ntopng Docker image for the UDM base and UDM pro

Information

Category: Linux / System utilities
Watchers: 5
Star: 11
Fork: 0
Last update: Jul 7, 2020

Resource links

https://github.com/tusc/ntopng-udm

README
Issues 12

ntopng for UDM/UDM pro

Distributed under MIT license

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Project Notes

Author: Carlos Talbot (@tusc69 on ubnt forums)

The first step is to pull the image from DockerHub. Log into the UDM via ssh and type the following command:

docker pull tusc/ntopng-udm:latest

This will download the latest image to the UDM.

Next, we'll need to create a directory and download some files that will be saved between upgrades. This is a one time operation.

mkdir -p /mnt/data/ntopng/redis
chmod 777 /mnt/data/ntopng/redis
curl -Lo /mnt/data/ntopng/ntopng.conf https://github.com/tusc/ntopng-udm/blob/master/ntopng/ntopng.conf?raw=true
curl -Lo /mnt/data/ntopng/redis.conf https://github.com/tusc/ntopng-udm/blob/master/ntopng/redis.conf?raw=true

Next, we want to create a container with ntopng running on https port 3001 using this image with the above config files.

docker run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data/ntopng/redis:/var/lib/redis \
   -v /mnt/data/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data/ntopng/redis.conf:/etc/redis/redis.conf \
   docker.io/tusc/ntopng-udm:latest

Open a web browser page to your UDM's ip address with port 3001 at the end using https. For example: https://192.168.1.1:3001

If you have to reboot the UDM you'll have to restart the container. You can do so by typing the following:

docker start ntopng

Fortunately you can also take advantage of boostchicken's great tool to automatically start a Docker container after a reboot: https://github.com/boostchicken/udm-utilities/tree/master/on-boot-script

If you're interested in compiling your own version I have a Dockerfile available here that compiles ntopng from source: https://github.com/tusc/ntopng-udm/blob/master/source/Dockerfile

Customize settings

The default instance will listen on the LAN interface (br0). You can edit the file /mnt/data/ntopng/ntopng.conf on the UDM to change the settings. The default is -e (daemon mode), -i=br0 (LAN), n=1 ( Decode DNS responses and resolve all numeric IPs ) and -W3001 (enable HTTPS port)

NOTE If you comment out the -i interface and let ntopng startup listening to all interfaces you will have to wait up to 30 seconds for all interfaces to register. This will also consume additional CPU and memory resources so be careful with this option.

You can also customize the settings for the redis database if you want to eliminates database saves to storage. That file is located at /mnt/data/ntopng/redis.conf

Uninstalling

To remove the docker instance and image you'll need to type the following at the UDM ssh prompt:

docker stop ntopng
docker rm ntopng
docker rmi docker.io/tusc/ntopng-udm  (or "docker rmi ntopng-image" if you installed the first release)

Upgrades

Whenever there is a new version of ntopng you can easily perform an upgrade by doing the following commands:

docker stop ntopng
docker rm ntopng
docker pull tusc/ntopng-udm:latest
docker run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data/ntopng/redis:/var/lib/redis \
   -v /mnt/data/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data/ntopng/redis.conf:/etc/redis/redis.conf \
   docker.io/tusc/ntopng-udm:latest

Console Lockout

If for whatever reason you find yourself locked out of the ntopng login prompt you can follow the steps on this page for resetting the password: https://www.ntop.org/guides/ntopng/faq.html#cannot-login-into-the-gui

You have to connect to the containter in order to run the redis commands as reference in the FAQ. Do so by typing the following below. You can type "exit" to get out of the container when you're done.

docker exec -it ntopng bash

1 Open More issues

Closed

Update to new version

Hi,

first of all, many thanks for your work, ntopng works like a charm on UDM pro!

How is it possible to update ntopng to a new version? I see in the Dockerfile you just copy the "200711" packages to /tmp and install them. Is it possible to simply replace the current "ntopng_4.1.200711-10754_arm64.deb" with a current one, e.g. "ntopng_4.2.201120-12281_amd64.deb" (from https://packages.ntop.org/apt-stable/buster/x64/) ?

