Docker compose

Gluesync is shipped as a set of Docker images that can be easily deployed using Docker Compose. The deployment includes all necessary components: the core hub, agents, a reverse proxy (Traefik), and monitoring tools (Grafana, Prometheus, and Portainer).

Looking to get started quickly? Get a Gluesync trial and receive a pre-configured docker-compose.yaml template with all the necessary files straight to your mailbox.

Pre-flight checks

To ensure a smooth experience in running Gluesync docker containers within docker-compose, please walk through the following checklist to ensure your environment is ready.

  • The environment can host the Gluesync platform as per the recommended specification;

  • Docker or Podman is installed on your system (if not, follow our Docker installation guide or Podman installation guide);

  • The environment can reach the Internet, with particular requirements for the MOLO17 container registry at https://registry.hub.docker.com and sub-paths;

  • The environment can reach both source and destination databases on the relevant ports/protocols;

  • You have already read the Gluesync architecture chapter to understand how Gluesync works and how it is composed;

Getting started

The Gluesync docker-compose.yaml file is structured to provide a complete, production-ready deployment with monitoring and management tools. This guide explains how each component works and how to customize the deployment for your specific needs.

Quick start

Once you have Docker and Docker Compose installed, starting Gluesync is simple:

# Navigate to the directory containing your docker-compose.yml
cd gluesync-trial-kit

# Pull the latest images and start all services
docker compose up -d

After starting, you can access:

Components overview

A complete Gluesync deployment includes:

Core components:

  • Core hub - Central management and orchestration

  • Source agents - Connect to source databases

  • Target agents - Connect to target databases

Infrastructure and modules:

  • Traefik reverse proxy - Routes HTTPS traffic and provides TLS termination

  • Chronos - Task scheduling and automation module

  • Conductor - Container orchestration and management module

Monitoring tools:

  • Prometheus - Metrics collection and storage

  • Grafana - Visualization dashboards

  • Portainer - Docker container management UI

To run multiple pipelines, add more source and target agents to your deployment.

Required files

The Gluesync trial kit includes all necessary files pre-configured. For custom deployments, you need:

Essential files:

  • License file (gs-license.dat) - Valid license for all Gluesync components

  • Bootstrap file (bootstrap-core-hub.json) - Secret for encrypting communications between components

Shared configuration folder:

  • TLS certificates (gluesync-cert.pem, gluesync-key.pem) - For HTTPS communication

  • Java keystore (gluesync.com.jks) - Contains SSL/TLS certificates

  • Security config (security-config.json) - Keystore configuration

  • Logging config (logback.xml) - Logging framework configuration

Need a license? Get a trial license through our online form or contact our sales team.

Bootstrap file

The bootstrap file contains the shared secret used to encrypt communications between the core hub and all connected components.

{
  "apiTokenSecret": "gs-trial"
}

For trial purposes, "gs-trial" is sufficient. For production deployments with Enterprise Edition features, replace this with a strong, unique secret.

Core components

Core hub

The core hub is the central orchestration component that manages all agents, pipelines, and data synchronization tasks. It provides the web UI and API for managing your Gluesync deployment.

gluesync-core-hub:
  restart: "unless-stopped"
  container_name: gluesync-core-hub
  image: molo17/gluesync-core-hub:2.0.0-dp1
  # deploy:
  #   resources:
  #     limits:
  #       cpus: "3.0"
  #       memory: 3.0G
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.corehub.entrypoints=websecure"
    - "traefik.http.routers.corehub.rule=PathPrefix(`/`)"
    - "traefik.http.routers.corehub.tls=true"
    - "traefik.http.services.corehub.loadbalancer.server.port=1717"
    - "traefik.http.services.corehub.loadbalancer.server.scheme=https"
    - "traefik.http.routers.corehub.service=corehub"
    - "traefik.http.services.corehub.loadbalancer.passhostheader=true"
    - "com.molo17.conductor.type=core-hub"
  environment:
    - SSL_ENABLED=true
    - LOG_CONFIG_FILE=/opt/gluesync/shared/logback.xml
    # - GRAFANA_REMOTE_ADDRESS=https://localhost/grafana/d/fecxnzptcq8zkd/core-hub-metrics
  volumes:
    - ./bootstrap-core-hub.json:/opt/gluesync/data/bootstrap-core-hub.json
    - ./logs/core-hub:/opt/gluesync/logs
    - ./shared:/opt/gluesync/shared
    - ./data/core-hub:/opt/gluesync/data

