-
Notifications
You must be signed in to change notification settings - Fork 63
Installation with Docker
Installing and running NEMO with Docker is a quick and easy way to run a production version of NEMO. The benefit of using Docker is that you can skip installing the Python interpreter, package dependencies, and setting environment variables. These things are all included with the image. The NEMO Docker image is hosted on Docker Hub, and you can download it using this command:
docker pull nanofab/nemo
NEMO requires certain runtime information to be available before running the container.
Below is a template for NEMO settings that would be suitable for production. The settings must be customized appropriately for your organization. This is the single most important file for NEMO to run properly, and you should take your time to ensure it is correct. Furthermore, it's probably the most likely place where things can go wrong when configured improperly. So grab a coffee, take your time, and be thorough when crafting this file for your organization. In order to make things easier, several methods are described below to test your configuration and ensure it's working properly.
The settings reference particular locations on disk that must exist, and external services that must be available for NEMO to work properly. A single, consolidated directory that contains all NEMO runtime information is recommended. Here is the suggested directory structure and contents:
nemo/
|
|--- logs/ # Optional: store all log files. (Recommended approach: don't store logs locally... instead, send them to a central logging server via syslog so your disk never overflows)
|--- media/ # Images and files uploaded to NEMO are stored here
|--- secrets/ # Contains all passwords, certificates, and keys that NEMO uses
| |--- nemo.example.org.key # Private TLS key used for encryption
| |--- nemo.example.org.crt # Public TLS certificate, signed by a certificate authority
| |--- Other certificates # Other certificates, such as public TLS certs for email or LDAPS authentication
|--- static/ # JavaScript, images, and CSS
|--- settings.py # NEMO settings file
|--- sqlite.db # SQLite database - this is automatically created by NEMO (see deployment instructions)
An example can be found on the settings page
docker run --interactive --tty --volume /home/user/nemo:/nemo nanofab/nemo django-admin collectstatic
You will need to log in to NEMO in order to access and manage it. Create a "super user" with this command:
docker run --interactive --tty --volume /home/user/nemo:/nemo nanofab/nemo django-admin createsuperuser
You will be prompted for a username, first name, last name, email address, and password. Enter the appropriate information. Note, that even though you enter a password, NEMO is designed to not store passwords in the database, therefore the password you enter is discarded. It will not work when you try to log in. NEMO relies exclusively on external authentication sources (such as LDAP or Kerberos) for authentication. Usernames are stored in NEMO, and these are authenticated against the external authentication source(s). So, your NEMO username must match the username of the external authentication source.
You can run the NEMO Docker container now that the NEMO runtime information exists:
docker run --detach --publish 8000:8000 --volume /home/user/nemo:/nemo nanofab/nemo
The --volume option mounts your NEMO runtime directory /home/user/nemo/ to the container at /nemo/; customize this path to suit your needs. Port 8000 is published to the host machine, and you can use a reverse proxy to expose NEMO on HTTPS port 443.
For Reverse proxy NGINX can be used.
SSL certificate can also be used at server level instead of NEMO level. Here is an exemple of a nemo.conf file to put in /etc/nginx/sites-enabled/
### Redirection from http to https
server {
listen 80;
listen [::]:80;
server_name myserver.example.com;
return 301 https://$host$request_uri;
}
# https server
server {
listen 443 ssl http2;
ssl_certificate /etc/nginx/ssl/server_certificate.pem;
ssl_certificate_key /etc/nginx/ssl/server_certificate.key;
ssl_protocols TLSv1.2;
charset UTF-8;
server_name myserver.example.com;
# NEMO reverse proxy for port 8000
location / {
proxy_pass http://127.0.0.1:8000;
proxy_buffering off;
proxy_set_header X-Real-IP $remote_addr;
}
# Static files
location /static/ { alias /nemo/static/; }
location /favicon.ico { alias /nemo/static/favicon.ico; }
}