Additionally: what's the "ntopng-data_4.1.200711_all.deb" package? Is this mandatory?

best Daniel

opened Nov 20, 2020 by net47 8

Closed

Externalize ntopng configs using docker volume mounts

This is a best practice and should ensure any data is not lost during firmware updates.

opened Jul 7, 2020 by boostchicken 4

Closed

use /mnt/data_ext for more disk space when using a hard drive installed in UDM Pro

I've installed a 256G SSD in my UDM Pro and I've deployed this project on that drive.

Here's the command I use to start the container:

podman run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data_ext/ntopng/GeoIP.conf:/etc/GeoIP.conf \
   -v /mnt/data_ext/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data_ext/ntopng/redis.conf:/etc/redis/redis.conf \
   -v /mnt/data_ext/ntopng/lib:/var/lib/ntopng \
   docker.io/tusc/ntopng-udm:latest

opened Sep 29, 2020 by jgarland79 3

Closed

A ntopng v5.5 Builder Implementation

Upgrades the packages needed and the dependencies required for a v5 build

opened Dec 10, 2022 by RobertTheProfessional 2

Closed

Multi Stage Docker Build

It is a docker best practice to keep the image as minimal as possible. It would be great to build all these binaries and then copy them over to a fresh image. Here is a very simple example

https://github.com/boostchicken/udm-utilities/blob/master/nextdns/docker/Dockerfile

It would look like everything you have now, just in the 2nd part you only copy the files you need to have over from the builder image. That looks like redis server, nDPI, and the ntopng binaries.

opened Jul 13, 2020 by boostchicken 2

Closed

Enhancement: External Redis Server

Some people might already be running Redis, it would be great to be able to utilize existing Redis clusters.

opened Jul 13, 2020 by boostchicken 2

Open

UniFi OS 3

Hi, is this working of UniFi OS 3? Anyone have it running?

opened Apr 23, 2023 by johnnytabasco 0

Open

License Ntopng

Hi, I'm really excited about the package you provided for my UDM pro. I am wondering how I can add a license of the PRO version of ntopng to the package. I tried by saving a ntopng.license file in different locations (/etc/ and /mnt/data/ntopng/), this should trigger the daemon to start in the PRO version but this doesn't work. I am using the instructions as I found here: https://www.ntop.org/guides/ntopng/adding_a_license/index.html Is there a way to add my license key to the docker container (maybe with the -v option)? Thanks

opened Mar 26, 2023 by chicamaxi 1

Open

no WAN interface

I know ntopng can monitor wan traffic but if I edit the config to include the wan its never an option when I go back in. I've also just had it listen on all interfaces and WAN was still not an option. Am I missing something?

opened Jun 9, 2022 by ChaiFox 0

Open

Upgrade to 5.x?

Hi,

will there be update to latest ntopng 5.2?

thx Mike

opened May 22, 2022 by bondskin 4

Open

HTTPS warning on connect

Why is the podman container running with https by default? I don't have a certificate for 192.168.1.1 and so my browser gives me a warning that the site is using https but the certificate is invalid. Does ntopng really need to run with https, wouldn't http suffice as it's an internal service?

If https makes sense, then could you please update the readme as to how to make it work nicely out of the box?

opened Feb 5, 2022 by altosys 0

Open

Unable to change password

When I log into ntopng for the first time with admin/admin credentials I'm prompted to change the password. After entering a new password I click the "Change Password" button, but nothing happens, so now I'm stuck.

I have ntopng running with podman on my UDM-P as per the instructions in the readme, I've done no tweaking of it at all.

opened Feb 5, 2022 by altosys 1

WireGuard for UDM series routers

Base plugin, creates a normalized environment object from a function, filepath or instance of base.

Control the listening mode on your AirPods Pro in the Touch Bar or Menu Bar.

A tool for exploring each layer in a docker image

The Docker CLI

A visualizer for Docker Swarm Mode using the Docker Remote API, Node.JS, and D3

Generate Web/CLI projects Dockerized development environments, from 1 simple YAML file.

