Linux
How to install fylr on a Linux Server via docker compose
Requirements
A domain name (like fylr.example.com), but not just a subpath (like example.com/fylr).
A port (typically 443) to do https.
Either an HTTPS certificate. Or Port 443 or Port 80 for registering and renewing a certificate with letsencrypt. Or the decision to operate fylr with HTTP only (insecure for passwords etc.).
Hardware
16 GB of RAM to get going. Add memory if you need to answer more than a few simultaneous requests, or to generate more than a few preview images simultaneously.
Start with 4 CPU cores and then adjust to your use case.
amd64 Architecture, for this method.
- Storage
40 GB for container images. (default
/var/lib/docker
) Ca. 100 GB for temporary file systems of containers. (default/var/lib/docker
) Ca. two times the storage space of you assets. So if you want to manage 1 TB of assets with fylr, have another 1 TB for preview images. If you tend to have big assets, you might need much less, as the previews then are much smaller in comparison to your assets. Add fast storage for database and indices: 4% of what your assets need. So for 1 TB of assets have 40 GB. Most installations need a lot less than 4%. - Network Storage
At most, put assets, previews and database dumps on network storage. Do not put other data on network storage as features may collide (e.g. overlay file system by docker). If you use network storage then we recommend the NFS protocol. CIFS can also work, but we have seen performance problems on some Windows servers without remedy and even data corruption - thus we do not support CIFS/SMB. Also NFS on a Windows server has been observed to have poor performance compared to Linux servers.
Software
The below mentioned containers are linux containers, so you need a linux server or linux virtual machine.
fylr requires a running container engine. In this instructions, we use docker. So install docker according to its documentation: how to install docker.
We are regularly testing fylr with PostgreSQL 17. Customers with problems and PostgreSQL 14 (or even earlier versions) may be asked to upgrade PostgreSQL first.
The following commands assume a Debian or Ubuntu server and a bash shell.
Get docker compose to use our provided example. Apparmor is required for docker in newer Debian and Ubuntu Versions:
currently (2023-06), docker needs a restart before it is really up and running:
Memory setting needed for the indexer: (opensearch or elasticsearch)
Indexer developers strongly recommend to disable swap. If you do not want to disable it on the whole system, at least make sure that the index does not use swap. We recommend to disable swap globally.
Installation
Let us assume that you will install fylr in /srv/fylr
:
Create the following directories for the persistent data:
The download is done below, with docker compose
Configuration
We suggest that you use our example configuration as a starting point:
Edit config/fylr/fylr.yml
and replace strings with EXAMPLE
.
If unsure about wasting your quota with letsencrypt, start with useStagingCA: true
. A staging certificate will not be enough, though. Even some components of fylr will not trust each other. So do not use the frontend without a valid certificate (useStagingCA: false
).
Download
docker compose
Much of the setup is encapsulated in a yaml file for docker compose. Get it and use it like this:
(We still assume that you are in the /srv/fylr
directory.)
Ctrl
+ c
stops the display of new messages. We suggest you stop checking new messages when opensearch is done with its startup. Either when it quiets down or when you catch the message Cluster health status changed
[...] reason: [shards started
.
So now postgres and opensearch are running.
Download and start fylr:
docker compose up -d fylr; docker compose logs -f fylr
fylr outputs INF 🤓 FYLR started
[...] when it managed to start and the Web-Frontend is online. Again, Ctrl
+ c
stops the display of new messages.
We recommend to set restart: always
for fylr in docker-compose.yml
and restart fylr with:
Result
You can now surf to your fylr webfrontend.
Default login is root
with password admin
. Please replace with a secure password: Click on root
in the upper left corner.
automate SQL dumps and update installation
To have consistent and complete snapshots of your SQL data, we strongly recommend:
create a cron job like /etc/cron.d/fylr-sql-backup-and-update
:
With this setup you will find nightly sql dumps and pg_dump's log files in /srv/fylr/sqlbackups
.
Log files of the cron job will go to /var/log/fylr-maintain.log
.
You can change the maintain script's config in /etc/default/fylr
, using bash syntax.
Keep log messages
The most important step to not throw away log messages with each container re-creation is already done in the above downloaded docker-compose.yml
: it uses logging:
driver: journald
.
You additionally can configure journald to your use case.
As an example, we do:
and in local_limits.conf
:
Load the changes:
Aspects to consider if your logs need to be 100% reliable (usually overkill)
hardcoded maximum file size is capped to 4G in compact mode (which is enabled by default), source: https://www.freedesktop.org/software/systemd/man/journald.conf.html
this is using the default “blocking” mode
Troubleshooting
docker compose
needs to be executed in the directory with thedocker-compose.yml
.When docker cannot start containers with errors refering to
shim, OCI, apparmor
:apt-get install apparmor apparmor-utils; systemctl restart docker
When the indexer does not work, make sure you used
sysctl
as shown above.
Many messages can be safely ignored, see here.
Trouble with reachability, network, redirects:
If you set your firewall rules to Allow, does the problem (e.g.
400 Bad Request
) go away?Does your network use a private IP range that overlaps with docker networks?
Ubuntu may use
ufw
as Firewall, but there are problems in combination with docker. Consider to useshorewall
> 5.0.6 instead (https://shorewall.org/Docker.html).
Assets are not processed, previews are not generated:
Look into the URL path /inspect/files, so e.g. https://your-fylr-domain/inspect/files and look for status:
failed
anderror
. Click on the IDs and e.g.Show details
to search for error messages.
If the indexer plugin analysis-icu
is not installed you will get errors like:
Unable to create index "..." error="Unknown char_filter type [icu_normalizer]
More messages for debugging
Further reading
Last updated