This git repo is used as a starting point for running and configuring OpenC3 COSMOS for your specific project. It includes the necessary scripts to run OpenC3 COSMOS, but does not come with all the source code and relies on running released containers rather than building containers from source. This is the recommended starting place for any project who wants to use OpenC3 COSMOS, but not develop the core system.
- git clone https://github.com/openc3/cosmos-project.git cosmos-myprojectname
- Edit .env and change OPENC3_TAG to the specific version you would like to run (ie. OPENC3_TAG=5.3.0)
- This will allow you to upgrade versions when you choose rather than following latest
- Start OpenC3 COSMOS
- On Linux/Mac: ./openc3.sh run
- On Windows: openc3.bat run
- After approximately 2 minutes, open a web browser to http://localhost:2900
- If you run "docker ps", you can watch until the openc3-init container completes, at which point the system should be fully configured and ready to use.
- Edit .env and remove the OPENC3_DEMO line
- If you have already ran with the demo also uninstall the demo plugin from the Admin tool.
- Stop OpenC3
- On Linux/Mac: ./openc3.sh stop
- On Windows: openc3.bat stop
- Edit .env and change OPENC3_TAG to the specific version you would like to run (ie. OPENC3_TAG=5.0.8)
- Start OpenC3
- On Linux/Mac: ./openc3.sh run
- On Windows: openc3.bat run
NOTE: Downgrades are not necessarily supported. When upgrading COSMOS we need to upgrade databases and sometimes migrate internal data structures. While we perform a full regression test on every release, we recommend upgrading an individual machine with your specific plugins and do local testing before rolling out the upgrade to your production system.
- Edit .env and change:
- SECRET_KEY_BASE
- OPENC3_SERVICE_PASSWORD
- OPENC3_REDIS_PASSWORD
- OPENC3_BUCKET_PASSWORD
- OPENC3_SR_REDIS_PASSWORD
- OPENC3_SR_BUCKET_PASSWORD
- Edit ./openc3-redis/users.acl and change the password for each account. Note passwords for openc3/scriptrunner must match the REDIS passwords in the .env file:
- openc3
- admin
- scriptrunner
Passwords stored in ./openc3-redis/users.acl
use a sha256 hash.
To generate a new hash use the following method, and then copy / paste into users.acl
echo -n 'adminpassword' | openssl dgst -sha256
SHA2-256(stdin)= 749f09bade8aca755660eeb17792da880218d4fbdc4e25fbec279d7fe9f65d70
Important: Before exposing OpenC3 COSMOS to any network, even a local network, make sure you have changed all default credentials and secrets!!!
- Copy your public SSL certicate to ./openc3-traefik/cert.crt
- Copy your private SSL certicate to ./openc3-traefik/cert.key
- Edit compose.yaml
- Comment out this openc3-traefik line:
- "./openc3-traefik/traefik.yaml:/etc/traefik/traefik.yaml:z"
- Uncomment this openc3-traefik line:
- "./openc3-traefik/traefik-ssl.yaml:/etc/traefik/traefik.yaml"
- Uncomment this openc3-traefik line:
- "./openc3-traefik/cert.key:/etc/traefik/cert.key"
- Uncomment this openc3-traefik line:
- "./openc3-traefik/cert.crt:/etc/traefik/cert.crt"
- Comment out this openc3-traefik line:
- If you are able to run as the standard browser ports 80/443, edit compose.yaml:
- Comment out this openc3-traefik line:
- "127.0.0.1:2900:2900"
- Comment out this openc3-traefik line:
- "127.0.0.1:2943:2943"
- Uncomment out this openc3-traefik line:
- "80:2900"
- Uncomment out this openc3-traefik line:
- "443:2943"
- Comment out this openc3-traefik line:
- If not, edit compose.yaml:
- Remove 127.0.0.1 from this line:
- "127.0.0.1:2900:2900"
- Remove 127.0.0.1 from this line:
- "127.0.0.1:2943:2943"
- Remove 127.0.0.1 from this line:
- Edit ./openc3-traefik/traefik-ssl.yaml
- Update line 14 to the first port number in step 4 or 5: to: ":2943" # This should match port forwarding in your compose.yaml
- Update line 22 to your domain: - main: "mydomain.com" # Update with your domain
- Start OpenC3
- On Linux/Mac: ./openc3.sh run
- On Windows: openc3.bat run
- After approximately 2 minutes, open a web browser to
https://<Your IP Address>
(orhttps://<Your IP Address>:2943
if you can't use standard ports)- If you run "docker ps", you can watch until the openc3-init container completes, at which point the system should be fully configured and ready to use.
Warning: These directions only work when exposing OpenC3 to the internet. Make sure you understand the risks and have properly configured your server settings and firewall.
- Make sure that your DNS settings are mapping your domain name to your server
- Edit compose.yaml
- Comment out this openc3-traefik line:
- "./openc3-traefik/traefik.yaml:/etc/traefik/traefik.yaml:z"
- Uncomment this openc3-traefik line:
- "./openc3-traefik/traefik-letsencrypt.yaml:/etc/traefik/traefik.yaml"
- Comment out this openc3-traefik line:
- Edit compose.yaml:
- Comment out this openc3-traefik line:
- "127.0.0.1:2900:2900"
- Comment out this openc3-traefik line:
- "127.0.0.1:2943:2943"
- Uncomment out this openc3-traefik line:
- "80:2900"
- Uncomment out this openc3-traefik line:
- "443:2943"
- Comment out this openc3-traefik line:
- Start OpenC3
- On Linux/Mac: ./openc3.sh run
- On Windows: openc3.bat run
- After approximately a few minutes, open a web browser to
https://<Your Domain Name>
- If you run "docker ps", you can watch until the openc3-init container completes, at which point the system should be fully configured and ready to use.
Warning: This is not recommended except for temporary testing on a local network. This will send plain text passwords over the network!
- Edit compose.yaml
- Comment out this openc3-traefik line:
- "./openc3-traefik/traefik.yaml:/etc/traefik/traefik.yaml:z"
- Uncomment this openc3-traefik line:
- "./openc3-traefik/traefik-allow-http.yaml:/etc/traefik/traefik.yaml"
- Remove 127.0.0.1 from this line:
- "127.0.0.1:2900:2900"
- Comment out this openc3-traefik line:
- Start OpenC3
- On Linux/Mac: ./openc3.sh run
- On Windows: openc3.bat run
- After approximately 2 minutes, open a web browser to
https://<Your IP Address>:2900
- If you run "docker ps", you can watch until the openc3-cosmos-init container completes, at which point the system should be fully configured and ready to use.