Key configuration points:

  • Traefik labels: Enable reverse proxy integration - Traefik handles routing, eliminating the need for direct port forwarding

  • SSL_ENABLED=true: Enables secure HTTPS communication

  • Shared volume: The ./shared folder contains common configuration files (TLS certificates, keystores, logging config) accessible to all components

  • Data persistence: Application data is stored in ./data/core-hub

  • Logs: Container logs are written to ./logs/core-hub

  • Conductor label: Identifies this container as the core hub for the Conductor module

Volume mappings:

  • bootstrap-core-hub.json: Contains the shared secret for component authentication

  • shared folder: Contains TLS certificates, keystores, and logging configuration

  • data folder: Stores the core hub’s database and persistent data

  • logs folder: Stores application logs

Source agents

Source agents connect to source databases and capture changes (CDC - Change Data Capture) or perform bulk data extraction. Agents are added as needed based on your source database types.

Configuration notes:

  • TYPE=source: Identifies the agent as a source

  • SSL_ENABLED=true: Enables secure communication with the core hub

  • Shared folder: Contains all necessary certificates and configuration files

  • TZ variable: Optional timezone configuration (defaults to UTC)

  • extra_hosts: Enables connection to databases running on the Docker host

Agents are not included in the base docker-compose template by default. Add them based on your specific database sources following our adding agents guide.

Target agents

Target agents connect to destination databases and write synchronized data. Like source agents, they are added as needed based on your target database types.

Configuration notes:

  • TYPE=target: Identifies the agent as a target

  • TAG variable: Optional identifier for distinguishing multiple instances of the same agent type

  • SSL_ENABLED=true: Enables secure communication with the core hub

  • Shared folder: Contains all necessary certificates and configuration files

Target agents are also added separately based on your specific destination databases. See our adding agents guide for detailed instructions.

Infrastructure and modules

Chronos module

Chronos is the scheduling and automation module that enables time-based task execution within Gluesync. It’s accessible through the web UI at the /chronos path.

gluesync-chronos:
  restart: "unless-stopped"
  image: molo17/gluesync-chronos:latest
  container_name: gluesync-chronos
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.chronos.rule=PathPrefix(`/chronos/`) || PathPrefix(`/api/`) || PathPrefix(`/chronos/api/`)"
    - "traefik.http.routers.chronos.entrypoints=websecure"
    - "traefik.http.routers.chronos.tls=true"
    - "traefik.http.services.chronos.loadbalancer.server.port=1717"
    - "traefik.http.services.chronos.loadbalancer.server.scheme=https"
    - "traefik.http.routers.chronos.middlewares=chronos@docker"
    - "traefik.http.routers.chronos.service=chronos"
    - "traefik.http.middlewares.chronos.replacepathregex.regex=^/chronos/api/(.*)"
    - "traefik.http.middlewares.chronos.replacepathregex.replacement=/api/$$1"
    - "traefik.http.services.chronos.loadbalancer.passhostheader=true"
    - "com.molo17.conductor.type=module"
  environment:
    - SSL_ENABLED=true
    - SSL_SKIP_VERIFY=true
    - TIMEZONE=UTC # optionally hardcode timezone value in IANA format (e.g. Europe/Rome)
  volumes:
    - ./shared:/opt/gluesync/data:ro
    - ./shared/gluesync.com.jks:/opt/gluesync/shared/gluesync.com.jks:ro
    - ./data/chronos:/app/data
    - ./logs/chronos:/app/logs
  depends_on:
    gluesync-core-hub:
      condition: service_started

Key features:

  • Schedule periodic database synchronization tasks

  • Set up data maintenance operations

  • Configure automated health checks

  • Define complex scheduling patterns with cron-like syntax

  • Access via https://localhost/chronos

Configuration notes:

  • TIMEZONE: Set to your preferred timezone (IANA format)

