Docker

This instruction shows how to install the HES server using docker containers on Linux. Examples of commands are given for CentOS 7 and Ubuntu (18.04, 20.04, 22.04) , other versions of the Linux was not tested.
First of all, you need to decide what URL will be for your future HES server. It can be something like hideez.yurcompany.com. Hereinafter, this name is indicated as <your_domain_name>. You can copy this instruction into any text editor and replace all instances of the <your_domain_name> with your name. After that, you can execute most of the commands just copying them from the editor.
You need to add your domain name to the DNS settings of your hosting provider.
1. Preparation (if not already done)
Install Docker
You can also always refer to the official installation documentation: https://docs.docker.com/engine/install​
CentOS
$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
$ sudo systemctl start docker
$ sudo systemctl enable docker
in case of unsuccessful installation, on Centos, you may need to remove some packages
$ sudo yum remove podman buildah -y
and retry the installation
Ubuntu
$ sudo apt-get install -y  apt-transport-https  ca-certificates curl gnupg lsb-release
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$ sudo echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y
To verify installed docker version run the following command:
$ docker --version
Docker version 20.10.16, build aa7e414
and docker compose:
$ docker compose version
Docker Compose version v2.5.0
2. Іnstalling HES in the docker
Download templates
We have prepared an archive with a template for building containers
$ cd ~
$ curl -O https://update.hideez.com/hes/docker_latest.tar.gz
Extracting files and moving to the /opt directory and create folders for HES
$ tar -xvf docker_latest.tar.gz
$ sudo mv HES /opt/ 
Build docker image
$ cd /opt/HES/
$ sudo docker build . -t hes
During operation, HES uses an encryption certificate that will be generated in the /opt/hes/hes-site/x509stores directory Since the server will run under the "root" user inside the container, you need to change the owner of the certificate directory:
$ sudo chown root.root /opt/HES/hes-site/x509stores
Configure the HES
you can run the server:
$ cd /opt/HES
$ sudo docker compose up -d 
after downloading the images, you can run the server wizard:
sudo docker exec -it hes-site ./HES.Wizard
follow the setup tips and configure the server
WARNING! Names of server, database, username must be the same as the MySQL container name in the /opt/HES/docker-compose.yml
after the wizard finishes, reload the containers:
sudo docker compose down
sudo docker compose up -d 
Configure the Docker for MySQL (Optional)
Open the /opt/HES/docker-compose.yml file for editing. In this file you need to modify several parameters:
MYSQL_DATABASE - put here the same name as database in appsettings.Production.json (e.g. "db").
MYSQL_USER - put here the same name as uid in appsettings.Production.json (e.g. "user").
MYSQL_PASSWORD - put here the same password as password in appsettings.Production.json
MYSQL_ROOT_PASSWORD - put here the password for mysql root account. (default is "password")
Configure the Docker for MS SQL (Optional)
Currently, HES can work with two databases: MySQL or MS SQL. By default, we use My SQL, but if you want to switch to MS SQL, you will need to perform a few additional steps, which will be described below
Skip this step, if you use a MySQL database
So, first you need to tweak the file /opt/HES/docker-compose.yml
We have prepared a template for the yml file to work with the MS SQL container. Just run the rename command:
$ sudo mv /opt/HES/docker-compose.mssql /opt/HES/docker-compose.yml
You need to find the text in this file
SA_PASSWORD: C00ll_Passwrd_here
and set your SA user password instead of 'C00ll_Passwrd_here'. We will later need this password to create a user and HES database
Start MS SQL container only:
$ sudo docker-compose up -d hes-mssql
Use the docker exec -it command to start an interactive bash shell inside your running container
$ sudo docker exec -it hes-mssql /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "C00ll_Passwrd_here"
instead of "C00ll_Passwrd_here", enter your password here, which you specified in the /opt/HES/docker-compose.yml file
The following sections walk you through using sqlcmd and Transact-SQL to create a new database and user.
> CREATE LOGIN [user]  WITH PASSWORD = 'user_password';
> GO
> CREATE DATABASE db;
> GO
> USE db; 
> GO
> CREATE USER [user] from login [user];
> GO
> GRANT CONTROL ON DATABASE::db  TO [user];
> GO
Сhange <user_password> with your real password
You should remember the user password, it will come in handy later.
To exit from the Transact-SQL console, press Ctrl+C.
​
Now you need to tweak the file /opt/HEL/hes-site/appsettings.Production.json with wizard:
sudo docker exec -it hes-site ./HES.Wizard
Configure the Nginx (Optional)
Open the /opt/HES/nginx/nginx.conf file for editing. Uncoment and replace all instances of <your_domain_name> with your name.
Create a SSL Certificate
Here we providing instruction on how to get a self-signed certificate for SSL encryption. It can be used for test or demo purposes. For the production server, you need to acquire a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that the site has security issues.
Run the following command and answer a few simple questions:
$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /opt/HES/nginx/certs/hes.key -out /opt/HES/nginx/certs/hes.crt
The certificate will be generated and copied to the HES directory.
Run the Server
Finally, when config files updated and certificate ready you can run the server:
$ cd /opt/HES
$ sudo docker compose up -d 
after uploading the images, your server is ready to work
Check the status
You can check the status of the docker containers running the command:
$ sudo docker compose ps
 Name                 Command               State                                   Ports                                 
---------------------------------------------------------------------------------------------------------------------------
hes-mysql      docker-entrypoint.sh --def ...   Up      0.0.0.0:3306->3306/tcp,:::3306->3306/tcp, 33060/tcp                   
hes-nginx   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp
hes-site    ./HES.Web                        Up      5000/tcp           
To make sure that everything is configured correctly, open the URL of your site in a browser (https://<your_domain_name>). You should see the server authorization page. Log in using the default login '[email protected]' and default password 'admin'.
In case you cannot log in to the HES, see log files located in '/opt/HES/hes-site/logs'
​Here you can find an update guide for Docker.
By default, access to the new server:
login - [email protected]
password - admin

Linux

Structure of the appsettings.json file

Last modified 10d ago