⚠️ As of Sep 9th, 2018 we ship new docker builds, running netdata in docker with an ENTRYPOINT directive, not a COMMAND directive. Please adapt your execution scripts accordingly. You can find more information about ENTRYPOINT vs COMMAND is presented by goinbigdata here and by docker docs here.Also, the
latest
is now based on alpine, soalpine
is not updated any more andarmv7hf
is now replaced witharmhf
(to comply with https://github.com/multiarch naming), soarmv7hf
is not updated either.
Running netdata in a container for monitoring the whole host, can limit its capabilities. Some data is not accessible or not as detailed as when running netdata on the host.
Quickly start netdata with the docker command line. Netdata is then available at http://host:19999
This is good for an internal network or to quickly analyse a host.
docker run -d --name=netdata \
-p 19999:19999 \
-v /proc:/host/proc:ro \
-v /sys:/host/sys:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
--cap-add SYS_PTRACE \
--security-opt apparmor=unconfined \
netdata/netdata
The above can be converted to docker-compose file for ease of management:
version: '3'
services:
netdata:
image: netdata/netdata
hostname: example.com # set to fqdn of host
ports:
- 19999:19999
cap_add:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
If you want to have your container names resolved by netdata it needs to have access to docker group. To achive that just add environment variable PGID=999
to netdata container, where 999
is a docker group id from your host. This number can be found by running:
grep docker /etc/group | cut -d ':' -f 3
Since we use an ENTRYPOINT directive, you can provide netdata daemon command line options such as the IP address netdata will be running on, using the command instruction.
For a permanent installation on a public server, you should secure the netdata instance. This section contains an example of how to install netdata with an SSL reverse proxy and basic authentication.
You can use use the following docker-compose.yml and Caddyfile files to run netdata with docker. Replace the Domains and email address for Letsencrypt before starting.
- Docker
- Docker Compose
- Domain configured in DNS pointing to host.
This file needs to be placed in /opt with name Caddyfile
. Here you customize your domain and you need to provide your email address to obtain a Letsencrypt certificate. Certificate renewal will happen automatically and will be executed internally by the caddy server.
netdata.example.org {
proxy / netdata:19999
tls [email protected]
}
After setting Caddyfile run this with docker-compose up -d
to have fully functioning netdata setup behind HTTP reverse proxy.
version: '3'
volumes:
caddy:
services:
caddy:
image: abiosoft/caddy
ports:
- 80:80
- 443:443
volumes:
- /opt/Caddyfile:/etc/Caddyfile
- caddy:/root/.caddy
environment:
ACME_AGREE: 'true'
netdata:
restart: always
hostname: netdata.example.org
image: netdata/netdata
cap_add:
- SYS_PTRACE
security_opt:
- apparmor:unconfined
volumes:
- /proc:/host/proc:ro
- /sys:/host/sys:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
You can restrict access by following official caddy guide and adding lines to Caddyfile.