Hideez Authentication Service (EN)
  • Hideez Authentication Service for Enterprises
    • Release notes
    • Key features of the Hideez Authentication Service in 5 minutes
  • Quick Start Guides
    • Hideez Authenticator Mobile app guide
    • Hideez Key guide
    • Passkey guide
    • FIDO Security Key guide
      • Activation FIDO key and setting PIN code
    • Quick Start Guide for subscriptions
      • Hideez Security Key
      • Hideez Authenticator App
      • Passkeys
    • Guide for Hideez Enterprise Server on Cloud
      • Passkeys
      • Mobile app
      • Hideez Key
  • Use cases
    • Hideez Authenticator Mobile App
      • Passwordless PC login
      • Password-based PC login
      • SSO login to Webservises (FIDO2) via mobile app
        • Using Hideez Authenticator as your passwordless authentication method for SSO
      • Using Hideez Authenticator as your two-factor authentication method for SSO
      • OTP generation by Hideez Authenticator App for 2FA
      • RDP login by Hideez Authenticator App
      • Remote PC lock
    • Hideez Key
      • Proximity Lock
      • Proximity Unlock
        • Unlock PC by Hideez Dongle Touch (Tap-and-Go)
      • Proximity settings (guide for admin)
      • Automatic RDP Launch and Logon
      • Password manager and OTP generator
      • OTP manager for two-factor authentication
    • FIDO Security Key
      • SSO login to Web Servises via Hardware Key (FIDO2)
      • Passwordless PC Login to Entra ID (Azure AD).
      • Using Hideez Key as U2F security key for your two-factor authentication
      • Other vendors' hardware keys
    • Passkey
      • SSO login to Web Services (FIDO2) via Passkey and Hideez Server as Identity Provider
    • Emergency blocking of all computers
    • Employee's account disabling
  • Hideez Enterprise Server
    • Hideez Enterprise Server
    • Glossary
    • Hideez Server Architecture
    • Deployment
      • Database installation
        • MySQL on Windows
        • MySQL on Linux
        • Microsoft SQL Server on Windows
        • Microsoft SQL Server on Linux
      • HES deployment
        • Windows
        • Linux
        • Docker
        • Deployment without Internet access
        • Troubleshooting
      • HES update
        • Windows
        • Linux
        • Docker
      • Publishing on-premises HES for remote users
    • Administration
      • How to change the password for an administrator account?
      • How to recover a forgotten admin password?
      • Adding an admin account
      • Deleting an admin account
      • How to enable two-factor authentication at the Hideez Enterprise Server?
      • Authorization on the HES server via a FIDO key
      • Platform authentication on the HES server
      • Connecting Linux server to Active Directory
      • Setting Hideez Server parameters
      • Configuring DNS server
      • Setting up a Proxy for Mobile App Access to HES
      • How to create and set Hideez Key Access Profiles
      • How to manage companies and departments?
      • How to manage Positions?
      • Enable load balancing
      • Data Protection
    • Dashboard
      • Information about the server
      • Information about employees
      • Information about devices
      • Workstations Information
    • Employees
      • How to add an Employee?
      • Employees management
      • Employee management with Active Directory
    • Workstations
      • How to add and approve Workstations?
      • Workstations management
      • Workstation Profiles
      • Use Proximity Unlock Workstations
    • Hardware Vaults
      • How to add Hideez Key into the Server
      • Assign a key to the user
      • Remove the key from the Employee
      • Set a profile for a Hardware Vault
      • How to see an RFID code on the Employee key?
    • Accounts
      • Creating personal employee accounts
      • Creating shared employee accounts
      • Personal account management
      • Shared account management
      • Accounts backup and restore
      • How to work with the account template?
    • Keys Management
      • Keys Statuses
      • Transition to Reserved status
      • Keys Activation mechanism
      • Cancel issuance of Hideez Key (Reserved -> Ready)
      • Transition to Suspended status
      • Transition to Locked status
      • Transition to Deactivated status
      • Transition to Compromised status
      • Removing the Locked status
      • Wipe procedure
      • Delete key from Hideez Server
    • Audit
      • Workstation events
      • Workstation Sessions
      • Summaries
    • Single Sign On settings
      • How to get employee licenses
      • Enabling Single Sign-On (SSO) for Employees
      • User settings
    • Configuring SAML Protocol
    • Configuration OIDC (OpenID Connect)
  • Hideez Server Integration
    • Microsoft Entra ID
      • Import and Sync Users from Entra ID
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
    • Active Directory (On-Premises)
      • Import and Sync Users from Active Directory (On-Premises)
        • Administrator-Initiated Manual Password Changes
        • User-Initiated Password Changes
        • Active Directory (On-Premises) Access and Rights Delegation
    • SAML integration
      • ASA AnyConnect VPN
      • Citrix services
      • Fortinet services
      • GitHub Enterprise
      • GitLab on premises
      • Google Workspace
