As documented, ntopng runs on port 3001 but with an old certificate. Safari doesn't really like that.

It's possible to provide a certificate to ntopng (howto) so that browsers are happy.

In the case of ntopng-udm, we need to put a private key and certificate chain into /usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem. If using @kchristensen's https://github.com/kchristensen/udm-le to generate certs with LetsEncrypt, this information is available locally. Thus you can:

cd /mnt/data/ntopng
cat ../udm-le/lego/certificates/*.key ../udm-le/lego/certificates/*.crt > ntopng-cert.pem

And then create the container with:

podman run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data/ntopng/GeoIP.conf:/etc/GeoIP.conf \
   -v /mnt/data/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data/ntopng/redis.conf:/etc/redis/redis.conf \
   -v /mnt/data/ntopng/lib:/var/lib/ntopng \
   -v /mnt/data/ntopng/ntopng-cert.pem:/usr/share/ntopng/httpdocs/ssl/ntopng-cert.pem \
   docker.io/tusc/ntopng-udm:latest

Bonus points, it is necessary to update udm-le.sh to update ntopng-cert.pem. Ideally we'd build some sort of registry of things that need to get updated so that we can de-couple udm-le.sh from knowing specifically about ntopng but for now a quick hack this diff should work.

diff --git a/udm-le.sh b/udm-le.sh
index c4ca95d..85debe8 100755
--- a/udm-le.sh
+++ b/udm-le.sh
@@ -82,6 +82,7 @@ renew)
        ${PODMAN_CMD} ${LEGO_ARGS} renew --days 60 && deploy_cert
        if [ "${NEW_CERT}" = "yes" ]; then
                add_captive && unifi-os restart
+                cat ${UDM_LE_PATH}/lego/certificates/${CERT_NAME}.key ${UDM_LE_PATH}/lego/certificates/${CERT_NAME}.crt > /mnt/data/ntopng/ntopng-cert.pem && podman restart ntopng
        fi
        ;;
 bootrenew)

Thoughts? I can throw together a PR to update the docs if you want.

Hi,
Stable ntopng 5.0 was released (https://github.com/ntop/ntopng/releases/tag/5.0) some time ago and I wonder how to upgrade current version from this script (4.2) to the latest 5.0. I see that version is hardcoded in ntopng-udm/source/Dockerfile line 40.

After following the instructions and mapping volumes the container runs fine and I can log in and use ntopng. However, it saves almost no settings at all. Even the password resets so that after the container is restarted it is always reset to admin:admin.

Mapping the redis dir as in issue #9 does not seem to help. Still nothing is saved and every time the container restarts it is starting fresh.

Volumes and files are mapping, because the settings in mapped conf files are read (e.g., the GeoIP.conf and ntopng.conf). However, nothing changed in the web UI is ever saved.

Why is the podman container running with https by default? I don't have a certificate for 192.168.1.1 and so my browser gives me a warning that the site is using https but the certificate is invalid. Does ntopng really need to run with https, wouldn't http suffice as it's an internal service?

If https makes sense, then could you please update the readme as to how to make it work nicely out of the box?

Geolocation support is not enabled, please follow the instructions in the documentation to enable it.
https://github.com/ntop/ntopng/blob/dev/doc/README.geolocation.md

Not sure how much changes with the above steps.

Some people might already be running Redis, it would be great to be able to utilize existing Redis clusters.

I have setup a gmail smtp endpoint on pfsense ntopng no problem.

But with this docker setup I get this error:

Email send error: SSL peer certificate or SSH remote key was not OK.

any ideas how to debug?

podman pull tusc/ntopng-udm:latest

Trying to pull docker.io/tusc/ntopng-udm:latest...
Getting image source signatures
Copying blob 919fa42d3a05 skipped: already exists
Copying blob 29ade854e0dc skipped: already exists
Copying blob a0a5d74ac1bc skipped: already exists
Copying blob f52b7a278135 skipped: already exists
Copying blob c6bc2d0421f1 [--------------------------------------] 0.0b / 0.0b
Copying config da456e3aff done
Writing manifest to image destination
Storing signatures
da456e3aff0b2d6ba8094228dd712857d0ae0dca03b660bf87a7482d7e857906

mkdir -p /mnt/data/ntopng/redis

mkdir -p /mnt/data/ntopng/lib

touch /mnt/data/ntopng/GeoIP.conf

curl -Lo /mnt/data/ntopng/ntopng.conf https://github.com/tusc/ntopng-udm/blob/master/ntopng/ntopng.conf?raw

