This guide provides instructions for deploying NMIS Suite with NMIS 9 and commercial Modules with optional Apache reverse proxy configuration. The solution can be deployed either with a containerized MongoDB instance or configured to use an external MongoDB server.
Access to the internet to pull the latest, this is currently :v1.0 container image
Docker Engine (20.10.0 or newer)
*please note these are a bare minimum, and resource requirements for production environments will depend upon the number of nodes being monitored
RAM: 2GB dedicated for the NMIS container
Storage:
1GB for container image (840MB image size + buffer)
Additional storage for logs and data (recommend minimum 10GB)
Network: Active internet connection for pulling images and updates
MongoDB Container:
Additional 1GB RAM minimum
10GB storage for database files
Total system RAM: 4GB minimum
Add docker repository to the host
# Add Docker's official GPG key: sudo apt-get update sudo apt-get install ca-certificates curl sudo install -m 0755 -d /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc sudo chmod a+r /etc/apt/keyrings/docker.asc # Add the repository to Apt sources: echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian \ $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \ sudo tee /etc/apt/sources.list.d/docker.list > /dev/null sudo apt-get update |
Install docker packages
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin docker-compose |
Create a directory for custom configurations e.g. /persistent. Change the bind volume paths in the docker-compose.yaml to point your custom configurations to the correct path inside the container.
mkdir -p /{path}/persistent
cd /{path}/persistent
sudo cp /path/to/Config.nmis .
sudo cp /path/to/opCommon.json .
sudo cp /path/to/opLicense.json .
sudo cp /path/to/mongod.conf .
... |
For development purposes, you can also mount the whole directory where your custom configurations are, to allow you to move extra files/folders between the host and the container easily e.g. importing nodes configurations
e.g. Bind mounts for configurations go in the volumes section of each service in the docker-compose.yaml
/persistent/mongod.conf:/etc/mongod.conf /persistent/Config.nmis:/usr/local/nmis9/conf/Config.nmis /persistent/opCommon.json:/usr/local/omk/conf/opCommon.json /persistent/opLicense.json:/usr/local/omk/conf/opLicense.json (optional) /persistent:/persistent (optional) /persistent/snmpd.conf:/etc/snmp/snmpd.conf (optional) |
NOTE
Don’t change the volume mounts. It will cause loss of important data.
e.g. bind mount, managed by User/persistent:/persistent
e.g. volume mount, managed by Docker
log_data:/usr/local/nmis9/logs
Example docker-compose.yaml
version: '3.4'
services:
mongo:
image: mongo:6.0
restart: always
healthcheck:
test: echo 'db.runCommand("ping").ok' | mongo mongo:27017/test --quiet
interval: 60s
timeout: 60s
retries: 5
start_period: 60s
environment:
MONGO_INITDB_ROOT_USERNAME: root
MONGO_INITDB_ROOT_PASSWORD: example
volumes:
- /persistent/mongod.conf:/etc/mongod.conf
- mongo_data:/data/mongodb
ports:
- "27017:27017"
networks:
- nmis_net
nmis:
image: public.ecr.aws/n2x4v8j4/firstwave/nmis9_omk:v1.7
restart: always
environment:
NMIS_DB_USERNAME: root
NMIS_DB_PASSWORD: example
NMIS_DB_SERVER: 192.168.xx.xxx
NMIS_SERVER_NAME: xxx.opmantek.net
depends_on:
mongo:
condition: service_healthy
volumes:
- log_data:/usr/local/nmis9/logs
- var_data:/usr/local/nmis9/var
- conf_data:/usr/local/nmis9/conf
- database_data:/usr/local/nmis9/database
# You can mount your own config files into volumes in the container but
# you must ensure that the db config details match whats in this compose file
# - ./default-config/Config.nmis:/usr/local/nmis9/conf/Config.nmis
# - ./default-config/opCommon.json:/usr/local/omk/conf/opCommon.json
- /persistent/Config.nmis:/usr/local/nmis9/conf/Config.nmis
- /persistent/opCommon.json:/usr/local/omk/conf/opCommon.json
- omk_log_data:/usr/local/omk/log
- omk_var_data:/usr/local/omk/var
- omk_conf_data:/usr/local/omk/conf
# - ./persistent:/persistent
# - ./app_conf/opLicense.json:/usr/local/omk/conf/opLicense.json
ports:
- "8080:8080"
- "8042:8042"
- "2055:2055/udp"
- "161:161/udp"
- "25:25"
networks:
- nmis_net
networks:
nmis_net:
volumes:
log_data:
var_data:
conf_data:
database_data:
omk_log_data:
omk_var_data:
omk_conf_data:
mongo_data: |
Make sure your configuration files have the correct database information. Your Config.nmis and opCommon.json files need have the same database username, password, server name and server IP as the environment variables in your docker-compose.yaml.
