Customizing NetBeez Docker agent with a ENV file and docker compose

In this tutorial, we will discuss ways to customize the NetBeez Docker agent, more specifically, using a ENV file for setting environment variables, as well as other customizations using a docker compose file.

Step 1: Pull the NetBeez nb-agent Docker Image
First, pull the NetBeez nb-agent Docker image from Docker Hub using the following command:
docker pull netbeez/nb-agent:latest

Step 2: Utilizing the ENV file
When deploying the NetBeez Docker agent, the docker run command was used with passed in environment variables to tailor the container to your NetBeez server. For example, passing in -e "NB_SECRET_KEY=xxx" to have the agent configured to your server. In order to better protect the environment variables passed in to the container, you can set the variables in a .env file and pass in the file.
nano nb-env.env

Then, add the following content to your ENV file:

NB_SECRET_KEY=<secret key>

Step 3: Setting a custom root password
New with NetBeez Docker agent version 13.0.2, there is now support for setting a custom root password via an environment variable NB_ROOT_PASSWD. Taking the above example of a ENV file, you can now add a custom root password entry:

NB_SECRET_KEY=<secret key>

Step 4: Using the ENV file
There are two ways to deploy the Docker container with the ENV file. The first, passing in --env-file=/path/to/file.env to the docker run command. The second, setting the file in a docker compose file.

To better customize the NetBeez Docker agent, setting up a compose file will allow for more flexibility with deployment.

Step 5: Configuring compose file
The Docker compose file will allow for setting all configurations like the docker run command, but will also provide for additional customization.
nano nb-compose.yaml

Then, add the following content to your compose file:

version: "3"
    image: netbeez/nb-agent:latest
    container_name: nb-agent
      - /path/to/file.env
    restart: always
      - netbeez-config-vol:/etc/netbeez/persistence/:rw

Additionally, to limit access within the NetBeez Docker container, you can utilize cap_drop with docker compose. The NetBeez Docker agent requires low-level access, but some capabilities may be able to be dropped if desired. See Docker documentation and available capabilities for more. You can find more information about using the Docker compose file here.

Step 6: Start the agent
Run the following command to start the NetBeez Docker agent container:
docker compose -f nb-compose.yaml up -d

Additional Notes
In a previous community post detailing how to extend the netbeez/nb-agent image to install utilities, you can utilize the custom Docker image created from that tutorial to use with the Docker compose file. Instead of using image: netbeez/nb-agent:latest, you can use image:<your_image_name> with the image name of your custom image.

Using a ENV file to protect the environment variables custom to your deployment, along with using a Docker compose file, will allow for a more robust NetBeez Docker agent deployment. Additionally, building off of an extended NetBeez agent, and setting a custom root password gives you the tools to run the Docker container with your customizations.