Skip to content
Omniglass Omniglass Omniglass

Going to Production

The Quick Start gets you an Omniglass stack running quickly for evaluation. For production, stand up a fresh deployment rather than converting your evaluation deployment — a few defaults (database password, Node-RED secrets) only take effect on first boot and can’t be changed later without data loss.

Keep the evaluation deployment for testing and learning if you want. Deploy production separately, with production values set from the start.

Before you start

Section titled “Before you start”

Decide these values. You’ll set them in .env before first boot.

Required for production:

  • SERVER_DATABASE_PASSWORD — a strong, unique database password. This is set on first boot only; changing it later requires rebuilding the database.
  • SERVER_NODERED_CREDENTIAL_SECRET — a strong random value used to encrypt Node-RED credentials at rest. Generate with openssl rand -hex 32. Cannot be changed later without re-encrypting all stored credentials.
  • SERVER_NODERED_TOKEN_SECRET — a strong random value used to sign Node-RED session tokens. Generate with openssl rand -hex 32.

Usually customized:

  • SERVER_ADDRESS — the hostname this server is known by. Used as the monitored name for the host itself.
  • SERVER_TIMEZONE — IANA timezone for the UI (e.g. America/New_York).
  • SERVER_UI_TITLE — display name in the UI header.

First boot

Section titled “First boot”

Bring the stack up with your production .env in place:

Terminal window
docker compose --profile server up -d

Log into the UI at http://<your-host>/ as Admin / omniglass and immediately change the Admin password.

TLS

Section titled “TLS”

Omniglass does not terminate TLS. Put a reverse proxy (nginx, Caddy, Traefik) in front of the stack to handle HTTPS, or deploy only on a trusted internal network.

Exposed ports

Section titled “Exposed ports”

A server deployment exposes two ports:

  • 80 (override with SERVER_HTTP_PORT) — the Omniglass UI. This is the port your reverse proxy / front TLS terminator connects to.
  • 10051 — Zabbix server trapper. Required if you’ll connect edge proxies to this host. Close it if you won’t.

Only expose these to the networks that need them.

Sizing

Section titled “Sizing”

The evaluation minimums (2 vCPUs, 4 GB RAM, 20 GB disk) are for evaluation. Production sizing depends on:

  • Number of monitored hosts and items
  • Collection interval and history retention
  • Number of edge proxies forwarding data

Scale CPU, RAM, and disk accordingly. Monitor disk growth — database size grows with history and trend retention.

Backups

Section titled “Backups”

PostgreSQL data lives in the postgres_data Docker volume. Back it up on a regular schedule. One approach using pg_dump from inside the running container:

Terminal window
docker compose exec -T postgres pg_dump -U zabbix -Fc zabbix > omniglass-$(date +%Y%m%d).dump

Document and test your restore procedure. A backup you can’t restore is not a backup.

Host hardening

Section titled “Host hardening”

Apply your organization’s standard server hardening practices. Keep Docker Engine and the host OS patched.

Self-monitoring

Section titled “Self-monitoring”

Have an external check that the Omniglass UI is reachable on port 80 (or your chosen port). Omniglass cannot alert you if Omniglass itself is down.