Skip to main content

Docker Compose

Seer Box can be installed using Docker Compose and a YAML file to configure the necessary services.

Deployment notes

info

To start Seer Box instance you must agree to the terms of the End User License Agreement (EULA). In order to accept its terms, simply change the value of the environment variable SBX_ACCEPT_EULA within the sbx-engine service to YES.

info

If the deployment environment requires setting up an encrypted connection for the Seer Box web interface, please follow the instructions at the end of this page before proceeding.

Volumes

To ensure data persistence on Seer Box, you can use either a Docker volume or a bind mount. Not all containers require an independent volume; Seer Box Engine and Seer Box Reporter, for example, should share the same volume. Below are the containers that require a volume and their respective directories:

Seer Box Queue

Container directory: /var/lib/rabbitmq/mnesia

Seer Box Storage

Container directory: /var/lib/postgresql/data

Seer Box Engine & Reporter

Container directory: /opt/seer_box

The directory mounted as a volume on the path /opt/seer_box must be configured with the UID and GID set to 53380. This ensures that the access permissions are correct and that the containers can read and write data properly.

To configure the permissions, run the following command:

chown -R 53380:53380 /directory/to/seer_box_volume

YAML definition

You can use the following definition to start services:

docker-compose.yml
services:
  sbx-queue:
    image: docker.io/rabbitmq:3.13
    container_name: seer_box_queue
    hostname: seer_box_queue
    volumes:
      - /directory/to/seer_box_queue_volume:/var/lib/rabbitmq/mnesia:Z
      # Remove comment to modify RabbitMQ default configuration
      # - ./seer_box_queue.conf:/etc/rabbitmq/conf.d/30-seer_box_queue.conf:Z
    networks:
      - seer_box_network
    environment:
      - RABBITMQ_DEFAULT_USER=seer_box
      - RABBITMQ_DEFAULT_PASS=seer_box
    restart: unless-stopped
    healthcheck:
      test: rabbitmq-diagnostics -q ping
      interval: 5s
      timeout: 10s
      retries: 6

  sbx-storage:
    image: docker.io/postgres:15
    container_name: seer_box_storage
    volumes:
      - /directory/to/seer_box_storage_volume:/var/lib/postgresql/data:Z
    networks:
      - seer_box_network
    environment:
      - POSTGRES_USER=seer_box
      - POSTGRES_DB=seer_box
      - POSTGRES_PASSWORD=seer_box
    restart: unless-stopped
    healthcheck:
      test: [ "CMD-SHELL", "/usr/bin/pg_isready -U seer_box" ]
      interval: 5s
      timeout: 10s
      retries: 6

  sbx-engine:
    image: quay.io/pluribus_one/seer_box_engine:24.2.1
    container_name: seer_box_engine
    user: seer-box:seer-box
    volumes:
      - /directory/to/seer_box_volume:/opt/seer_box:z
      # Remove comments to user docker volumes
      # - seerbox_volume:/opt/seer_box/
    networks:
      - seer_box_network
    environment:
      - SBX_DATABASE_HOSTNAME=seer_box_storage
      - SBX_QUEUE_HOSTNAME=seer_box_queue
      - SBX_SERVER_WEB_URL_HOST=seer_box_engine
      - SBX_DATABASE_PASSWORD=seer_box
      - SBX_QUEUE_PASSWORD=seer_box
      - SBX_ACCEPT_EULA=NO
    ports:
      - 20050-20100:20050-20100/udp
      - 20050-20100:20050-20100/tcp
    restart: unless-stopped
    depends_on:
      sbx-queue:
        condition: service_healthy
      sbx-storage:
         condition: service_healthy

