Docker Install

Learn how to install eramba using Dockers - long

  • Episodes7
  • Duration28m 1s
  • LanguagesEN
Episode 1

Docker Installation

How eramba is installed using Dockers

Skills & Support

To get eramba installed and properly running over time, you will require Linux know-how, a proper Docker infrastructure running in AWS, Azure or your Premises and attention to detail. If you think you might not have these resources then ask for help to your IT departments.

We can not support community users with install related questions, thousands installs take place every year so we know the software works. Read the FAQ to understand what your options are.

If you are an Enterprise customer and are having trouble feel free to drop us an email to support@eramba.org and we'll try to help you. While installing eramba for you is not part of our service we do try to help under certain conditions. Review our FAQ.

Installing the Docker Engine

This guide assumes you are running the Docker engine. If you are not running Dockers yet, you can look at their documentation here and install the engine.

This is a prerequisite for this guide. If you prefer, you can use VMWARE (see the other course)

Introduction

A simple install script will pull an image from Github that will deploy the basic container stack components:

  • MySQL (database)
  • Redis (caching)
  • eramba (application)
  • cron (where batch processes run)

This guide explains how to install Community and Enterprise using our Docker Images. We rely on official docker images from PHP, Redis and Apache Foundation.

Hardware Requirements

The docker engine needs to be configured so the following requirements are available to the images:

  • 64-bit kernel and CPU support for virtualization

  • At least 4 GB of RAM plus 10 GB on Swap

As for storage required for eramba data (this is database plus attachments you upload to the system) we recommend at least 3 GB.

Volumes

There are two, persistent, volumes used by the Docker images. They hold the application and all its attachments:

  • data:/var/www/eramba/app/upgrade/data

  • app:/var/www/eramba

The database is stored in another volume:

  • db-data:/var/lib/mysql

Download Eramba Docker

No matter if you are installing community or enterise, you need to download eramba docker repository as a ZIP or cloning directly from Github.

git clone https://github.com/eramba/docker

Then go inside the Docker directory:

cd docker

Database Credentials

You can update MySQL credentials from defaults.

Edit the .env file and update the following variables DB_PASSWORD and MYSQL_ROOT_PASSWORD. These will be the passwords used by eramba and the password for the root account in MySQL.

DB_PASSWORD=Your_DB_user_P@ssw0rd
MYSQL_ROOT_PASSWORD=Your_MysQl_ROOt_P@ssw0rd

Internet Connectivity

You need to ensure Docker containers can reach our update servers. This is required to register your app, get updates, and send error logs to us. To test your outgoing connections, you can run the following:

curl  https://support-v3.eramba.org/ping.html

You need to "successfully" connect to our servers to use eramba, you can not use eramba in "offline" mode.

If you are behind a proxy, then you need to define proxy settings in the:

/docker/.env

You need to edit the proxy settings on the file:

USE_PROXY= #1 for yes, 0 for no
PROXY_HOST=
PROXY_PORT=
USE_PROXY_AUTH= #1 for yes, 0 for no
PROXY_AUTH_USER=
PROXY_AUTH_PASS=

* if you are behind the proxy, you have to set up a proxy for the docker client as well. Please refer to the docker documentation here.

When an environment is built for the first time, docker needs to download images and their packages the following access will also be required:

eramba.org:(80:443)
docker.com:(80:443)
docker.io:(80:443)
github.com:(80:443)
ghcr.io:(80:443)
githubusercontent.com:(80:443)

After the environment is pulled and built you can disable this connection and allow only connection to our support server.

 Public Address Settings

You have to setup the public address that eramba will be using, it will be the IP address of your host machine or the DNS settings you configured.

It has to be done again in env file.

