Overview

This guide provides instructions for deploying NMIS 9 using either Quick Start or Docker Compose methods, Suite with NMIS 9 and commercial Modules with optional Apache reverse proxy configuration. The solution can be deployed either with a containerized MongoDB instance or configured to use an external MongoDB server.

Prerequisites

• Access to the internet to pull the latest, this is currently :v1.0 container image

• Docker Engine (20.10.0 or newer)

• Apache2 with required modules (if using reverse proxy):

  • mod_ssl

  • mod_proxy

  • mod_proxy_http

  • mod_headers

• SSL certificates (if using HTTPS)A Valid UUID for the cluster_id. This can be generated on any linux OS with “uuidgen”

Minimum Resource Requirements

*please note these are a bare minimum, and resource requirements for production environments will depend upon the number of nodes being monitored

• RAM: 2GB dedicated for the NMIS container

• Storage:

  • 1GB for container image (840MB image size + buffer)

  • Additional storage for logs and data (recommend minimum 10GB)

• Network: Active internet connection for pulling images and updates

Additional Requirements for Full Stack (Docker Compose)

• MongoDB Container:

  • Additional 1GB RAM minimum

  • 10GB storage for database files

  • Total system RAM: 4GB minimum

Method 1: Quick Start (Single Container)

1. Pull the NMIS image:

docker pull public.ecr.aws/n2x4v8j4/firstwave/nmis9_omk:latest

2. Create required directories and files (if intending to mount your own configs in place - or pull the deulats from the container and have them persist on your host):

mkdir -p app_conf

3. Start the container:

docker run -d \
  --name nmis9 \
  -e NMIS_DB_USERNAME=root \
  -e NMIS_DB_PASSWORD=example \
  -e NMIS_DB_SERVER=mongodb.example.com \
  -e NMIS_SERVER_NAME=example-host-1 \
  -e NMIS_CLUSTER_ID=660f29ae-f150-4119-bf04-cd9296852449 \
  -v $(pwd)/app_conf/Config.nmis:/usr/local/nmis9/conf/Config.nmis \
  -v $(pwd)/app_conf/opCommon.json:/usr/local/omk/conf/opCommon.json \
  -v $(pwd)/app_conf/opLicense.json:/usr/local/omk/conf/opLicense.json \
  -p 8080:8080 \
  -p 8042:8042 \
  nmis9:latest

4. Verify deployment:

docker ps | grep nmis9
docker logs nmis9

...

Deployment Steps

Docker Compose

Please refer to the section ‘Persisting configs’ configuration files’ below if you wish to take and use the default configs from the container or use mount in your own

1. Pull the NMIS image:

docker pull public.ecr.aws/n2x4v8j4/firstwave/nmis9_omk:latestv1.0

2. Create docker-compose.yaml:

version: '3.4'

services:
  mongo:
    image: mongo:4.4
    restart: always
    healthcheck:
      test: echo 'db.runCommand("ping").ok' | mongo mongo:27017/test --quiet
      interval: 60s
      timeout: 60s
      retries: 5
      start_period: 60s
    environment:
      MONGO_INITDB_ROOT_USERNAME: root
      MONGO_INITDB_ROOT_PASSWORD: example
    volumes:
      - mongo_data:/var/lib/mongodb
    networks:
      - backend

  nmis:
    image: public.ecr.aws/n2x4v8j4/firstwave/nmis9_omk:latestv1.0
    restart: always
    environment:
      NMIS_DB_USERNAME: root
      NMIS_DB_PASSWORD: example
      NMIS_DB_SERVER: mongo
      NMIS_SERVER_NAME: example-host-1

     NMIS_CLUSTER_ID: 660f29ae-f150-4119-bf04-cd9296852449
    depends_on:
      mongo:
        condition: service_healthy
    volumes:
      - log_data:/usr/local/nmis9/logs
      - var_data:/usr/local/nmis9/var
      - conf_data:/usr/local/nmis9/conf
      - database_data:/usr/local/nmis9/database
#You# You can mount your own config configsfiles into volumes in the container but -
but# you must ensure that the db config details match whats in thethis compose file
#     - ./app_conf/Config.nmis:/usr/local/nmis9/conf/Config.nmis
#     - ./app_conf/opCommon.json:/usr/local/omk/conf/opCommon.json
#     - ./app_conf/opLicense.json:/usr/local/omk/conf/opLicense.json
    ports:
      - "8080:8080"
      - "8042:8042"
    networks:
      - backend

networks:
  backend:

volumes:
  log_data:
  var_data:
  conf_data:
  database_data:
  mongo_data:

...

docker compose up -d-file docker-compose.yaml

4. Monitor deployment:

docker compose ps
docker compose logs -f

Connecting to the application

Once the container is running, go to http://your.ip.or.localhost:8080/cgi-nmis9/nmiscgi.pl to reach the NMIS application

To reach the rest of the modules, go to http://your.ip.or.localhost:8042/omk

To connect when using a reverse proxy see below.