  sbx-reporter:
    image: quay.io/pluribus_one/seer_box_reporter:24.2.1
    container_name: seer_box_reporter
    user: seer-box:seer-box
    volumes:
      - /directory/to/seer_box_volume:/opt/seer_box:z
      # Remove comments to user docker volumes
      # - seer_box_volume:/opt/seer_box/
    networks:
      - seer_box_network
    environment:
      - SBX_DATABASE_HOSTNAME=seer_box_storage
      - SBX_QUEUE_HOSTNAME=seer_box_queue
      - SBX_QUEUE_PASSWORD=seer_box
      - SBX_DATABASE_PASSWORD=seer_box
    restart: unless-stopped
    depends_on:
      sbx-engine:
        condition: service_started
      sbx-storage:
         condition: service_healthy
    cap_add:
      - SYS_ADMIN

  sbx-gui:
    image: quay.io/pluribus_one/seer_box_gui:24.2.1
    container_name: seer_box_gui
    # Remove comments to enable SSL
    # volumes:
      # - ./default.conf.template:/etc/nginx/templates/default.conf.template:Z
      # - ./your-cert.crt:/etc/ssl/certs/seer-box.crt:Z
      # - ./your-cert-key.key:/etc/ssl/private/seer-box.key:Z
    networks:
      - seer_box_network
    environment:
      - SBX_API_HOST=seer_box_engine
      - SBX_DNS_RESOLVER=127.0.0.11
    ports:
      - 53380:80
    restart: unless-stopped
    depends_on:
      - sbx-engine

volumes:
  seer_box_queue_volume:
  seer_box_storage_volume:
  seer_box_volume:

networks:
  seer_box_network:

Startup

To start the application, simply run the following command from the directory where the docker-compose.yml file is located:

docker compose up -d

Once the services have finished starting up, it will be possible to access the system's web interface, available at:

http://<machine_ip>:53380/
info

It is recommended to expose the web interface behind reverse proxy with SSL enabled and, if possible, limit access to it only to authorized IP addresses. In any case, it is preferable not to expose such an interface on public address.

The default credentials for the administration user are:

  • Username: admin
  • Password: SeerBox_4dm1n
info

After the first login, it is recommended to change the default password.

License

Following login it will be possible to enter the License Key provided by Pluribus One for instance activation.

You can request a free license from the following link: https://license.seerbox.it

HTTPS Configuration

By default, Seer Box exposes its web interface over HTTP on port 80 of the seer_box_gui container.

To enable HTTPS, follow these steps:

  • Create the seer_box_gui.template file and insert the following configuration:
seer_box_gui.template
server {

    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    error_page   500 502 503 504  /50x.html;

    ssl_certificate /etc/ssl/certs/seer-box.crt;
    ssl_certificate_key /etc/ssl/private/seer-box.key;

    resolver ${SBX_DNS_RESOLVER} valid=${SBX_DNS_RESOLVER_VALIDITY};
    set $upstream_endpoint ${SBX_API_PROTOCOL}://${SBX_API_HOST}:${SBX_API_PORT};

    location = /50x.html {
        root   /usr/share/nginx/html;
    }

    location ${SBX_API_ENDPOINT} {
        rewrite ${SBX_API_ENDPOINT}(.*) /$1 break;
        proxy_pass                  $upstream_endpoint${SBX_API_ENDPOINT}$1$is_args$args;
        proxy_pass_request_headers  on;
        proxy_redirect              off;
    }

    location ${SBX_FEEDS_ENDPOINT} {
        rewrite ${SBX_FEEDS_ENDPOINT}(.*) /$1 break;
        proxy_pass                  $upstream_endpoint${SBX_FEEDS_ENDPOINT}$1$is_args$args;
        proxy_pass_request_headers  on;
        proxy_redirect              off;
    }

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
}
  • Generate an SSL certificate and key to be mounted inside the sbx-gui service. You can create a self-signed certificate using the openssl command-line tool:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ./seer-box.key -out ./seer-box.crt

  • Uncomment the volumes defined in the YAML file for the sbx-gui service, updating the certificate and key paths on the host machine if necessary.

  • Update the port forwarding in the sbx-gui service from 53380:80 to 53380:443.