yml and Caddyfile files to run netdata with docker.
+Replace the Domains and email address for Letsencrypt before starting.
+
+### Prerequisites
+* [Docker](https://docs.docker.com/install/#server)
+* [Docker Compose](https://docs.docker.com/compose/install/)
+* Domain configured in DNS pointing to host.
+
+### Caddyfile
+
+This file needs to be placed in /opt with nams Caddyfile. Here you customize your domain and you need to provide your email address to obtain Letsencrypt certificate.
+Certificate renewal will happen automatically and will be executed internally by caddy server.
+
+```
+netdata.example.org {
+ proxy / netdata:19999
+ tls admin@example.org
+}
+```
+
+### docker-compose.yml
+
+After setting Caddyfile run this with `docker-compose up -d` to have fully functioning netdata setup behind HTTP reverse proxy.
+
+```yaml
+version: '3'
+volumes:
+ caddy:
+
+services:
+ caddy:
+ image: abiosoft/caddy
+ ports:
+ - 80:80
+ - 443:443
+ volumes:
+ - /opt/Caddyfile:/etc/Caddyfile
+ - caddy:/root/.caddy
+ environment:
+ ACME_AGREE: 'true'
+ netdata:
+ restart: always
+ hostname: netdata.example.org
+ image: netdata/netdata
+ cap_add:
+ - SYS_PTRACE
+ security_opt:
+ - apparmor:unconfined
+ volumes:
+ - /proc:/host/proc:ro
+ - /sys:/host/sys:ro
+ - /var/run/docker.sock:/var/run/docker.sock:ro
+```
+
+### Restrict access with basic auth
+
+You can restrict access by following [official caddy guide](https://caddyserver.com/docs/basicauth) and adding lines to Caddyfile.