  • Path rewriting: Traefik middleware handles URL path transformation

  • depends_on: Ensures core hub starts before Chronos

Conductor module

Conductor is the container orchestration module that provides lifecycle management for agents directly from the Gluesync UI. It enables starting, stopping, and managing agents without manual docker-compose commands.

gluesync-conductor:
  restart: unless-stopped
  image: molo17/gluesync-conductor:latest
  container_name: gluesync-conductor
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.conductor.rule=PathPrefix(`/conductor/api/`)"
    - "traefik.http.routers.conductor.entrypoints=websecure"
    - "traefik.http.routers.conductor.tls=true"
    - "traefik.http.services.conductor.loadbalancer.server.port=1717"
    - "traefik.http.services.conductor.loadbalancer.server.scheme=https"
    - "traefik.http.routers.conductor.middlewares=conductor@docker"
    - "traefik.http.routers.conductor.service=conductor"
    - "traefik.http.middlewares.conductor.replacepathregex.regex=^/conductor/api/(.*)"
    - "traefik.http.middlewares.conductor.replacepathregex.replacement=/$$1"
    - "traefik.http.services.conductor.loadbalancer.passhostheader=true"
    - "com.molo17.conductor.type=module"
  environment:
    - BASE_PATH=$PWD
    - SSL_ENABLED=true
    - SSL_SKIP_VERIFY=true
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - ./docker-compose.yml:/opt/gluesync-conductor/docker-compose.yml
    - ./shared/:/opt/gluesync/data:ro
    - ./logs/conductor:/opt/gluesync-conductor/logs
  depends_on:
    gluesync-core-hub:
      condition: service_started

Key features:

  • Start/stop agents from the web UI

  • View agent status and logs

  • Automatic agent lifecycle management

  • Integration with Docker socket for container control

Security note: Conductor requires access to the Docker socket (/var/run/docker.sock) to manage containers.

For migrating existing deployments to include Conductor, see our migration guide.

Traefik reverse proxy

Traefik is the reverse proxy that provides HTTPS routing, TLS termination, and path-based routing for all Gluesync services.

reverse-proxy:
  restart: "unless-stopped"
  container_name: reverse-proxy
  image: traefik:v3.3
  ports:
    - "80:80"
    - "443:443"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    - ./proxy/traefik.yml:/etc/traefik/traefik.yml:ro
    - ./proxy/certs.yml:/etc/traefik/certs.yml:ro
    - ./shared/gluesync-cert.pem:/etc/traefik/gluesync-cert.pem:ro
    - ./shared/gluesync-key.pem:/etc/traefik/gluesync-key.pem:ro

Key benefits:

  • HTTPS support: TLS termination with provided certificates

  • Path-based routing: Routes requests to core hub, Chronos, Grafana, Prometheus

  • Dynamic configuration: Automatically discovers services through Docker labels

  • Single entry point: All services accessible through ports 80 (HTTP) and 443 (HTTPS)

Configuration files:

  • proxy/traefik.yml: Main Traefik configuration

  • proxy/certs.yml: TLS certificate configuration

  • shared/gluesync-cert.pem and shared/gluesync-key.pem: SSL certificates

For advanced Traefik configuration, visit the official Traefik documentation.

Monitoring tools

Prometheus

Prometheus collects and stores metrics from all Gluesync components, providing a time-series database for monitoring.

prometheus:
  restart: "unless-stopped"
  container_name: prometheus
  image: prom/prometheus
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.prometheus.entrypoints=websecure"
    - "traefik.http.routers.prometheus.rule=PathPrefix(`/prometheus`)"
    - "traefik.http.routers.prometheus.tls=true"
    - "traefik.http.services.prometheus.loadbalancer.server.port=9090"
    - "traefik.http.routers.prometheus.service=prometheus"
  volumes:
    - ./prometheus/prometheus.yml:/etc/prometheus/prometheus.yml:ro
    # - ./data/prometheus:/prometheus  # Uncomment for data persistence
  command:
    - "--config.file=/etc/prometheus/prometheus.yml"
    - "--storage.tsdb.retention.size=5GB"
    - "--storage.tsdb.retention.time=5d"
    - "--web.external-url=/prometheus/"
    - "--web.route-prefix=/prometheus"
  depends_on:
    gluesync-core-hub:
      condition: service_started

