Creating a Docker Relay

  1. Generate a relay token. Log into the Admin UI and select Gateways on the left navigation bar. Click on the add relay button in the upper right, and a box will pop up. You can rename the relay here, or do it later. Click on create and the relay token will appear onscreen.

    New Relay

    Copy the relay token and put it aside, being careful to capture every character. You will need it again in step five.

    Note: See sdm relay create if you want to generate a token via the CLI.

  2. If you have not already done so, install Docker

  3. Please note that the relay MUST be installed on an ‘always up’ machine, as it will form the connection to strongDM for all users accessing the database. You may repurpose a pre-existing machine (e.g. bastion host), or in AWS parlance, any general purpose instance with at least 2 CPU and 4 GBs memory (e.g. the M3 or M4s are a solid choice).

  4. Execute the docker command

    $ docker pull

  5. To activate your relay, type the following Docker command replacing XXX with the actual token you created:

    $ docker run --restart=always [--net=host] --name sdm-relay -e SDM_RELAY_TOKEN=XXX -d

    Note: The “net=host” option is only necessary if the destination database is known as “localhost” (running sdm-relay colocated with the DB), otherwise the Docker default will work fine. If the destination database is already in a container, we can provide a separate pattern for configuring Docker container linking

  6. Login to the Admin UI. In that section, the relay you created should appear Online, with a heartbeat.

    "Relay status in Admin UI"

    If any errors occur or if the relay does not report “online” status, please contact for assistance.