/docker/.env

by default, it is set to:

PUBLIC_ADDRESS=https://localhost:8443

Note: if you need to make the change to .env file you have to re-compose containers:

Community:

docker compose -f docker-compose.simple-install.yml down
docker compose -f docker-compose.simple-install.yml up -d

Enterprise:

docker compose -f docker-compose.simple-install.yml -f docker-compose.simple-install.enterprise.yml down
docker compose -f docker-compose.simple-install.yml -f docker-compose.simple-install.enterprise.yml up -d

DNS Settings

You can optionally (but desirably) configure an FQDN domain and point it to the IP address of your docker container. Apache virtual host configurations ensure any domain will be served by using an * on its VirtualHost parameters.

Running only HTTP

If you don't want to use our pre-configured HTTPS setup, you need to do the following changes

In docker-compose.simple-install.yml you have to edit the mounted Apache .conf file
from:

./apache/vhost-ssl.conf:/etc/apache2/sites-available/000-default.conf

to

./apache/vhost.conf:/etc/apache2/sites-available/000-default.conf

and port mapping from

8443:443

to whatever you want (probably 80:80).

TLS and Apache Settings

By default, eramba has a self-signed certificate and runs on port 8443 (Encrypted). If you want to use your certificates or tweak the Apache configuration, you need to replace the following files:

  • /apache/ssl/mycert.crt
  • /apache/ssl/mycert.key
  • /apache/vhost-ssl.conf

If you are using a certificate file with the name mycert.crt/key, change them in the location above. No other modifications are needed.

If you are using certificate files with different names, you will also need to adjust the docker-compose.simple-install.yml file.

Until you configure a proper certificate, every time you log into eramba, you will see a warning on your browser regarding the "self-signed" certificate being used.

Install - Community

You can now run Docker compose command:

docker compose -f docker-compose.simple-install.yml up -d

Install - Enterprise

To install enterprise, you need to purchase a license key from eramba and then download the software from https://downloads.eramba.org using the key provided by us.

The next step is to import the Docker engine using the following command:

  • for AMD image
docker load --input eramba-enterprise-latest-amd64.tar
  •  for ARM image
docker load --input eramba-enterprise-latest-arm64.tar

Run the Composer command:

docker compose -f docker-compose.simple-install.yml -f docker-compose.simple-install.enterprise.yml up -d

Container Logs

As the container, networks and volumes are created and started, you should be looking at the logs of the different containers to see when and how they complete their job. They will run different processes after starting, and these processes must complete, in particular, the eramba container. You can tail logs from the eramba container with the command:

docker logs -f eramba

Typically the last process running on the container is Apache, so if you see that process running (even with a hostname warning), only then should you try login into eramba using the web browser.

Using connection: default
Dry-run mode: disabled
-------------------------------------------------------------------------------
Waiting for database...
Connection to Mysql could not be established: SQLSTATE[HY000] [2002] Connection refused
Using connection: default
Dry-run mode: disabled
-------------------------------------------------------------------------------
Starting the init process...
Database is currently not empty.
Database appears to be up to date.
Running post process...
All done.
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.4. Set the 'ServerName' directive globally to suppress this message
[Mon Nov 14 08:30:35.120253 2022] [ssl:warn] [pid 1] AH01909: 172.19.0.4:443:0 server certificate does NOT include an ID which matches the server name
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.19.0.4. Set the 'ServerName' directive globally to suppress this message
[Mon Nov 14 08:30:35.158371 2022] [ssl:warn] [pid 1] AH01909: 172.19.0.4:443:0 server certificate does NOT include an ID which matches the server name
[Mon Nov 14 08:30:35.162398 2022] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.53 (Debian) PHP/8.1.7 OpenSSL/1.1.1n configured -- resuming normal operations
[Mon Nov 14 08:30:35.162443 2022] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND'

Login Screen - Community

You should now be able to login to eramba using https://localhost:8443 (or your DNS name https://yourdns.com)

Click on the Unlock power of GRC and you will be prompted to set the following:

  • Password
  • Admin Email
  • Country

You will receive an activation token to the email that you just inserted.

Now you are set!

Login Screen - Enterprise

You should now be able to login to eramba using https://localhost:8443 (or your DNS name https://yourdns.com)

Click on the Unlock power of GRC and you will be prompted to set the following:

  • Password
  • Admin Email
  • Country

Now you are set!