Openremote noob in need of help

Good day all I know I have posted a few times but in desperate need of help I have been reading through the wiki and going through the existing forum questions .

I have managed to get a few things right like custom map, the theme

things I am trying to work out and not succeeding
the correct docker-compose file layout this is my current docker-compose file is there anything i need to take out or add? Is it best to put a static ip on the docker?

# OpenRemote v3
#
# Profile that runs the stack by default on https://localhost using a self-signed SSL certificate,
# but optionally on https://$OR_HOSTNAME with an auto generated SSL certificate from Letsencrypt.
#
# It is configured to use the AWS logging driver.
#
volumes:
  proxy-data:
  manager-data:
  postgresql-data:

services:

  proxy:
    image: openremote/proxy:${PROXY_VERSION:-latest}
    restart: always
    depends_on:
      manager:
        condition: service_healthy
    ports:
      - "80:80" # Needed for SSL generation using letsencrypt
      - "${OR_SSL_PORT:-443}:443"
      - "8883:8883"
      - "127.0.0.1:8404:8404" # Localhost metrics access
    volumes:
      - proxy-data:/deployment
    environment:
      LE_EMAIL: ${OR_EMAIL_ADMIN:-}
      DOMAINNAME: ${OR_HOSTNAME:-localhost}
      DOMAINNAMES: ${OR_ADDITIONAL_HOSTNAMES:-}
      # USE A CUSTOM PROXY CONFIG - COPY FROM https://raw.githubusercontent.com/openremote/proxy/main/haproxy.cfg
      #HAPROXY_CONFIG: '/data/proxy/haproxy.cfg'

  postgresql:
    restart: always
    image: openremote/postgresql:${POSTGRESQL_VERSION:-latest}
    shm_size: 128mb
    volumes:
      - postgresql-data:/var/lib/postgresql/data
      - manager-data:/storage

  keycloak:
    restart: always
    image: openremote/keycloak:${KEYCLOAK_VERSION:-latest}
    depends_on:
      postgresql:
        condition: service_healthy
    volumes:
      - ./deployment/keycloak/themes:/opt/keycloak/themes/custom
    environment:
      KEYCLOAK_ADMIN_PASSWORD: ${OR_ADMIN_PASSWORD:-secret}
      KC_HOSTNAME: ${OR_HOSTNAME:-localhost}
      KC_HOSTNAME_PORT: ${OR_SSL_PORT:--1}


  manager:
#    privileged: true
    restart: always
    image: openremote/manager:${MANAGER_VERSION:-latest}
    depends_on:
      keycloak:
        condition: service_healthy
    volumes:
      - manager-data:/storage
      - ./deployment/map:/deployment/map
      - ./deployment:/deployment
    ports:
      - "127.0.0.1:8405:8405" # Localhost metrics access
    environment:
      OR_SETUP_TYPE:
      OR_ADMIN_PASSWORD:
      OR_SETUP_RUN_ON_RESTART:
      OR_EMAIL_HOST:
      OR_EMAIL_USER:
      OR_EMAIL_PASSWORD:
      OR_EMAIL_X_HEADERS:
      OR_EMAIL_FROM:
      OR_EMAIL_ADMIN:
      OR_METRICS_ENABLED: ${OR_METRICS_ENABLED:-true}
      OR_HOSTNAME: ${OR_HOSTNAME:-localhost}
      OR_ADDITIONAL_HOSTNAMES:
      OR_SSL_PORT: ${OR_SSL_PORT:--1}
      OR_DEV_MODE: ${OR_DEV_MODE:-false}
      MAP_TILES_PATH: /deployment/map/mapdata.mbtiles
      MAP_SETTINGS_PATH: /deployment/map/mapsettings.json

      # The following variables will configure the demo
      OR_FORECAST_SOLAR_API_KEY:
      OR_OPEN_WEATHER_API_APP_ID:
      OR_SETUP_IMPORT_DEMO_AGENT_KNX:
      OR_SETUP_IMPORT_DEMO_AGENT_VELBUS:

the keycloak theme
the ssl certificate the page says not secure
the mqtt broker in openremote I am not able to connect my gateway to openremote but think that is due to the page saying not secure

any help is appreciated thanks in advanced

The docker-compose.yml file looks good to me.

It looks like you’re trying to deploy a production instance, that uses a secure HTTPS connection.
Normally you’d configure OR_HOSTNAME to be a url like example.com.
So it should be OK after you’ve done that.

For context: we automatically generate a self signed SSL certificate for OR_HOSTNAME.

Hope this helps!

