The following are accepted by the container as runtime arguments. Options should be followed by a value, flags are stand-alone. Note that these arguments are passed after the image name in a Docker Run statement.
|8.1.0+||String||Gateway name to be applied to the Ignition Gateway on startup|
|8.1.0+||String||Public web address*|
|8.1.0+||Integer||Public HTTP port*|
|8.1.0+||Integer||Public HTTPS port*|
|8.1.0+||Integer||Max memory for JVM|
|8.1.7+||String||Path to Gateway Backup for Automated Restore|
* - Specify Public address/HTTP/HTTPS ports together, all three must be specified
|8.1.0+||Debug mode, applicable to development - attaches port 8000 for remote JVM debugging. Port 8000 will also likely need to be published on the container.|
Supplemental JVM and Wrapper Arguments
You can also specify JVM and Java Service Wrapper arguments to your Docker containers runtime arguments by adding a double-hyphen to delimit these arguments from the other runtime arguments listed above. Wrapper arguments (starting with
wrapper.*) will be merged and JVM arguments added to those specified in the
The image also supports the use of gateway arguments, allowing you to modify the gateway.xml file when launching a container. Like JVM and wrapper arguments, gateway arguments must be specified after a double-hyphen. Only entries in the file that follow the pattern of "gateway.#" can be modified in this way. Docker image entrypoint will no longer forcibly recreate the gateway.xml file on each launch, allowing for settings adjustments from the gateway web UI to properly persist without static definition in the container configuration.
This section will contain some example run configurations for the Ignition Docker image. Review these examples to learn a bit more about how to run and configure the Ignition Docker image, as well as some typical best practices.
Deploying an Ephemeral Gateway for Testing
The run statement below will launch a container in detached mode
-d, publishing port
9088 from the host to port
8088 in the container. The container will be named
ignition-test and use the
8.1.7 image. Finally, the runtime arguments provided will set the Gateway name to
docker-test with public address of
localhost on HTTP port
9088 and HTTPS port
Note that for Linux/macOS/WSL, you can use the backslash for multi-line commands for better readability. You can substitute the backtick
` for Powershell and caret
^ for Windows Command prompt, these characters technically "escape" the newline character, so make sure they are the last character on a given line.
Preserving Gateway State
When using containers, it is common for stateful applications (such as the Ignition Gateway) to leverage volumes to persist that state across image updates, container remove/create cycles, etc. This can be done by applying a named volume to the
/usr/local/bin/ignition/data path within the container. This is especially important if you need to make a change to your container configuration. Since container configurations are immutable, the only way to change it is to stop/remove the old container and start a new one (with a new configuration).
Similar to the above, but this time with a named volume
gw-data attached to
/usr/local/bin/ignition/data within the container. If the volume doesn't already exist, it will be created automatically. Note the additional
--pull option to make sure that the
latest tag is always pulled before running--without this, the
latest tag is only pulled if one isn't already present on your system.
By using named volumes, you're now able to stop and remove the
ignition-test container and create a new one with a different configuration. As long as you attach your volume, your gateway will start up with all of your tags and projects in their previous state.
Starting in 8.1.12, the following KeyStores are also preserved across image updates.
Gateway Network Certificate
This PKCS #12 KeyStore contains the certificate and private key used for gateway network communications, and is created automatically on Gateway startup if not present. Typically this is maintained independently on a per-installation basis to avoid issues from operations such as gateway backup restorations. The situation within a container is somewhat different, and it is usually preferable to track this KeyStore with the rest of the gateway state preserved by a volume. Docker image now redirects, via sym-link, Gateway Network KeyStore creation from
data/local. This will allow the underlying image for the container to be upgraded without generating a new Gateway Network certificate (thus breaking existing approved certificates and connections).
When SSL is enabled on a Gateway,
ssl.pfx is created as a PKCS #12 KeyStore with the private key, server certificate, and root/intermediate CA certificates. This file is automatically read by the Gateway on startup to enable SSL. Similar to the Gateway Network Certificate, this resides outside of the
data/ volume since it is intended to persist across a gateway restore operation. Docker image now redirects, via sym-links, SSL KeyStore creation from
data/local. This allows a Docker container's SSL configuration to persist via the data volume without relying on extra bind-mounts. Disabling SSL now recognizes the presence of sym-links when removing the KeyStore and removes the final target of the link, leaving the sym-link in place.
Automating the Restore of a Gateway Backup
You can automate the restore of a gateway backup on first-launch of your gateway container. This allows for having a new Ignition Gateway restore to a known initial state automatically, without waiting for the commissioning steps.
To leverage this feature, bind-mount a gateway backup into the container and then use the
-r runtime argument to specify the location and command the restore. Additionally, supply the
ACCEPT_IGNITION_EULA=Y environment variable to accept the Ignition EULA (see the Licensing section below) and bypass that gateway commissioning step.
What if I restart the container?
The gateway restore will only apply on a fresh gateway launch. Subsequent restarts of the container will not restore the indicated gateway backup.
Automate the Commissioning of a Fresh Gateway
You can automate the commissioning steps that normally require manual user interaction on the very first launch of the Ignition Gateway. By supplying specific environment variables , you can seed the commissioning steps with the required information to start the rest of the Gateway automatically.
Reading Environment Variables from a file
You can also specify environment variables in the form of
<env var>_FILE=/path/to/file in order to have the environment variable value resolved by reading it from a file. This is helpful for secrets management systems within container orchestrators such as Docker Swarm and Kubernetes.
Customizing JVM/Wrapper/Gateway Arguments on Container Launch
This example shows how to leverage the supplemental JVM/wrapper args feature.
The following demonstrates how to enable the gateway's Resolve Host Names and Use Proxy Forwarded Headers settings by modifying the entries in the
Using Docker Compose
A common practice is to leverage Docker Compose to start your container and bundle the configuration with other services, such as databases and MQTT brokers. Below is an example
docker-compose.yml file that you can create inside of a new, empty folder. The example below incorporates many of the configurability features mentioned in the various sections above.
Once defined, you can bring up the solution using `docker compose` commands. See the animated example below:
The Inductive Automation software contained in this Docker container image is licensed under the terms of the Inductive Automation Software License Agreement.
By passing the value
ACCEPT_IGNITION_EULA=Y, you agree that your use of Inductive Automation software running in this Docker container image is governed by the terms of the Inductive Automation Software License Agreement.
All third party software (whether open or closed) running in this Docker container image is licensed as indicated in this Docker Hub “License” section or in the container itself, usually as a
LICENSE file. You agree to comply with any relevant licenses for third party software contained in this Docker container image.