Skip to content

Self-Hosted Installation

Introduction

Because Nanitor believes in making things easy for their customers, including meeting them where they are, we offer both a cloud-hosted solution, where we take care of everything, and a self-hosted option where the customer has full ownership and control.

For a pro/con analysis on cloud vs. self-hosted as well for the process to move to the cloud later, check out Migrating from a self-hosted to a cloud-hosted solution - Nanitor Knowledgebase

One of the main advantages of self-hosting your Nanitor instance is complete control over your instance, including where your data is processed, etc. However, this also comes with complete responsibility for the server running your instance, the operating system on it, and the network connection of your instance, especially when it comes to sizing your server and performance-tuning it. We will of course help you out as much as we can but there are a lot of limits to what we can do with self-hosted instances, and ultimately the responsibility is yours.

All the Nanitor-hosted instances are run on a Debian 12 server, on top of an image we get directly from the Debian Org. This is therefore the only setup we have any experience with and thus these instructions are based on that. Our product should work on any Debian-based or Red Hat-based flavors of Linux. We have performed limited testing on both Ubuntu, Alma and Red Hat Linux and they all seem fine. If you have any issues using your favorite flavor of Linux please submit a support ticket and we will do our best to help you out.

High level, the installation consists of the following:

  • Install prerequisites nginx, libpcre3 and curl
  • Install PostgreSQL 15 Server with client and utilities
  • Setting PostgreSQL access permissions to trust local connections
  • Tune PostgreSQL Server configuration for optimal performance. We recommend using PGTune to calculate the best settings for your site. [Optional]
  • Download and run the installation script.

See the next section for detailed instructions to accomplish these steps as they apply to the Debian 12, Ubuntu, Alma or Red Hat operating system. If you are an experienced sysadmin you should be able to translate these to your flavor of Linux using the above goals as guidelines, otherwise, we suggest you reconsider going with a Nanitor-hosted solution.

We recommend using PGTune to calculate the best settings for your site and make the necessary adjustments to your postgresql.conf file. However, this is optional if you are happy with the performance of the system. The settings we implement work well for a large number of setups.

Prerequisites

The only prerequisites that are not explicitly taken care of in the installation instructions below (but are kind of implied) is that the system you are using needs to be able to reach an update package repository (for apt update, upgrade, and installs), as well as reach nanitor.io for file downloads and hub.nanitor.com for signature updates.

There are no partition requirements and the sizing of your server will depend on the size of your environment. Here are a couple of sample sizes to guide your decision.

Server Size 150 Assets

2 vCPU

8 GB RAM

80 GB Disk

Server Size for 15K Assets

12 vCPU

32 GB RAM

250 GB Disk

Installation

These instructions assume you already have a fresh Linux server setup ready to go. These directions were written for the Debian 12 operating system and have only been tested on Debian 12. If you have something else you may need to make some adjustments, to make it work for your operating system, particularly when it comes to paths, package names, and package manager (apt vs yum).

Log into your new Linux server using a sudo capable account and execute the following command.

The last line is the actual server installation and it prompts you for three things.

  • Organization name: What do you want your instance to be called? While there is no limit it is advisable to choose something short. If your organization has a common acronym or a short nickname that might be a good choice here. Note that all symbols and special characters will be stripped out and spaces replaced with a dash. Also, all characters will be lowercase only.
  • Hub Username: Get this from your Nanitor Contact
  • Hub Password: Get this from your Nanitor Contact

Important: Before you run that installation line figure out what your internal FQDN for the installation will be and replace demo.nanitor.local with your actual FQDN

sudo apt install -y postgresql postgresql-contrib nginx curl libpcre3
sudo curl -o /etc/postgresql/15/main/pg_hba.conf https://nanitor.io/files/postgresql/pg_hba.conf
sudo systemctl restart postgresql
sudo curl -o /tmp/nanitor-server-ctl https://nanitor.io/files/scripts/nanitor-server-ctl
sudo chmod 755 /tmp/nanitor-server-ctl

sudo /tmp/nanitor-server-ctl server_install --nanitor_hostname demo.nanitor.local

# For performance reasons we recommend turning off selinux.
# This will make it disabled on next reboot.
# If you want to use SeLinux you are at your own risk
# and will need to do the tuning yourself.

# Edit /etc/selinux/config and set SELINUX=disabled

# Run this to enforce this is disabled right now.

# Gain root, so we do not need to prefix all commands with sudo.
sudo bash

setenforce 0

dnf -y install glibc-all-langpacks
localectl set-locale LANG=en_US.utf8

dnf -y install postgresql postgresql-server postgresql-contrib curl nginx dmidecode

# Ensure the locale is en_US.utf8 as that is what Nanitor expects.
PGSETUP_INITDB_OPTIONS="--locale en_US.utf8" /usr/bin/postgresql-setup --initdb
curl -o /var/lib/pgsql/data/pg_hba.conf https://nanitor.io/files/postgresql/pg_hba.conf

systemctl enable postgresql
systemctl start postgresql

# Let Nanitor know to use the rhel9 packages.
echo "rhel9" > /etc/nanitor_variant
curl -o /tmp/nanitor-server-ctl https://nanitor.io/files/scripts/nanitor-server-ctl
chmod 755 /tmp/nanitor-server-ctl

/tmp/nanitor-server-ctl server_install --nanitor_hostname demo.nanitor.local

Post Installation

Log in

Log into the system with the credentials displayed at the end of the setup process, and change the password to something very strong as this is the super admin account with access to everything. We recommend a 25-character string, mix case, special characters, and numbers. Then add TOTP MFA to this super admin account.

Set up email relay

The next step in your setup is to set up your email relay configuration. This is required so that your instance can send emails such as new user invitations, alerting, etc. Here is how you do that. (First, make sure you are still logged in as the super admin)

Start by clicking on the admin menu in the upper right corner

Admin Menu

Then click on the System Management Settings on the right-hand side, make sure you distinguish between Organization Management Settings in the center and the System Management Settings on the right.

Admin Menu Full

Then fill out the information for the highlighted fields

System Settings

Once you filled in the right information, you can put your email address in the "Test e-mail" field, and click "Send test e-mail" to test if the new configuration is working correctly.

Add users

Once you have configured your email settings, and tested that it works right, then start inviting users to the system. For instructions on how to add users to your installation check out How do I create a new user in my organization? - Nanitor Knowledgebase