Manual installation¶

For people who want to type every command themselves — for example because the server isn't allowed to run remote scripts.

All steps as root (or sudo).

1. Prerequisites¶

sudo apt update
sudo apt install -y curl openssl ca-certificates

2. Install Docker¶

curl -fsSL https://get.docker.com | sh
sudo systemctl enable --now docker

Verify:

docker --version && docker compose version

3. Create directory¶

sudo mkdir -p /opt/vesana
cd /opt/vesana

4. Download compose file and example env¶

sudo curl -sSL https://license.vesana.org/api/v1/install/compose      -o docker-compose.prod.yml
sudo curl -sSL https://license.vesana.org/api/v1/install/env-example  -o .env.example
sudo cp .env.example .env

5. Generate secrets¶

SECRET_KEY=$(openssl rand -hex 32)
FIELD_ENCRYPTION_KEY=$(openssl rand -base64 32 | tr '+/' '-_' | tr -d '=')
POSTGRES_PASSWORD=$(openssl rand -hex 16)
REDIS_PASSWORD=$(openssl rand -hex 16)

echo "FIELD_ENCRYPTION_KEY: $FIELD_ENCRYPTION_KEY"

Save FIELD_ENCRYPTION_KEY immediately

The key is shown exactly once. Lose it and encrypted fields stay unreadable forever. Copy to a password manager before you close the terminal.

6. Fill in .env¶

sudo sed -i "s|^BASE_URL=.*|BASE_URL=https://your-domain.tld|"                           .env
sudo sed -i "s|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${POSTGRES_PASSWORD}|"             .env
sudo sed -i "s|^REDIS_PASSWORD=.*|REDIS_PASSWORD=${REDIS_PASSWORD}|"                      .env
sudo sed -i "s|^SECRET_KEY=.*|SECRET_KEY=${SECRET_KEY}|"                                  .env
sudo sed -i "s|^FIELD_ENCRYPTION_KEY=.*|FIELD_ENCRYPTION_KEY=${FIELD_ENCRYPTION_KEY}|"    .env
sudo sed -i "s|^# REGISTRY_URL=.*|REGISTRY_URL=ghcr.io/lukas5001|"                        .env

Replace BASE_URL with your real URL (e.g. https://monitoring.example.com or https://192.168.1.50).

If you have a license key:

sudo sed -i "s|^# LICENSE_KEY=.*|LICENSE_KEY=YOUR-KEY|" .env

7. Create secret files¶

sudo mkdir -p secrets
echo "$POSTGRES_PASSWORD"    | sudo tee secrets/pg_password           > /dev/null
echo "$REDIS_PASSWORD"       | sudo tee secrets/redis_password        > /dev/null
echo "$SECRET_KEY"           | sudo tee secrets/secret_key            > /dev/null
echo "$FIELD_ENCRYPTION_KEY" | sudo tee secrets/field_encryption_key  > /dev/null
sudo chmod 600 secrets/*

8. Pull and start¶

sudo docker compose -f docker-compose.prod.yml pull
sudo docker compose -f docker-compose.prod.yml up -d

9. Check status¶

sudo docker compose -f docker-compose.prod.yml ps
sudo docker compose -f docker-compose.prod.yml logs -f api

When all containers are Up (healthy), continue with the setup wizard.

When a container won't start¶

docker compose -f docker-compose.prod.yml ps
docker compose -f docker-compose.prod.yml logs <service-name> --tail 100

Common causes: see troubleshooting.