Building Munki with Docker

Munki is an incredible tool for Mac software deployment, and the setup process is fairly straightfoward – configure a web server, create your repo, run the tools to populate it with software, and configure clients.

It’s the “configure a web server” aspect that may give some pause, as setting up and configuring Apache or Nginx has a bit of a learning curve, and many OS X admins may not necessarily have access to or control over network infrastructure or server infrastructure to do this easily, especially in education.

Docker simplifies this process quite a bit, because you can create a simple webserver with only a few commands that will give you exactly what you need to start serving Munki content – and you can easily transport this Docker webserver from host to host, as it’s designed to be portable and self-contained.

In this example, we’ll use my fork of the Macadmins/munki Docker image to build.

Start by cloning the repo:
git clone

The Dockerfile

Now, let’s take a look at the Dockerfile:

FROM nginx
RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
VOLUME /munki_repo

Let’s look at this line by line:
FROM nginx
This means that we’re using the official Nginx Docker image. It’s done all the hard work for us – it has Nginx already installed. All we need to do is add our pieces.

RUN mkdir -p /munki_repo
RUN mkdir -p /etc/nginx/sites-enabled/
RUN just runs a command – and in this case, we’re just creating two sets of directories. We’ll use /munki_repo to serve the actual Munki repo itself, and we’ll be adding configuration data into /etc/nginx/sites-enabled/.

ADD nginx.conf /etc/nginx/nginx.conf
ADD munki-repo.conf /etc/nginx/sites-enabled/
ADD copies files into the Docker image. We provided these two .conf files ahead of time, as they’re going to tell Nginx how to serve our content.

Let’s look at nginx.conf:

worker_processes 1;
http {
    include /etc/nginx/sites-enabled/*;
events {
  worker_connections 768;

This is a fairly straightforward configuration file that just tells Nginx to also include any configuration files stored in /etc/nginx/sites-enabled, which we created earlier with the RUN command.

Look at munki-repo.conf:

server {
  listen 80;
  server_name munki;
  location /repo/ {
    alias /munki_repo/;
    autoindex off;

This configuration file tells Nginx to listen on port 80, the default web port. In addition, the server_name expects to be “munki”. We’re using the location /repo/, which means that content will be served from http://munki/repo (which is the default location that Munki expects), but that /repo/ is actually an alias to the path /munki_repo – which we created earlier in a RUN command with mkdir. Lastly, we’re turning off folder indexing, so visitors can’t list the contents of our directories.

VOLUME /munki_repo
This uses a Docker technique to “expose” as volume. More details about Docker volumes can be found here and here. The short explanation, without going into too much detail, is that this volume /munki_repo can be linked to other Docker containers, and the data inside can be accessed easily.

The EXPOSE directive opens a port to the outside world. It means that this container will serve content on port 80, and thus can be accessed by its container ID, IP address, or DNS name at port 80 – the default web port. Since this is a web server, using port 80 is logical.

Building the Image

Now we can build this image. First navigate into the directory with the Dockerfile on your host:
cd docker-munki

Run the build command. Feel free to change the name to anything you want:
docker build -t "nmcspadden/munki" .

When it completes the build, you’ll have a new image called “nmcspadden/munki”. Use docker images to see it – you’ll see that it’s marked with the tag “latest” to indicate that it’s the most up to date version.

Running the image is covered in the next post.

3 thoughts on “Building Munki with Docker

  1. Hi Nick! Running the build command (docker build -t “nmcspadden/munki”) does nothing except show me usage of docker: Usage: docker build [OPTIONS] PATH | URL | etc

    I have cloned the repo and cd’d into the docker-munki folder. Are there any other steps I need to take?


      • Thanks Nick, good call, I was missing the dot! I did see it, but I figured it was there for punctuation, DUH!
        Great blog, thanks for sharing!


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s