@martin.peeters thanks I have given it a try stopped the container did a docker-compose up -d, the container logs

2024-12-05 07:29:36 proxy-1       | [INFO][2024-12-05 05:29:36] Executing cert_init at Thu, 05 Dec 2024 05:29:36 +0000
2024-12-05 07:29:36 proxy-1       | [INFO][2024-12-05 05:29:36] Initialising certificate for 'intellisecmonitoring.com'...
2024-12-05 07:29:36 proxy-1       | [INFO][2024-12-05 05:29:36] Adding domain "intellisecmonitoring.com"...
2024-12-05 07:29:36 proxy-1       | Saving debug log to /var/lib/haproxy/-/letsencrypt.log
2024-12-05 07:29:38 proxy-1       | Account registered.
2024-12-05 07:29:38 proxy-1       | Requesting a certificate for intellisecmonitoring.com
2024-12-05 07:29:41 proxy-1       | 
2024-12-05 07:29:41 proxy-1       | Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
2024-12-05 07:29:41 proxy-1       |   Domain: intellisecmonitoring.com
2024-12-05 07:29:41 proxy-1       |   Type:   dns
2024-12-05 07:29:41 proxy-1       |   Detail: DNS problem: NXDOMAIN looking up A for intellisecmonitoring.com - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for intellisecmonitoring.com - check that a DNS record exists for this domain
2024-12-05 07:29:41 proxy-1       | 
2024-12-05 07:29:41 proxy-1       | Hint: The Certificate Authority failed to download the temporary challenge files created by Certbot. Ensure that the listed domains serve their content from the provided --webroot-path/-w and that files created there can be downloaded from the internet.
2024-12-05 07:29:41 proxy-1       | 
2024-12-05 07:29:41 proxy-1       | Some challenges have failed.
2024-12-05 07:29:41 proxy-1       | Ask for help or search for solutions at https://community.letsencrypt.org. See the logfile /var/lib/haproxy/-/letsencrypt.log or re-run Certbot with -v for more details.
2024-12-05 07:29:41 proxy-1       | [ERROR][2024-12-05 05:29:41] Failed to generate certificate either haproxy configuration is incorrect or TLD not supported
2024-12-05 07:29:41 proxy-1       | [INFO][2024-12-05 05:29:41] Symlinking first domain to built in cert directory to take precedence over self signed cert
2024-12-05 07:29:41 proxy-1       | [INFO][2024-12-05 05:29:41] Executing auto renew at Thu, 05 Dec 2024 05:29:41 +0000
2024-12-05 07:29:41 proxy-1       | Saving debug log to /var/log/letsencrypt/letsencrypt.log