Access: https://localhost/prometheus

Configuration notes:

  • Data retention: 5 days or 5GB (configurable)

  • Scrapes metrics from core hub and agents

  • Path prefix configured for Traefik routing

Grafana

Grafana provides visualization dashboards for metrics collected by Prometheus.

grafana:
  # Grafana default credentials: admin | password
  restart: "unless-stopped"
  container_name: grafana
  image: grafana/grafana
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.grafana.entrypoints=websecure"
    - "traefik.http.routers.grafana.rule=PathPrefix(`/grafana`)"
    - "traefik.http.routers.grafana.tls=true"
    - "traefik.http.services.grafana.loadbalancer.server.port=3000"
    - "traefik.http.routers.grafana.service=grafana"
  environment:
    - GF_SECURITY_ADMIN_USER=admin
    - GF_SECURITY_ADMIN_PASSWORD=password
    - GF_SERVER_ROOT_URL=%(protocol)s://%(domain)s/grafana/
    - GF_SERVER_SERVE_FROM_SUB_PATH=true
  volumes:
    - ./grafana:/etc/grafana/provisioning
    # - ./data/grafana:/var/lib/grafana  # Uncomment for data persistence
  depends_on:
    prometheus:
      condition: service_started

Access: https://localhost/grafana Default credentials: admin / password

Pre-configured dashboards:

  • Core hub metrics and performance

  • Agent status and throughput

  • System resource usage

Portainer

Portainer provides a web-based UI for managing Docker containers, images, and networks.

portainer:
  # Portainer default credentials: admin | passwordpassword
  image: portainer/portainer-ce:latest
  restart: unless-stopped
  container_name: portainer
  ports:
    - "9443:9443"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock
    # - ./data/portainer:/data  # Uncomment for data persistence
  command:
    [
      "--admin-password",
      "$$2y$$05$$wxahdaIgY6yjxyPjvSqyr.NeLhCOY/pWLXSJykVsfUGaRXnjq3etK",
    ]

Access: https://localhost:9443 Default credentials: admin / passwordpassword

Key features:

  • View and manage all Docker containers

  • Access container logs and stats

  • Execute commands in containers

  • Manage images, volumes, and networks

Adding agents

For detailed instructions on adding source and target agents to your deployment, see our dedicated guide:

Follow our adding agents guide for step-by-step instructions on configuring multiple source and target agents.

Configuration topics

Image tags and versioning

You can browse our public Docker Hub repo to find the most recent image tag for each of our images.

Resource limits and provisioning

Resource limits control how much CPU and memory each container can use. This is essential for production deployments to prevent resource contention.

By default, these values are commented out in the template, allowing Docker to manage resources automatically. This is suitable for trials and POCs but not recommended for production.

This two settings can be adjusted per each container by following this example:

gluesync-xyz:
  image: molo17/gluesync-zxy:version.tag
  # ... other params ...
  deploy:
      resources:
      # set container limits (CPU cores & RAM)
      limits:
          cpus: "2.0"
          memory: 2.0G
      # set container reservations (CPU cores & RAM)
      reservations:
          cpus: "1.0"
          memory: 0.5G
  # ... other params ...

Limits: use limits to limit the maximim number of resources (CPU cores & RAM) your container should use. Reservations: reserve and assign certain amount of resources (CPU cores & RAM) to your container to use when needed, else will be shared with others.

You are free to mix and play with both ranges.
Do not over provision limits. Keep in mind that if 4 cores are available at hosts level, limiting one container to 4 will involve going out of cores for the others in case of peak requests.

Sizing

Don’t know how much you should provision for your environment? Our professional services team is available to perform a proper sizing exercise by filling our sizing questionnaire.

We reccoment considering a proper sizing of your environment in order not to experience unexpected behaviours especially under certain peak loads.

Changing timezone

By default the container runs under the UTC time zone, used for standard time reference. You’ll then see console logs being served in UTC by default and that might be required to be changed to ease the tasks of troubleshooting and log ingestion.