Docker Explorer for Visual Studio Code

Scripts and docker compose files to start flow.ci services from docker

A Docker image for PyTorch

🐳 A preconfigured, extendable, multistage, PHP Symfony 4.3+ Docker Image for Production and Development

idahunt is a framework to analyze binaries with IDA Pro and hunt for things in IDA Pro

Run Aperture, iPhoto, and iTunes on macOS Catalina. Xcode 11.4.1 on macOS Mojave. Final Cut Pro 7, Logic Pro 9, and iWork ’09 on macOS Mojave or macOS High Sierra.

A barebone version of Windows 11 Pro 64-Bit

A space efficient alternative to base-64

Self-hosted web application for monitoring docker.

Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start

Run IDA Pro disassembler in Docker containers for automating, scaling and distributing the use of IDAPython scripts.

Garbage collector for Docker Swarm / Автоматическая сборка мусора для Docker и Docker Swarm

An unofficial Microsoft Machine Learning Server Docker image.

docker-rust — the official Rust Docker image

Share this repo

Related Repos

System utilities

Files used for reproducing Fuzzware's experiments

Fuzzware Experiments This directory contains the data required to reproduce the experiments from our USENIX 2022 publication Fuzzware: Using Precise M

System utilities

Presentation plugin for neovim written in lua

Presenting.nvim A Presentation plugin written for Neovim in Lua Installation You can install Present with your plugin manager of choice with packer.nv

System utilities

Static analysis tool for Go that finds vulnerabilities using SSA (single static assignment...

GitHub Action: GoKart Security Static Analysis GoKart is a static analysis tool for Go that finds vulnerabilities using the SSA (single static assignm

System utilities

Railway for Alist

alist-railway Railway for Alist Usage Fork this repo Open Railway and click New Object Choose the repo that you forked and select the mysql branch Add

System utilities

Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumerati...

Basic Recon For Bug Bounty Hunter - "HuntTheBug" is Basic Scripts For Sub Domain Enumeration> Live Domain Enumeration > Sub Domain Hijack > URL + JavaScript Scan > Dir Brute Forcing > Open Port Check With Telegram Bot Notification

System utilities

Extensible Neovim Scrollbar

nvim-scrollbar Extensible Neovim Scrollbar 🚧 WORK IN PROGRESS 🚧 This is a work in progress and breaking changes to the setup/config could occur in t

System utilities

😎😘 Free Windows 11 VPS for 4 Hours ! Easy Method!

Windows 11 RDP Here this tutorial using Azure Cloud Shell to create Virtual Machine on Microsoft Learn Sandbox. 😎 Its Four Hours RDP Completely Free

System utilities

My configuraion files

Welcome! Here you can find my Void Linux dotfiles. Overview OS: Void Window manager: bspwm Terminal: kitty Shell: zsh Bar: Polybar Compositor: picom P

System utilities

An especially small & quick & simple Algolia docsearch Indices upload action

algolia-docsearch-upload-action An especially small & quick & simple Algolia docsearch Indices upload action Usage - name: Algolia Docsearch Uploa

System utilities

A simple and transparent alternative to boot2docker (backed by Vagrant)

docker-vm The easiest way to get started with Docker on Mac OS X (tested on OS X Yosemite 10.10.1) and Windows (tested on Windows 10 Pro Insider Previ

System utilities

518

GitOps powered K8s app suite with developer self-service

Shift left with Otomi Otomi makes developers self-serving and helps DevOps teams to guarantee application security and availability at the earliest st

System utilities

102

Awesome Bug bounty builder Project

Awesome Bug Bounty Builder ¯\(ツ)/¯ Awesome Bug bounty builder Project - ALL common Tools for find your Vulnerabilities. Tested on Debian. Installation

System utilities

Ready-to-use VSCode setup to preview/convert markdown documents

System utilities

7.3k

Testing TLS/SSL encryption anywhere on any port

System utilities

519

Vegile - Ghost In The Shell

Vegile is a tool for Post exploitation Techniques in linux. Post Exploitation techniques will ensure that we maintain some level of access and can potentially lead to deeper footholds into our targets trusted network.