here is a docker inspect of the proxy container

[
    {
        "Id": "6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4",
        "Created": "2024-12-05T07:54:23.391145909Z",
        "Path": "/entrypoint.sh",
        "Args": [
            "run"
        ],
        "State": {
            "Status": "running",
            "Running": true,
            "Paused": false,
            "Restarting": false,
            "OOMKilled": false,
            "Dead": false,
            "Pid": 84370,
            "ExitCode": 0,
            "Error": "",
            "StartedAt": "2024-12-05T07:54:56.113838458Z",
            "FinishedAt": "0001-01-01T00:00:00Z",
            "Health": {
                "Status": "healthy",
                "FailingStreak": 0,
                "Log": [
                    {
                        "Start": "2024-12-05T10:09:01.548393678Z",
                        "End": "2024-12-05T10:09:01.578462516Z",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-12-05T10:09:06.579318044Z",
                        "End": "2024-12-05T10:09:06.612943147Z",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-12-05T10:09:11.613939446Z",
                        "End": "2024-12-05T10:09:11.666108527Z",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-12-05T10:09:16.66422356Z",
                        "End": "2024-12-05T10:09:16.695192341Z",
                        "ExitCode": 0,
                        "Output": ""
                    },
                    {
                        "Start": "2024-12-05T10:09:21.696001073Z",
                        "End": "2024-12-05T10:09:21.728322896Z",
                        "ExitCode": 0,
                        "Output": ""
                    }
                ]
            }
        },
        "Image": "sha256:512953447c3180bdcb1209cc9592242f0a2917ea24c7762f13e83b2c782fca50",
        "ResolvConfPath": "/var/lib/docker/containers/6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4/resolv.conf",
        "HostnamePath": "/var/lib/docker/containers/6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4/hostname",
        "HostsPath": "/var/lib/docker/containers/6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4/hosts",
        "LogPath": "/var/lib/docker/containers/6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4/6431cffc03f7cdfa84113aaee930aa559e65c60aa4792e265b3420408b8ed8f4-json.log",
        "Name": "/intellisec-proxy-1",
        "RestartCount": 0,
        "Driver": "overlayfs",
        "Platform": "linux",
        "MountLabel": "",
        "ProcessLabel": "",
        "AppArmorProfile": "",
        "ExecIDs": null,
        "HostConfig": {
            "Binds": null,
            "ContainerIDFile": "",
            "LogConfig": {
                "Type": "json-file",
                "Config": {}
            },
            "NetworkMode": "intellisec_default",
            "PortBindings": {
                "443/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "80"
                    }
                ],
                "8404/tcp": [
                    {
                        "HostIp": "127.0.0.1",
                        "HostPort": "8404"
                    }
                ],
                "8883/tcp": [
                    {
                        "HostIp": "",
                        "HostPort": "8883"
                    }
                ]
            },
            "RestartPolicy": {
                "Name": "always",
                "MaximumRetryCount": 0
            },
            "AutoRemove": false,
            "VolumeDriver": "",
            "VolumesFrom": null,
            "ConsoleSize": [
                0,
                0
            ],
            "CapAdd": null,
            "CapDrop": null,
            "CgroupnsMode": "host",
            "Dns": null,
            "DnsOptions": null,
            "DnsSearch": null,
            "ExtraHosts": [],
            "GroupAdd": null,
            "IpcMode": "private",
            "Cgroup": "",
            "Links": null,
            "OomScoreAdj": 0,
            "PidMode": "",
            "Privileged": false,
            "PublishAllPorts": false,
            "ReadonlyRootfs": false,
            "SecurityOpt": null,
            "UTSMode": "",
            "UsernsMode": "",
            "ShmSize": 67108864,
            "Runtime": "runc",
            "Isolation": "",
            "CpuShares": 0,
            "Memory": 0,
            "NanoCpus": 0,
            "CgroupParent": "",
            "BlkioWeight": 0,
            "BlkioWeightDevice": null,
            "BlkioDeviceReadBps": null,
            "BlkioDeviceWriteBps": null,
            "BlkioDeviceReadIOps": null,
            "BlkioDeviceWriteIOps": null,
            "CpuPeriod": 0,
            "CpuQuota": 0,
            "CpuRealtimePeriod": 0,
            "CpuRealtimeRuntime": 0,
            "CpusetCpus": "",
            "CpusetMems": "",
            "Devices": null,
            "DeviceCgroupRules": null,
            "DeviceRequests": null,
            "MemoryReservation": 0,
            "MemorySwap": 0,
            "MemorySwappiness": null,
            "OomKillDisable": false,
            "PidsLimit": null,
            "Ulimits": null,
            "CpuCount": 0,
            "CpuPercent": 0,
            "IOMaximumIOps": 0,
            "IOMaximumBandwidth": 0,
            "Mounts": [
                {
                    "Type": "volume",
                    "Source": "intellisec_proxy-data",
                    "Target": "/deployment",
                    "VolumeOptions": {}
                }
            ],
            "MaskedPaths": [
                "/proc/asound",
                "/proc/acpi",
                "/proc/kcore",
                "/proc/keys",
                "/proc/latency_stats",
                "/proc/timer_list",
                "/proc/timer_stats",
                "/proc/sched_debug",
                "/proc/scsi",
                "/sys/firmware",
                "/sys/devices/virtual/powercap"
            ],
            "ReadonlyPaths": [
                "/proc/bus",
                "/proc/fs",
                "/proc/irq",
                "/proc/sys",
                "/proc/sysrq-trigger"
            ]
        },
        "GraphDriver": {
            "Data": null,
            "Name": "overlayfs"
        },
        "Mounts": [
            {
                "Type": "volume",
                "Name": "intellisec_proxy-data",
                "Source": "/var/lib/docker/volumes/intellisec_proxy-data/_data",
                "Destination": "/deployment",
