Build and run a Docker image
ForgeRock delivers a Dockerfile inside IG-2023.6.0.zip
, to help you build an
evaluation-only, base Docker image for IG. After building and running
the Docker image, add a configuration as described in Add configuration to a Docker image.
ForgeRock provides no commercial support for production deployments that use ForgeRock’s evaluation-only Docker images. When deploying the ForgeRock Identity Platform using Docker images, you must build and use your own images for production deployments. |
The Docker image has the following characteristics:
-
The Docker image runs on Linux and Mac operating systems.
-
IG binaries are delivered in
/opt/ig
. -
The environment variable
$IG_INSTANCE_DIR
has the value/var/ig
. -
A ForgeRock user with username:
forgerock
and uid:11111
, runs the IG process and owns the configuration files.
Build the base image for IG
-
Download
IG-2023.6.0.zip
from the ForgeRock BackStage download site, and unzip. The directory/path/to/identity-gateway
is created. -
Go to
/path/to/identity-gateway
:$ cd /path/to/identity-gateway
-
With a Docker daemon running, build a base Docker image:
$ docker build . -f docker/Dockerfile -t ig-image Sending build context to Docker daemon Step 1/7 : FROM gcr.io/forgerock-io/java-11:latest latest: Pulling from forgerock-io/java-11 ... Successfully tagged ig-image:latest
-
Make sure the Docker image is available:
$ docker image list REPOSITORY TAG IMAGE ID ig-image latest gcr.io/forgerock-io/java-11 latest
Run the Docker image
The following steps run the Docker image on port 8080
. Make sure the
port is not being used, or use a different port as described in the procedure.
-
With a Docker daemon running, run the Docker image:
$ docker run -p 8080:8080 ig-image
IG starts up, and the console displays the message log.
-
Go to http://localhost:8080 to view the IG welcome page.
Stop the Docker image
-
List the Docker containers that are running:
$ docker container ls
-
For a container with the status
Up
, use the container ID to stop the container:$ docker container stop CONTAINER_ID
Run options
Consider using the following options when you run the Docker image:
-e IG_OPTS=-Dig.pid.file.mode=value ig-image
-
Allow startup if there is an existing PID file. IG removes the existing PID file and creates a new one during startup. The following example passes an environment variable with the value
override
as a Java runtime option:$ docker run -e "IG_OPTS=-Dig.pid.file.mode=override" ig-image
To prevent restart if there is an existing PID file, set the value to the default
fail
. -p port:port
-
The default ports
8080:8080
equate tolocal-machine-port:internal-container-port
. IG can run on a different port, but the container must always run on8080
. The following example runs IG on port8090
:$ docker run -p 8090:8080 ig-image
-v configuration directory
-
The default configuration directory is
/var/ig/
. The following example sets the configuration directory to$HOME/.openig
:$ docker run -v $HOME/.openig:/var/ig/ ig-image
-user user
-
Run the image using the provided Forgerock user. The following example uses the Forgerock ID
11111
:$ docker run --user 11111 ig-image
it
-
Run the image in interactive mode:
$ docker run -it ig-image
sh
-
Run the image in sh shell:
$ docker run ig-image sh