Scaling your infrastructure is crucial for any growing operation, and Komodo offers a robust solution for managing multiple servers. This guide walks you through the process of seamlessly integrating additional servers into your Komodo ecosystem, enhancing its capabilities and efficiency. We'll cover both the installation of the Periphery agent and its configuration, ensuring a secure and streamlined setup.
# For root installation
curl -sSL https://raw.githubusercontent.com/moghtech/komodo/main/scripts/setup-periphery.py | python3
# For installation as the current user (requires additional configuration)
curl -sSL https://raw.githubusercontent.com/moghtech/komodo/main/scripts/setup-periphery.py | python3 - --user
version: "3.9"
services:
periphery:
image: ghcr.io/mbecker20/periphery:latest
# image: ghcr.io/mbecker20/periphery:latest-aarch64 # Use for ARM support
labels:
komodo.skip: # Prevents Komodo from attempting to stop the container with StopAllContainers
logging:
driver: local
ports:
- 8120:8120 # Exposes port 8120 for communication
volumes:
- /var/run/docker.sock:/var/run/docker.sock # Mounts the Docker socket for container interaction
- /proc:/proc # Allows Periphery to access host processes
- ssl-certs:/etc/komodo/ssl # Mounts SSL certificates (use self-signed or your own)
- repos:/etc/komodo/repos # Mounts repository directory (adjust path as needed)
- stacks:/etc/komodo/stacks # Mounts stack directory (adjust path as needed)
# - /path/to/compose:/host/compose # Optional: Mount path for compose files
environment:
# Full config options available at: https://github.com/moghtech/komodo/blob/main/config/periphery.config.toml
PERIPHERY_PASSKEYS: your_core_passkey # Your Komodo Core passkey (alternatively use PERIPHERY_PASSKEYS_FILE)
PERIPHERY_ALLOWED_IPS: # Optional: Restrict access by IP address
PERIPHERY_SSL_ENABLED: true # Enables HTTPS
PERIPHERY_INCLUDE_DISK_MOUNTS: /etc/hostname # Optional: Whitelist disk mounts for accurate reporting (comma-separated list)
# PERIPHERY_EXCLUDE_DISK_MOUNTS: /snap,/etc/repos # Optional: Blacklist disk mounts
volumes:
ssl-certs:
repos:
stacks:
Download the Periphery binary from the latest release. Create and configure your Periphery configuration file (periphery.config.toml), referencing the example configuration provided later in this guide. Ensure inbound connectivity is allowed on the port specified in your configuration file (default is 8120). Firewall adjustments may be necessary. If using Docker, ensure the user running Periphery has access to the docker group without requiring sudo. Start the Periphery binary using your preferred process manager (like systemd).
periphery \
--config-path /path/to/periphery.config.base.toml \
--config-path /other_path/to/overide-periphery-config-directory \
--config-keyword periphery \
--config-keyword config \
--merge-nested-config true
Firewall Rules: Restrict access to port 8120 (or your chosen port) using firewall rules to only allow trusted IP addresses.Whitelist IPs: In your Periphery configuration, specify allowed IP addresses to further limit access.Passkey Authentication: Use passkeys to authenticate requests from the Komodo Core, preventing unauthorized access. This significantly enhances the security posture of your Komodo setup.
wget -P komodo https://raw.githubusercontent.com/moghtech/komodo/main/config/periphery.config.toml
0 comments:
Post a Comment