      • Microsoft Exchange for Authentication via SAML
        • ADFS Installation
      • Okta
      • Oracle Business Intelligence Enterprise Edition (OBIEE)
        • Step 1: Configure the Identity Provider — Hideez Enterprise Server (HES)
        • Step 2: Configure the Service Provider — Oracle Access Manager (OAM)
        • Step 3: Register Oracle Access Manager (OAM) in Hideez Enterprise Server (HES)
        • Step 4: Configure Directory Services and Web Infrastructure
        • Step 5: Configure Oracle Business Intelligence Enterprise Edition (OBIEE) for Single Sign-On (SSO)
    • Open ID Connect integration
      • Hideez Server as an External Authentication Method for Microsoft Entra ID via OIDC
      • OKTA (OIdC)
    • WS-Federation integration
      • Configure Exchange Outlook Web Application and Exchange Admin Center
  • Hideez Client App
    • Hideez Client deployment
      • Installation of the Hideez Client Application
      • Deploying Hideez Client MSI via GPO (Group Policy Object)
      • Configuration app
      • Uninstall Hideez Client app
      • Uninstalling via GPO
      • Upgrade Hideez Client
      • Downgrade Hideez Client
    • Application interface
      • General Settings
      • Logon settings
      • Aditional settings
      • Configuring hotkeys
    • Account management
      • Account creation
      • Editing an Existing Account
      • Deleting your account
    • Shortcuts
    • Remote Vault connection
    • Mobile Authenticator
  • Hideez Authenticator App
    • Quick overview
    • Admin guide
      • Setup for PC login scenario
        • Passwordless PC Login Setup
          • Configuring an Active Directory Certification Authority
          • Hideez Enterprise Server setup for passwordless login
          • Setting Up Passwordless Workstation Login with Entra ID
        • Password-based PC login Setup
      • Setup for SSO login scenario
    • User guide
      • Mobile App Primary Setup
      • App enrollment on Hideez Server
        • Enroll the application on Hideez Server for SSO
          • SSO enrollment (admin account)
          • SSO enrollment (user account)
        • PC Authorization Enrollment
          • Enrollment for Passwordless PC Authorization
            • Passwordless account re-enrollment
          • Enrollment for Password-based PC Authorization
            • Account roaming
      • Login with Hideez Authenticator
        • SSO login
        • PC login
          • Offline passwordless login
          • Login to the remote PC via RDP
      • PC lock
      • OTP generation
      • Software key disabling
        • PC logon disabling
        • SSO logon disabling
      • Service operations
  • Hideez Key (Enterprise Edition)
    • Hideez Key (Enterprise Edition)
    • Technical Specifications
      • Technical specifications Hideez Key 3
      • Technical specifications Hideez Key 4
    • Principles of operation
    • Device Layout
    • Battery maintenance
    • Hideez Key modes
    • How to update the Hideez Key (Enterprise) firmware
    • How to enter credentials with the Hideez Key
    • How to unlock PC
    • Key for Physical doors
  • Product Updates
    • Product updates
    • Hideez Enterprise Server updates
    • Hideez Key firmware updates
    • Hideez Client updates
    • Hideez Authenticator updates
  • API
    • Hideez Enterprise Server web API
  • FAQ
    • How-to's
      • How to add an Employee?
      • How to add personal user account on HES?
      • How to assign Hideez Key to a user?
      • How to activate Hideez Key?
      • How to unlock Hideez Key on HES?
      • How to unlock PC with Hideez Key?
      • How to setup proximity PC unlock?
      • How to use Hideez Key on remote PC?
      • How to enroll the Hideez Authentication app on HES for SSO?
      • How to login on HES with Hideez Authenticator?
      • How to enroll the Hideez Authentication app for PC login?
      • How to login to PC with Hideez Authenticator?
      • Enable QR Code Display for Hideez Authenticator on the Lock Screen of a Windows Remote Workstation
    • Hideez Client App
      • What do I do if I see the message "Connection failed. Trying to re-bond device"?
      • What do I do if the connection with the HES server cannot be established?
      • What should I do if the Password Manager menu item is not displayed?
    • Hideez Enterprise Server
      • How to view logs at Hideez Enterprise Server?
    • Setting Up Gmail with HES
    • Hideez Authenticator
      • QR code is not displayed at the credential provider on my PC
      • I have registered successfully but cannot login
      • What do I do if I changed domain and cannot login now
      • Does the Hideez App collect or transmit data from the phone to third parties or services?
    • Hideez Key
      • What physical conditions are dangerous for the Hideez Key?
      • Is the Hideez Key allowed on planes?
      • How to enable FIDO2 passwordless authentication with Microsoft Azure AD for use with Windows 10-11
  • Documentation portal
Powered by GitBook
On this page
  • 1. Preparation (if not already done)
  • Install Docker
  • 2. Іnstalling HES in the docker
  • Download templates
  • Extracting files and moving to the /opt directory and create folders for HES
  • Build docker image
  • Check the status
  • Configure the Nginx (Optional)
  • Configure the Docker for MS SQL (Optional)