Persisting configurations

The container already persists the <nmis>/conf directory and the three files below.

The easiest way to persist configurations with docker is to mount in your own. The items you will mainly want to “persist” will be:

...

But you can extend this to any file you want which is used by the nmis system, to do this:

1. create a directory named appconf app_conf (if you didn’t before) in the same directory you created the compose file in:

mkdir -p appconf
cd appconf
sudo cp /path/to/Config.nmis .
sudo cp /path/to/opCommon.json .
sudo cp /path/to/opLicense.json .

2. uncomment out the appconf app_conf volume mounts in the compose file

3. restart Restart the the container stackcontainers

If you wish to use the default configs that work out of the box with the containers, and modify them. , you can copy them from the containers to your local machine.

1. make the appconf directory to store them in, where you will mount them from later

2. exec into your container and copy the configuration files to a directory on your host machine:

docker exec -it <container_name> bash -c "mkdir -p /tmp/configs && cp /usr/local/nmis9/conf/Config.nmis /usr/local/omk/conf/opCommon.json /usr/local/omk/conf/opLicense.json /tmp/configs/" &&
docker cp <container_name>:/tmp/configs/. Path<path/to/appconf/>

Replace <container_name> with your actual container name (likely "nmis" based on your compose file).

...

1. Creates a temporary directory inside the container

2. Copies all three config files to that directory

3. Uses docker cp to copy the files from the container to your host at Path<Path/to/appconf/>

If you need to find your container name first, you can run:

...

3. once you have the default configs in the appconf dir - uncomment out the appconf volume mounts in the compose file and restart the container stack

Apache Reverse Proxy Configuration (Optional)

1. Prerequisites

   1. Apache2 with required modules (if using reverse proxy):

      • mod_ssl

      • mod_proxy

      • mod_proxy_http

      • mod_headers

   2. SSL certificates (if using HTTPS)

2. Enable required Apache modules:

...

2. Create virtual host configuration, using the following template, substituting your domain name for nmis.example.com:

# /etc/apache2/sites-available/nmis.conf
<VirtualHost *:80>
    ServerName nmis.example.com
    Redirect permanent / <https://nmis.example.com/>
</VirtualHost>

<VirtualHost *:443>
    ServerName nmis.example.com
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/nmis.crt
    SSLCertificateKeyFile /etc/ssl/private/nmis.key
    
    # Security headers
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-XSS-Protection "1; mode=block"
    Header always set X-Content-Type-Options "nosniff"
    
    # Logging configuration
    ErrorLog ${APACHE_LOG_DIR}/nmis_error.log
    CustomLog ${APACHE_LOG_DIR}/nmis_access.log combined
    
    ProxyPreserveHost On
    
    # NMIS Web Interface
    ProxyPass / <http://localhost:8080/>
    ProxyPassReverse / <http://localhost:8080/>
    
    # OMK Interface
    ProxyPass /omk/ <http://localhost:8042/>
    ProxyPassReverse /omk/ <http://localhost:8042/>
</VirtualHost>

...

sudo a2ensite nmis.conf
sudo systemctl reload apache2

4. To connect to the the application:
   Once the container is running, go to https://nmis.example.com/omk to reach the NMIS application

   To reach the rest of the modules, go to https://nmis.example.com/omk

Common Issues and Troubleshooting

MongoDB Connection Issues:

• Verify MongoDB container: docker compose ps

• Check MongoDB logs: docker compose logs mongo

• Verify credentials in environment variables

Apache Proxy Issues:

• Check Apache error logs: tail -f /var/log/apache2/error.log

• Verify SSL certificate paths and permissions

• Check SELinux policies if applicable

Security Considerations

1. Change default passwords:

• MongoDB root password

• NMIS admin credentials

**Important - to change the mongo password - please change it in the mongo database before changing any configurations or environment variables

docker exec -it container_name mongo -u root -p example

use admin
db.changeUserPassword("root", "new_password")
exit

2. SSL/TLS Configuration:

• Use strong SSL protocols (TLSv1.2+)

• Regularly update SSL certificates

• Implement proper cipher suites

...

• Implement proper firewall rules

• Regular security updates

Maintenance

Backup Strategy:

# Backup MongoDB data
docker compose exec mongo mongodump --out /backup

# Backup configuration files
tar -czf nmis_config_backup.tar.gz app_conf/

Updates:

# Pull latest images
docker compose pull

# Restart services
docker compose down
docker compose up -d

Advanced Configuration

External MongoDB

To use an external MongoDB instance:

1. Remove the mongo service from docker-compose.yaml

2. Update NMIS environment variables with external MongoDB details

3. Ensure proper network connectivity and authentication

Custom Networking

For enhanced security:

1. Use custom network ranges

2. Implement network segmentation

3. Add additional security layers (WAF, IDS)

Support and Resources

• NMIS Documentation: Introduction & Setup

• Docker Documentation: https://docs.docker.com

• MongoDB Documentation: https://docs.mongodb.com

• Apache Documentation: https://httpd.apache.org/docs/

...