Installing icom Router Management with Docker

Prev Next

Preface

This installation guide is based on Ubuntu 22.04 server. Commands may vary for other Linux distributions. A recent and systemd-based Linux is highly recommended.


Supported Version

This guide refers to the following versions:

Router management

2025.09.0

Autoupdate

2025.09.0


System Requirements

Application Server

Requirements

1 - 1.500 Routers

1.500 - 3.000 Routers

CPU

8 vCPUs

16 vCPUs

RAM

16 GB

32 GB

Storage

100 GB HDD


Optional: Dedicated Database Server for Larger Environments

  • Ubuntu 22.04 server (preferred)

  • 8 vCPUs

  • 16 GB RAM

  • 100 GB HDD


Prerequisites before Installation


Installation

Configure VM

Extract the archive to your desired location (we recommend using /opt/insys-irm). Make sure to own that directory to prevent permission issues.

sudo mkdir /opt/insys-irm
sudo tar -xzf insys-irm-2025_09_0.tar.gz -C /opt/insys-irm
sudo chown -R <USER>:<GROUP> /opt/insys-irm

Please note!

If you don’t have access to dockerhub or another docker registry hosting the official containers for traefik and (if using the internal database) postgres, icom Router Management will use the included containers.


Configure the instance

In the .env file you need to provide information for: - connecting to Database - hosts ip or FQDN - desired level of network security - custom ports (optional) - usage of an external database (optional)

Network Modes

There are 3 modes available for running the icom Router M network

Mode

Description

http

run the network services without encryption

https

run the network services with encryption

https-mtls

additionally secure the communication between icom Router Management and devices with mutual authentication

Please note!

When switching to https-mtls later, every device already connected previously, has to be added again or fitted with valid certificates!

http

No further configuration is required.

https

In addition to setting the network mode in .env, you need to place a valid server certificate and its key into the certs directory and name them cert.cert and cert.key.

https-mtls

You need to add certificates described in https and a custom certificate authority named client-ca.cert to the certs directory.


Startup application

To start the application execute ./start.sh and follow the instructions.


Configure the icom Router Management

To configure your application login into icom Router Management using the default accounts credentials.

Username: default
Password: secret

Please note!

Please change the password of the default account by navigating to Administration ⇒ My User Profile. Default credentials in production environments pose a security risk.

Navigate to the System Settings page and adapt the following values:

Key

Value

CONNECTION_PROFILE_HOSTNAME

IP-Address or FQDN of your server

DEVICECONTROL_SERVER_CERT

NONE

AUTOUPDATE_SERVER_CERT

NONE


https

For https also set:

Key

Value

INVENTORY_CONNECTION_PROFILE_PORT

8443

Navigate to Certificate Management ⇒ Certificates, upload your server certificate, select it and use it as server certificate via the Action button.

Such a server certificate can be aquired from e.g. Let’s Encrypt.


https-mtls

Navigate to Certificate Management ⇒ Certificate Authorities, upload your certificate authority, choose New certificate authority with key (Format: PKCS#12) and set a name and eventually the password. Now select its entry and Configure it as client CA via the Action button.

Please note!

When switching to https-mtls later, every device already connected previously, has to be added again or fitted with valid certificates!


Stopping and restarting

In the directory containing README.md execute: - ./start.sh to start the application - ./stop.sh to stop the application