Was this helpful?

  1. Hideez Enterprise Server
  2. Deployment
  3. HES deployment

Docker

HES deployment - Docker

PreviousLinuxNextDeployment without Internet access

Last updated 7 months ago

Was this helpful?

This instruction shows how to install the HES server using docker containers on Linux. Examples of commands are given for CentOS Stream 9 and Ubuntu (20+), for other Linux versions, refer to the documentation on installing and running docker. The steps for running HES will not be different.

First of all, you need to decide what URL will be for your future HES server. It can be something like hideez.yurcompany.com. Hereinafter, this name is indicated as <your_domain_name>. You can copy this instruction into any text editor and replace all instances of the <your_domain_name> with your name. After that, you can execute most of the commands just copying them from the editor.

You need to add your domain name to the DNS settings of your hosting provider.

1. Preparation (if not already done)

Install Docker

You can also always refer to the official installation documentation:

CentOS

sudo yum install -y yum-utils
sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
sudo yum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
sudo systemctl start docker
sudo systemctl enable docker

in case of unsuccessful installation, on Centos, you may need to remove some packages

sudo yum remove runc podman buildah -y

and retry the installation

Ubuntu

# Add Docker's official GPG key:
sudo apt-get update 
sudo apt-get install ca-certificates curl gnupg -y
sudo install -m 0755 -d /etc/apt/keyrings 
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg

# Add the repository to Apt sources:
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update 
# Install docker
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

To verify installed docker version run the following command:

docker --version

# Docker version 27.3.1, build ce12230

and docker compose:

docker compose version

# Docker Compose version v2.29.7

2. Іnstalling HES in the docker

Download templates

We have prepared an archive with a template for building containers

cd ~
curl -O https://update.hideez.com/hes/docker_latest.tar.gz

Extracting files and moving to the /opt directory and create folders for HES

tar -xvf docker_latest.tar.gz
sudo mv HES /opt/

Build docker image

cd /opt/HES/
sudo docker build . -t hes

During operation, HES uses an encryption certificate that will be generated in the /opt/hes/hes-site/x509stores directory Since the server will run under the "root" user inside the container, you need to change the owner of the certificate directory:

sudo chown root:root /opt/HES/hes-site/x509stores

(optional) during the build, some space was used, then it can be cleared:

sudo docker builder prune --force

and load the containers:

sudo docker compose up -d

Check the status

You can check the status of the docker containers running the command:

sudo docker compose ps


NAME        IMAGE     COMMAND                  SERVICE     CREATED         STATUS                        PORTS
hes-mysql   mysql     "docker-entrypoint.s…"   hes-mysql   9 minutes ago   Up About a minute (healthy)   3306/tcp, 33060/tcp
hes-nginx   nginx     "/docker-entrypoint.…"   hes-nginx   9 minutes ago   Up About a minute             0.0.0.0:80->80/tcp, :::80->80/tcp, 0.0.0.0:443->443/tcp, :::443->443/tcp
hes-site    hes       "./HES.Web"              hes         9 minutes ago   Up About a minute             5000/tcp

To make sure that everything is configured correctly, open the URL of your site in a browser (https://<your_domain_name>). You should see the server authorization page. Log in using the default login 'admin@server' and default password 'admin'.

In case you cannot log in to the HES, see log files located in '/opt/HES/hes-site/logs'

Configure the Nginx (Optional)

Stop Server:

cd /opt/HES
sudo docker compose down

Open the /opt/HES/nginx/nginx.conf file for editing. Uncoment and replace all instances of <your_domain_name> with your name.

Finally, when config files updated, you can run the server:

cd /opt/HES
sudo docker compose up -d

Configure the Docker for MS SQL (Optional)

Currently, HES can work with two databases: MySQL or MS SQL. By default, we use My SQL, but if you want to switch to MS SQL, you will need to perform a few additional steps, which will be described below

Skip this step, if you use a MySQL database

Stop Server:

cd /opt/HES
sudo docker compose down

So, first you need to tweak the file /opt/HES/docker-compose.yml

We have prepared a templates to work with the MS SQL container. Just run next commands:

sudo cp /opt/HES/mssql/docker-compose.yml /opt/HES/docker-compose.yml
sudo cp /opt/HES/mssql/appsettings.Production.json /opt/HES/hes-site/appsettings.Production.json

You need to find the text in docker-compose.yml file

SA_PASSWORD: C00ll_Passwrd_here

and set your SA user password instead of 'C00ll_Passwrd_here'. We will later need this password to create a user and HES database

Start MS SQL container only:

sudo docker-compose up -d hes-mssql

Use the docker exec -it command for create a new database and user:

sudo docker exec -it hes-mssql /opt/mssql-tools18/bin/sqlcmd -S localhost -U SA -P "C00ll_Passwrd_here" -No  -i /root/create_database.sql

instead of "C00ll_Passwrd_here", enter your password here, which you specified in the /opt/HES/docker-compose.yml file

The above command will execute the "/opt/HES/mssql/create_database.sql" script, which you can view (and optionally modify). As a result, a user and a database will be created in the Ms Sql database. Please note that this user and database will be used by HES (in the file /opt/HES/hes-site/appsettings.Production.json)

after changing the settings, you can start the server:

cd /opt/HES
sudo docker compose up -d

you can find an update guide for Docker.

By default, access to the new server: login - password - admin

https://docs.docker.com/engine/install
Here
admin@server