=true
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 130 100 130 0 0 742 0 --:--:-- --:--:-- --:--:-- 742
100 141 100 141 0 0 536 0 --:--:-- --:--:-- --:--:-- 536
100 3112 100 3112 0 0 7040 0 --:--:-- --:--:-- --:--:-- 7040

curl -Lo /mnt/data/ntopng/redis.conf https://github.com/tusc/ntopng-udm/blob/master/ntopng/redis.conf?raw=t

rue
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 129 100 129 0 0 712 0 --:--:-- --:--:-- --:--:-- 716
100 140 100 140 0 0 507 0 --:--:-- --:--:-- --:--:-- 507
100 46755 100 46755 0 0 98k 0 --:--:-- --:--:-- --:--:-- 98k

podman run -d --net=host --restart always \

--name ntopng
-v /mnt/data/ntopng/GeoIP.conf:/etc/GeoIP.conf
-v /mnt/data/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf
-v /mnt/data/ntopng/redis.conf:/etc/redis/redis.conf
-v /mnt/data/ntopng/lib:/var/lib/ntopng
docker.io/tusc/ntopng-udm:latest
WARN[0000] Failed to add conmon to cgroupfs sandbox cgroup: open /sys/fs/cgroup/libpod_parent/conmon/cpuset.cpus: open /sys/fs/cgroup/libpod_parent/conmon/cpuset.cpus.effective: no such file or directory
Error: OCI runtime error: container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: process_linux.go:508: setting cgroup config for procHooks process caused: bpf_prog_query(BPF_CGROUP_DEVICE) failed: function not implemented

thank you so much

Hi,

first of all, many thanks for your work, ntopng works like a charm on UDM pro!

How is it possible to update ntopng to a new version? I see in the Dockerfile you just copy the "200711" packages to /tmp and install them. Is it possible to simply replace the current "ntopng_4.1.200711-10754_arm64.deb" with a current one, e.g. "ntopng_4.2.201120-12281_amd64.deb" (from https://packages.ntop.org/apt-stable/buster/x64/) ?

Additionally: what's the "ntopng-data_4.1.200711_all.deb" package? Is this mandatory?

best
Daniel

When setting up a ping active monitor (plugins/active_monitoring_stats.lua), the ping operation fails. The following is in the log trace:

Ping.cpp:89] ERROR: Ping IPv6 socket creation error: Success
[Ping.cpp:83] ERROR: Ping IPv4 socket creation error: Operation not permitted
[Ping.cpp:67] ERROR: Unable to enable capabilities
[LuaEngineNtop.cpp.inc:1508] ERROR: Unable to create ping socket: are you root?

There doesn't seem to be any log trace for speedtest, it just publishes the alert: Speedtest execution failed

I set up this today, following the instructions in the README.

The README.md @0b67c64 offers this command to run the container:

podman run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data/ntopng/GeoIP.conf:/etc/GeoIP.conf \
   -v /mnt/data/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data/ntopng/redis.conf:/etc/redis/redis.conf \
   -v /mnt/data/ntopng/lib:/var/lib/ntopng \
   docker.io/tusc/ntopng-udm:latest

Shouldn't there also be a -v /mnt/data/ntopng/redis:/var/lib/redis argument?

Hi,
I'm really excited about the package you provided for my UDM pro. I am wondering how I can add a license of the PRO version of ntopng to the package. I tried by saving a ntopng.license file in different locations (/etc/ and /mnt/data/ntopng/), this should trigger the daemon to start in the PRO version but this doesn't work. I am using the instructions as I found here: https://www.ntop.org/guides/ntopng/adding_a_license/index.html
Is there a way to add my license key to the docker container (maybe with the -v option)?
Thanks

It seems that the -w is case sensitive. Your default one has -W and my UDM Pro wasn't happy

I've installed a 256G SSD in my UDM Pro and I've deployed this project on that drive.

Here's the command I use to start the container:

podman run -d --net=host --restart always \
   --name ntopng \
   -v /mnt/data_ext/ntopng/GeoIP.conf:/etc/GeoIP.conf \
   -v /mnt/data_ext/ntopng/ntopng.conf:/etc/ntopng/ntopng.conf \
   -v /mnt/data_ext/ntopng/redis.conf:/etc/redis/redis.conf \
   -v /mnt/data_ext/ntopng/lib:/var/lib/ntopng \
   docker.io/tusc/ntopng-udm:latest

@tusc I wanted to say thanks for the NTP docker build you did, but i think they locked that thread over at the unifi site.
couldn't figure out a way to msg you there. so just wanted to drop a note to say thanks for that, it was exactly what i was looking for!

This is a best practice and should ensure any data is not lost during firmware updates.

Hi, is this working of UniFi OS 3? Anyone have it running?

When I log into ntopng for the first time with admin/admin credentials I'm prompted to change the password. After entering a new password I click the "Change Password" button, but nothing happens, so now I'm stuck.

I have ntopng running with podman on my UDM-P as per the instructions in the readme, I've done no tweaking of it at all.

Hi,

will there be update to latest ntopng 5.2?

thx
Mike

Hi,

I have just installed ntopng-udm for the first time, configured my GeoIP account which is also successfully recognised.
I have also stopped and started the podman instance.

But I see nowhere flags showing up.
Where should I expect the flags or why does it not work, please?
thanks
Mike

I know ntopng can monitor wan traffic but if I edit the config to include the wan its never an option when I go back in. I've also just had it listen on all interfaces and WAN was still not an option. Am I missing something?

Hi

I have this error on my UDM SE

root@UDM-SE:/# podman pull tusc/ntopng-udm:latest
-bash: podman: command not found

It is a docker best practice to keep the image as minimal as possible. It would be great to build all these binaries and then copy them over to a fresh image. Here is a very simple example

https://github.com/boostchicken/udm-utilities/blob/master/nextdns/docker/Dockerfile

It would look like everything you have now, just in the 2nd part you only copy the files you need to have over from the builder image. That looks like redis server, nDPI, and the ntopng binaries.