To change the default time zone reference you can use this snippet, to be placed within each service:

gluesync-xyz:
  image: molo17/gluesync-zxy:version.tag
  # ... other params ...
  environment:
    - TZ: "Etc/UTC"
  # ... other params ...

For your convenience you can pick up the proper time zone by looking at the list available at the following link: time zones list.

Time zone can so be changed by specifying a different value insted of the Etc/UTC present in the given example, like America/Detroit.

Data persistence

Data persistence ensures that your configuration and data survive container restarts. The trial kit template includes persistence by default to protect your data.

Without persistent volumes, running docker compose down would remove all container data.

To enable/disable persistency you can comment out the few lines from our template docker-compose.yaml file or add the following like in the given example below:

gluesync-xyz:
  image: molo17/gluesync-xyz:version.tag
  # ... other params ...
  volumes:
  # ... other params ...
    - ./gluesync-xyz:/opt/gluesync/data
  # ... other params ...

As you can see from the above example, a phyisical volume is mapped to the folder where the actual application data is located. By removing this line entry the volumes belonging to this container will be mamaged by the Docker engine as ephimeral.

Networking

Docker networking enables containers to communicate with each other and with databases running on the host machine.

Port forwarding

To allow a specific container port to be forwarded like you do with your own physical/software firewall you can use this snippet for your container instances requiring this:

gluesync-xyz:
  image: molo17/gluesync-xyz:version.tag
  # ... other params ...
  ports:
    - 1717:1717
  # ... other params ...

Port can be mapped one by one or in range, the first param is the exposed external port while the param to the right is the actual internal port exposed by the container which you cannot change.

In this case we’re exposing externally the port 1717 otherwise filtered by firewall rules and only reachable within the same Docker network (available so only between the containers making part of the same Docker network).

Host networking

Sometimes you have to connect Gluesync to a locally running database within your Host’s environment and not directly linked to the same Docker network.

There are two ways you can actually achieve to connect a Gluesync agent with a service (database, streaming service, …​) running locally on the same host that is hosting the Docker engine:

Using host.docker.internal as a DNS name

Using host.docker.internal as a DNS name, this substitute the localhost DNS name so requests you would have done by pointing to localhost will then instead resolved to the host hosting the Docker environment, where your services are actually running: localhost would have instead, with all the reasons, resolved DNS queries within the container;

Every download kit comes with a pre-configured host.docker.internal entry in the docker-compose.yaml file. If you’ve downloaded Gluesync from our website you likely don’t have to do anything. 
gluesync-xyz:
  image: molo17/gluesync-xyz:version.tag
  # ... other params ...
  extra_hosts:
      - "host.docker.internal:host-gateway"
  # ... other params ...

After having done that you can use host.docker.internal as a DNS name within the Gluesync agent’s setup wizard to directly point to the host which is hosting both your local DB and Gluesync, what you intended would have been localhost.

Using network_mode: host

Using network_mode: host will bridge the container’s network adapter with the host’s one the result is so as having the container running locally on the same network as your host machine.

gluesync-xyz:
  image: molo17/gluesync-xyz:version.tag
  # ... other params ...
  network_mode: host
  # ... other params ...

Which approach to use?

We recommend the first approach (host.docker.internal) as it’s simpler and more secure for local testing. The second approach (network_mode: host) is useful when you need components to communicate across different physical hosts.

Running the deployment

Once you have configured your docker-compose.yml file, start all services with:

$ docker compose pull && docker compose up -d

Managing logs

Collecting and exporting logs is essential for troubleshooting and support.

The Gluesync kit includes scripts to automatically collect and package logs:

Linux/macOS
chmod +x ./collect-logs.sh && ./collect-logs.sh
Windows (PowerShell)
./collect-logs.ps1
this script is located within each gluesync-docker folder.

Manual log export

Alternatively, export logs manually:

docker compose logs > logs.txt

This exports the full set of logs belonging to the Docker Compose deployment into a single file logs.txt that you can zip and upload to our support channel.

Custom container registry

If your environment cannot access Docker Hub, you can use a custom container registry.

Contact our support team at support@molo17.com to arrange access tokens for mirroring Gluesync images to your private registry.

Next steps

Now that your Gluesync deployment is running:

For additional help, consult our comprehensive documentation or contact support.