Skip to content

Installation with Docker

Mathieu Rampant edited this page May 30, 2024 · 42 revisions

Installing and running NEMO with Docker is a quick and easy way to run a production version of NEMO. The benefit of using Docker is that you can skip installing the Python interpreter, package dependencies, and setting environment variables. These things are all included with the image. The NEMO Docker image is hosted on Docker Hub, and you can download it using this command:

docker pull nanofab/nemo

NEMO requires certain runtime information to be available before running the container.

Below is a template for NEMO settings that would be suitable for production. The settings must be customized appropriately for your organization. This is the single most important file for NEMO to run properly, and you should take your time to ensure it is correct. Furthermore, it's probably the most likely place where things can go wrong when configured improperly. So grab a coffee, take your time, and be thorough when crafting this file for your organization. In order to make things easier, several methods are described below to test your configuration and ensure it's working properly.

The settings reference particular locations on disk that must exist, and external services that must be available for NEMO to work properly. A single, consolidated directory that contains all NEMO runtime information is recommended. Here is the suggested directory structure and contents:

nemo/
|
|--- logs/                        # Optional: store all log files. (Recommended approach: don't store logs locally... instead, send them to a central logging server via syslog so your disk never overflows)
|--- media/                       # Images and files uploaded to NEMO are stored here
|--- secrets/                     # Contains all passwords, certificates, and keys that NEMO uses
|    |--- nemo.example.org.key    # Private TLS key used for encryption
|    |--- nemo.example.org.crt    # Public TLS certificate, signed by a certificate authority
|    |--- Other certificates      # Other certificates, such as public TLS certs for email or LDAPS authentication
|--- static/                      # JavaScript, images, and CSS
|--- settings.py                  # NEMO settings file
|--- sqlite.db                    # SQLite database - this is automatically created by NEMO (see deployment instructions)

settings.py template for production deployment of NEMO

An example can be found on the settings page

Collect static files

docker run --interactive --tty --volume /home/user/nemo:/nemo nanofab/nemo django-admin collectstatic

Create a super user

You will need to log in to NEMO in order to access and manage it. Create a "super user" with this command:

docker run --interactive --tty --volume /home/user/nemo:/nemo nanofab/nemo django-admin createsuperuser

You will be prompted for a username, first name, last name, email address, and password. Enter the appropriate information. Note, that even though you enter a password, NEMO is designed to not store passwords in the database, therefore the password you enter is discarded. It will not work when you try to log in. NEMO relies exclusively on external authentication sources (such as LDAP or Kerberos) for authentication. Usernames are stored in NEMO, and these are authenticated against the external authentication source(s). So, your NEMO username must match the username of the external authentication source.

Running NEMO in Docker

You can run the NEMO Docker container now that the NEMO runtime information exists:

docker run --detach --publish 8000:8000 --volume /home/user/nemo:/nemo nanofab/nemo

The --volume option mounts your NEMO runtime directory /home/user/nemo/ to the container at /nemo/; customize this path to suit your needs. Port 8000 is published to the host machine, and you can use a reverse proxy to expose NEMO on HTTPS port 443.

NGINX Reverse proxy

For Reverse proxy NGINX can be used.

SSL certificate can also be used at server level instead of NEMO level. Here is an exemple of a nemo.conf file to put in /etc/nginx/sites-enabled/

### Redirection from http to https
server {
    listen 80;
    listen [::]:80;
    server_name myserver.example.com;
    return 301 https://$host$request_uri;
}
#  https server
server {
        listen 443 ssl http2;

        ssl_certificate        /etc/nginx/ssl/server_certificate.pem;
        ssl_certificate_key     /etc/nginx/ssl/server_certificate.key;
        ssl_protocols       TLSv1.2;


        charset UTF-8;

        server_name myserver.example.com;

        # NEMO reverse proxy for port 8000
        location / {
                proxy_pass http://127.0.0.1:8000;
		proxy_buffering off;
		proxy_set_header X-Real-IP $remote_addr;
                }


    # Static files

	location /static/ { alias /nemo/static/; }

    location /favicon.ico { alias /nemo/static/favicon.ico; }

}