This instruction shows how to install the HES server using docker containers on Linux. Examples of commands are given for CentOS 7 and Ubuntu (18.04, 20.04, 22.04) , other versions of the Linux was not tested.

First of all, you need to decide what URL will be for your future HES server. It can be something like hideez.yurcompany.com. Hereinafter, this name is indicated as <your_domain_name>. You can copy this instruction into any text editor and replace all instances of the <your_domain_name> with your name. After that, you can execute most of the commands just copying them from the editor.

You need to add your domain name to the DNS settings of your hosting provider.

1. Preparation (if not already done)

Install Docker

You can also always refer to the official installation documentation: https://docs.docker.com/engine/install

CentOS

$ sudo yum install -y yum-utils
$ sudo yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo
$ sudo yum install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
$ sudo systemctl start docker
$ sudo systemctl enable docker

in case of unsuccessful installation, on Centos, you may need to remove some packages

$ sudo yum remove podman buildah -y

and retry the installation

Ubuntu

$ sudo apt-get install -y  apt-transport-https  ca-certificates curl gnupg lsb-release
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
$ sudo echo \
  "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
$ sudo apt update
$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-compose-plugin -y

To verify installed docker version run the following command:

$ docker --version
Docker version 20.10.16, build aa7e414

and docker compose:

$ docker compose version
Docker Compose version v2.5.0

2. Іnstalling HES in the docker

Download templates

We have prepared an archive with a template for building containers

$ cd ~
$ curl -O https://update.hideez.com/hes/docker_latest.tar.gz

Extracting files and moving to the /opt directory and create folders for HES

$ tar -xvf docker_latest.tar.gz
$ sudo mv HES /opt/ 

Build docker image

$ cd /opt/HES/
$ sudo docker build . -t hes

During operation, HES uses an encryption certificate that will be generated in the /opt/hes/hes-site/x509stores directory Since the server will run under the "root" user inside the container, you need to change the owner of the certificate directory:

$ sudo chown root.root /opt/HES/hes-site/x509stores

Configure the HES

you can run the server:

$ cd /opt/HES
$ sudo docker compose up -d 

after downloading the images, you can run the server wizard:

sudo docker exec -it hes-site ./HES.Wizard

follow the setup tips and configure the server

after the wizard finishes, reload the containers:

sudo docker compose down
sudo docker compose up -d 

Configure the Docker for MySQL (Optional)

Open the /opt/HES/docker-compose.yml file for editing. In this file you need to modify several parameters:

MYSQL_DATABASE - put here the same name as database in appsettings.Production.json (e.g. "db").

MYSQL_USER - put here the same name as uid in appsettings.Production.json (e.g. "user").

MYSQL_PASSWORD - put here the same password as password in appsettings.Production.json

MYSQL_ROOT_PASSWORD - put here the password for mysql root account. (default is "password")

Configure the Docker for MS SQL (Optional)

Currently, HES can work with two databases: MySQL or MS SQL. By default, we use My SQL, but if you want to switch to MS SQL, you will need to perform a few additional steps, which will be described below

Skip this step, if you use a MySQL database

So, first you need to tweak the file /opt/HES/docker-compose.yml

We have prepared a template for the yml file to work with the MS SQL container. Just run the rename command:

$ sudo mv /opt/HES/docker-compose.mssql /opt/HES/docker-compose.yml

You need to find the text in this file

SA_PASSWORD: C00ll_Passwrd_here

and set your SA user password instead of 'C00ll_Passwrd_here'. We will later need this password to create a user and HES database

Start MS SQL container only:

$ sudo docker-compose up -d hes-mssql

Use the docker exec -it command to start an interactive bash shell inside your running container

$ sudo docker exec -it hes-mssql /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P "C00ll_Passwrd_here"

instead of "C00ll_Passwrd_here", enter your password here, which you specified in the /opt/HES/docker-compose.yml file

The following sections walk you through using sqlcmd and Transact-SQL to create a new database and user.

> CREATE LOGIN [user]  WITH PASSWORD = 'user_password';
> GO
> CREATE DATABASE db;
> GO
> USE db; 
> GO
> CREATE USER [user] from login [user];
> GO
> GRANT CONTROL ON DATABASE::db  TO [user];
> GO

Сhange <user_password> with your real password

You should remember the user password, it will come in handy later.

To exit from the Transact-SQL console, press Ctrl+C.

Now you need to tweak the file /opt/HEL/hes-site/appsettings.Production.json with wizard:

sudo docker exec -it hes-site ./HES.Wizard

Configure the Nginx (Optional)

Open the /opt/HES/nginx/nginx.conf file for editing. Uncoment and replace all instances of <your_domain_name> with your name.

Create a SSL Certificate

Here we providing instruction on how to get a self-signed certificate for SSL encryption. It can be used for test or demo purposes. For the production server, you need to acquire a certificate from a certificate authority. For a self-signed certificate, the browser will alert you that the site has security issues.

Run the following command and answer a few simple questions:

$ sudo openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /opt/HES/nginx/certs/hes.key -out /opt/HES/nginx/certs/hes.crt

The certificate will be generated and copied to the HES directory.

Run the Server

Finally, when config files updated and certificate ready you can run the server:

$ cd /opt/HES
$ sudo docker compose up -d 

after uploading the images, your server is ready to work

Check the status

You can check the status of the docker containers running the command:

$ sudo docker compose ps
 Name                 Command               State                                   Ports                                 
---------------------------------------------------------------------------------------------------------------------------
hes-mysql      docker-entrypoint.sh --def ...   Up      0.0.0.0:3306->3306/tcp,:::3306->3306/tcp, 33060/tcp                   
hes-nginx   /docker-entrypoint.sh ngin ...   Up      0.0.0.0:443->443/tcp,:::443->443/tcp, 0.0.0.0:80->80/tcp,:::80->80/tcp
hes-site    ./HES.Web                        Up      5000/tcp           

To make sure that everything is configured correctly, open the URL of your site in a browser (https://<your_domain_name>). You should see the server authorization page. Log in using the default login 'admin@server' and default password 'admin'.

In case you cannot log in to the HES, see log files located in '/opt/HES/hes-site/logs'