Skip to main content

Server Installation (Community Edition)

The Sielum server runs as a Docker Compose stack: nginx, backend (Go binary), dashboard (React SPA), and PostgreSQL/TimescaleDB.

Prerequisites

RequirementVersionNotes
Docker≥ 24.0docker --version
Docker Compose≥ 2.20docker compose version
1 CPU coreMinimum
1 GB RAMMinimum for Community Edition
Ports open80, 443, 9090HTTP, HTTPS, gRPC

Step 1 — Clone the repository

git clone <your-repo-url> sielum
cd sielum

Step 2 — Generate TLS certificates

For development, use the included script to generate a local CA plus server and agent certificates:

bash deploy/certs/gen-dev-certs.sh

This creates in deploy/certs/:

  • ca.crt / ca.key — Certificate Authority (keep ca.key secret!)
  • server.crt / server.key — Server certificate (SAN: DNS:localhost,IP:127.0.0.1)
  • agent.crt / agent.key — Default agent certificate for dev/testing
Production

For production, replace these with certificates from your enterprise CA or Let's Encrypt. The server cert needs SANs matching your public hostname.

Step 3 — Create the environment file

cp deploy/.env.community.example deploy/.env.community

Edit deploy/.env.community and set at minimum:

# Database password — generate with: openssl rand -base64 32
DB_PASSWORD=<strong-random-password>

# Built-in admin user password (min 12 chars)
ADMIN_PASSWORD=<strong-random-password>

# HMAC secret for signing JWTs — generate with: openssl rand -base64 48
JWT_SECRET=<random-secret>

# Enrollment token for agent certificate enrollment
ENROLLMENT_TOKEN=<random-token>

See Server Configuration → for a complete reference of all environment variables.

Step 4 — Build and start the stack

cd deploy
docker compose -f docker-compose.community.yml --env-file .env.community up -d

The first start takes 1–2 minutes (image build + database initialization).

Verify all services are running

docker compose -f docker-compose.community.yml ps

Expected output:

NAME                STATUS
edr-nginx           running
edr-backend         running
edr-dashboard       running
edr-postgres        running

Check server health

curl http://localhost/health
# {"status":"ok","time":"..."}

Step 5 — First login

Open http://localhost in your browser and log in with:

  • Username: admin
  • Password: the ADMIN_PASSWORD you set in .env.community

Troubleshooting

nginx returns 502

The backend might still be starting:

docker compose -f docker-compose.community.yml logs edr-backend --tail=20

Look for {"level":"INFO","msg":"server listening"}.

Port 9090 already in use

Check which process is using it:

ss -tlnp | grep 9090

Then change GRPC_PORT in .env.community and update nginx.conf accordingly.