MONGO_INITDB_ROOT_USERNAME: root MONGO_INITDB_ROOT_PASSWORD: example NMIS_DB_USERNAME: root NMIS_DB_PASSWORD: example NMIS_DB_SERVER: 192.168.xx.xxx NMIS_SERVER_NAME: xxx.opmantek.net |
Start the services:
docker compose up --file docker-compose.yaml |
Monitor deployment:
docker compose ps docker compose logs -f |
Once the container is running, go to http://your.ip.or.localhost:8080/cgi-nmis9/nmiscgi.pl to reach the NMIS application
To reach the rest of the modules, go to http://your.ip.or.localhost:8042/omk
To connect when using a reverse proxy see below.
The container already persists the <nmis>/conf directory and the three files below.
The easiest way to use your own configuartion with docker is to mount in your own. The items you will mainly want to mount in will be:
Config.nmis
opCommon.json
and opLicense.json
But you can extend this to any file you want which is used by the nmis system, to do this:
create a directory named app_conf (if you didn’t before) in the same directory you created the compose file in:
mkdir -p appconf cd appconf sudo cp /path/to/Config.nmis . sudo cp /path/to/opCommon.json . sudo cp /path/to/opLicense.json . |
uncomment out the app_conf volume mounts in the compose file
Restart the the containers
If you wish to use the default configs that work out of the box with the containers, and modify them, you can copy them from the containers to your local machine.
make the appconf directory to store them in, where you will mount them from later
exec into your container and copy the configuration files to a directory on your host machine:
docker exec -it <container_name> bash -c "mkdir -p /tmp/configs && cp /usr/local/nmis9/conf/Config.nmis /usr/local/omk/conf/opCommon.json /usr/local/omk/conf/opLicense.json /tmp/configs/" docker cp <container_name>:/tmp/configs/. <path/to/appconf/> |
Replace <container_name> with your actual container name (likely "nmis" based on your compose file).
The command:
Creates a temporary directory inside the container
Copies all three config files to that directory
Uses docker cp to copy the files from the container to your host at <Path/to/appconf/>
If you need to find your container name first, you can run:
docker ps | grep nmis
once you have the default configs in the appconf dir - uncomment out the appconf volume mounts in the compose file and restart the container stack
Prerequisites
Apache2 with required modules (if using reverse proxy):
mod_ssl
mod_proxy
mod_proxy_http
mod_headers
SSL certificates (if using HTTPS)
Enable required Apache modules:
sudo a2enmod ssl proxy proxy_http headers sudo systemctl restart apache2 |
Create virtual host configuration, using the following template, substituting your domain name for nmis.example.com:
# /etc/apache2/sites-available/nmis.conf
<VirtualHost *:80>
ServerName nmis.example.com
Redirect permanent / <https://nmis.example.com/>
</VirtualHost>
<VirtualHost *:443>
ServerName nmis.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/nmis.crt
SSLCertificateKeyFile /etc/ssl/private/nmis.key
# Security headers
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-XSS-Protection "1; mode=block"
Header always set X-Content-Type-Options "nosniff"
# Logging configuration
ErrorLog ${APACHE_LOG_DIR}/nmis_error.log
CustomLog ${APACHE_LOG_DIR}/nmis_access.log combined
ProxyPreserveHost On
# NMIS Web Interface
ProxyPass / <http://localhost:8080/>
ProxyPassReverse / <http://localhost:8080/>
# OMK Interface
ProxyPass /omk/ <http://localhost:8042/>
ProxyPassReverse /omk/ <http://localhost:8042/>
</VirtualHost> |
Enable virtual host:
sudo a2ensite nmis.conf sudo systemctl reload apache2 |
To connect to the the application:
Once the container is running, go to https://nmis.example.com/omk to reach the NMIS application
To reach the rest of the modules, go to https://nmis.example.com/omk
Verify MongoDB container: docker compose ps
Check MongoDB logs: docker compose logs mongo
Verify credentials in environment variables
Check Apache error logs: tail -f /var/log/apache2/error.log
Verify SSL certificate paths and permissions
Check SELinux policies if applicable
Change default passwords:
MongoDB root password
NMIS admin credentials
**Important - to change the mongo password - please change it in the mongo database before changing any configurations or environment variables
docker exec -it container_name mongo -u root -p example
use admin
db.changeUserPassword("root", "new_password")
exit
SSL/TLS Configuration:
Use strong SSL protocols (TLSv1.2+)
Regularly update SSL certificates
Implement proper cipher suites
Network Security:
Implement proper firewall rules
Regular security updates
# Backup MongoDB data docker compose exec mongo mongodump --out /backup # Backup configuration files tar -czf nmis_config_backup.tar.gz app_conf/ |
# Pull latest images docker compose pull # Restart services docker compose down docker compose up -d |
To use an external MongoDB instance:
Remove the mongo service from docker-compose.yaml
Update NMIS environment variables with external MongoDB details
Ensure proper network connectivity and authentication
For enhanced security:
Use custom network ranges
Implement network segmentation
Add additional security layers (WAF, IDS)
NMIS Documentation: Introduction & Setup
Docker Documentation: https://docs.docker.com
MongoDB Documentation: https://docs.mongodb.com
Apache Documentation: https://httpd.apache.org/docs/