EM9 - Docker Deployment

Using Docker to run EnterMedia has a number of advantages. Including:

  • Ability to run on all major OS's such as Ubuntu with consistent behavior.
  • Separation of data vs application. Keeps your backups clean.
  • Ability to run a cluster with multiple docker nodes.


Install EnterMedia on Docker

  1. Make you sure you have a recent Docker version. Uninstall old versions if needed (see Advanced Setup section).
  2. Install the latest Docker on Ubuntu/Debian/All 64 bit platforms.
     $ curl -s https://get.docker.com/ | sudo bash -s $ sudo service docker start #Install the stable version $ sudo yum remove -y docker docker-common docker-selinux docker-engine-selinux docker-engine docker-ce $ sudo yum-config-manager --disable docker-ce-edge $ sudo yum install -y docker-ce $ sudo service docker start
  3. Or install Docker on Windows
  4. Install EnterMediaDB Docker using our simple setup script. Configure the following commands with your site name, and a unique node number between 100-256 using.
     $ curl -o entermedia-docker.sh -jL docker.entermediadb.org $ sudo bash ./entermedia-docker.sh xyzcorp 100
  5. Once completed you should then be able to connect locally from the host machine:
     $ curl
  6. All your important files will be stored in host computer: /media/emsites/xyzcorp
  7. start, stop, logs, update.sh, bash scripts can be found in: /media/emsites/xyzcorp/100/
  8. You can upgrade to the dev builds of EnterMedia by running: updatedev.sh
  9. NGINX should be used for ssl and load balancing on the host computer pointing to


Advanced Setup

Clean up older versions of Docker:

 Debian: $ sudo apt-get purge docker-engine docker.io $ sudo apt-get autoremove --purge docker-engine $ sudo apt-get autoclean
 RedHat/CentOS: $ sudo yum remove docker-engine docker-selinux $ sudo rm -rf /var/lib/docker $ sudo yum update iptables 


Disable the CSF Firewall as it's not compatible with Docker. Edit and use our simple customization IPTables firewall script. You only have to edit LOCAL_NETWORK= to match your custom network. Follow these instructions to make Iptables firewall rules persistent on reboot and to setup a cluster of Docker instances.

  • The firewall script allows certain IP addresses to have access to port 9200 and 9300 that ElasticSearch uses for clustering. It also allows the NFS ports to be open so that the site can be shared among the nodes.
  • There are several options for clustering:
    • Share the /media/emsites/xyzcorp drive among all the nodes as a network drive
    • Run all the nodes on one machine with a shared volume
    • Experimental: Use a bi-directional sync tool such as https://getsync.com/ to keep /media/emsites/xyzcorp in sync
  • Always use a unique port number for each Docker instance even if they are other servers. This allows unique node id's to be defined.



By default, if Docker can’t find a DNS server locally defined in your /etc/resolv.conf file, containers will default to using Google’s public DNS server,

In some office networks, the administrators intentionally block the use of public DNS servers to encourage people to use the network’s own DNS server.

You can get your internal DNS server IP running the following command:

 $ nmcli dev show | grep 'IP4.DNS'

Or by checking the /etc/resolv.conf file on your host machine.

Then update the Docker daemon by editing the following file:

 $ vi /etc/docker/daemon.json { "dns": ["INTERNAL_DNS_IP", ""] } $ sudo service docker restart


Starting on Bootup

 $ sudo sysctl docker on *** deprecated $ sudo systemctl enable docker

Setup Docker service to start after the Firewall service and any NFS mount required by EnterMedia. Modify Docker service config file at:

 $ sudo vi /usr/lib/systemd/system/docker.service

to look something like this:

 [Unit] Description=Docker Application Container Engine Documentation=https://docs.docker.com After=network-online.target firewalld.service "opt-entermedia-webapp-WEB\x2dINF-data.mount" Wants=network-online.target ConditionPathExists=/opt/entermedia/webapp/WEB-INF/data/media 

Now restart systemctl daemon:

 $ sudo systemctl daemon-reload


Cluster of Dockers

Across machines: Each node needs to have the host computers IP addresses set. See: /media/emsites/xyzcorp/100/tomcat/conf/node.xml, 

Note that the publish host has to match the external IP address of the host machine. Also check that the firewall script allows local network traffic to ElasticSearch ports as configured in entermedia-docker.sh i.e. 9100.


Load Balancer

To access this Docker from remote location you will need to setup a Load Balancer.