                "Driver": "local",
                "Mode": "z",
                "RW": true,
                "Propagation": ""
            }
        ],
        "Config": {
            "Hostname": "6431cffc03f7",
            "Domainname": "",
            "User": "root",
            "AttachStdin": false,
            "AttachStdout": true,
            "AttachStderr": true,
            "ExposedPorts": {
                "443/tcp": {},
                "80/tcp": {},
                "8404/tcp": {},
                "8883/tcp": {}
            },
            "Tty": false,
            "OpenStdin": false,
            "StdinOnce": false,
            "Env": [
                "DOMAINNAME=intellisecmonitoring.com",
                "DOMAINNAMES=",
                "LE_EMAIL=jont@intellisec.co.za",
                "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
                "HAPROXY_VERSION=2.9.11",
                "HAPROXY_URL=https://www.haproxy.org/download/2.9/src/haproxy-2.9.11.tar.gz",
                "HAPROXY_SHA256=2375281ddf81e201b531d4119c686356d1d37d0afc4bc0e3b6dcec9f2e5568ba",
                "TERM=xterm",
                "HAPROXY_USER_PARAMS=",
                "HAPROXY_CONFIG=/etc/haproxy/haproxy.cfg",
                "PROXY_LOGLEVEL=notice",
                "MANAGER_HOST=manager",
                "MANAGER_WEB_PORT=8080",
                "MANAGER_MQTT_PORT=1883",
                "KEYCLOAK_HOST=keycloak",
                "KEYCLOAK_PORT=8080",
                "LOGFILE=",
                "CERT_DIR=/deployment/certs",
                "LE_DIR=/deployment/letsencrypt",
                "CHROOT_DIR=/etc/haproxy/webroot"
            ],
            "Cmd": [
                "run"
            ],
            "Healthcheck": {
                "Test": [
                    "CMD-SHELL",
                    "curl --fail --silent http://127.0.0.1/docker-health || exit 1"
                ],
                "Interval": 5000000000,
                "Timeout": 3000000000,
                "StartPeriod": 5000000000,
                "Retries": 10
            },
            "Image": "openremote/proxy:latest",
            "Volumes": null,
            "WorkingDir": "/var/lib/haproxy",
            "Entrypoint": [
                "/entrypoint.sh"
            ],
            "OnBuild": null,
            "Labels": {
                "com.docker.compose.config-hash": "08ac13cd9f850e87fb1ccf9f760e722f1e934c21d7795a2c0cf9fa6f0dc4359e",
                "com.docker.compose.container-number": "1",
                "com.docker.compose.depends_on": "manager:service_healthy:false",
                "com.docker.compose.image": "sha256:512953447c3180bdcb1209cc9592242f0a2917ea24c7762f13e83b2c782fca50",
                "com.docker.compose.oneoff": "False",
                "com.docker.compose.project": "intellisec",
                "com.docker.compose.project.config_files": "C:\\Intellisec\\docker-compose.yml",
                "com.docker.compose.project.working_dir": "C:\\Intellisec",
                "com.docker.compose.replace": "769de6927e57286b3568092d2ed5328bd4b37b60f186d1d50f7632349de2ee8c",
                "com.docker.compose.service": "proxy",
                "com.docker.compose.version": "2.29.7"
            },
            "StopSignal": "SIGUSR1"
        },
        "NetworkSettings": {
            "Bridge": "",
            "SandboxID": "c5e3493771557b5ae3b6197885daeb8e21a4bd1dedf0c9b6b6813acfe7d1c897",
            "SandboxKey": "/var/run/docker/netns/c5e349377155",
            "Ports": {
                "443/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "443"
                    }
                ],
                "80/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "80"
                    }
                ],
                "8404/tcp": [
                    {
                        "HostIp": "127.0.0.1",
                        "HostPort": "8404"
                    }
                ],
                "8883/tcp": [
                    {
                        "HostIp": "0.0.0.0",
                        "HostPort": "8883"
                    }
                ]
            },
            "HairpinMode": false,
            "LinkLocalIPv6Address": "",
            "LinkLocalIPv6PrefixLen": 0,
            "SecondaryIPAddresses": null,
            "SecondaryIPv6Addresses": null,
            "EndpointID": "",
            "Gateway": "",
            "GlobalIPv6Address": "",
            "GlobalIPv6PrefixLen": 0,
            "IPAddress": "",
            "IPPrefixLen": 0,
            "IPv6Gateway": "",
            "MacAddress": "",
            "Networks": {
                "intellisec_default": {
                    "IPAMConfig": null,
                    "Links": null,
                    "Aliases": [
                        "intellisec-proxy-1",
                        "proxy"
                    ],
                    "MacAddress": "02:42:ac:13:00:05",
                    "DriverOpts": null,
                    "NetworkID": "ee5b65b789749801b1fcd08cb08c75a54e33ef1ff652c57a33d90bd22c0aaf10",
                    "EndpointID": "64ee004b1374240234c9e896f7deaefc15b9e9108502875c1236e2dea8ce16af",
                    "Gateway": "172.19.0.1",
                    "IPAddress": "172.19.0.5",
                    "IPPrefixLen": 16,
                    "IPv6Gateway": "",
                    "GlobalIPv6Address": "",
                    "GlobalIPv6PrefixLen": 0,
                    "DNSNames": [
                        "intellisec-proxy-1",
                        "proxy",
                        "6431cffc03f7"
                    ]
                }
            }
        }
    }
]

The Certbot tries to get a Let’s Encrypt certificate for this domain but apparently it does not exist. The DNS of the domain needs to resolve to IP on which the containers run in order for Certbot to work. The certificate is used by the proxy to encrypt the data when using HTTPS.

@wborn thanks for that, are there any steps that I can try to resolve this?

Hey @jonty ,

This is a DNS issue, you need to add some DNS entries to make your domain “point” to the IP of the server running OpenRemote. Usually that would happen by adding an “A record” on your DNS entries that points to that IP. The exact steps on this depend on your server setup/provider, and your domain provider.

thanks @panos will try figure it out because for now i am trying to run it as a test environment on my laptop but because the ssl is not working I feel that its preventing me from connecting to the open remote mqtt broker.