Docker Compose
Seer Box can be installed using Docker Compose and a YAML file to configure the necessary services.
Deployment notes
To start Seer Box instance you must agree to the terms of the End User License Agreement (EULA). In order to accept its terms, simply change the value of the environment variable SBX_ACCEPT_EULA
within the sbx-engine
service to YES
.
If the deployment environment requires setting up an encrypted connection for the Seer Box web interface, please follow the instructions at the end of this page before proceeding.
Volumes
To ensure data persistence on Seer Box, you can use either a Docker volume or a bind mount. Not all containers require an independent volume; Seer Box Engine and Seer Box Reporter, for example, should share the same volume. Below are the containers that require a volume and their respective directories:
Seer Box Queue
Container directory: /var/lib/rabbitmq/mnesia
Seer Box Storage
Container directory: /var/lib/postgresql/data
Seer Box Engine & Reporter
Container directory: /opt/seer_box
The directory mounted as a volume on the path /opt/seer_box
must be configured with the UID and GID set to 53380
.
This ensures that the access permissions are correct and that the containers can read and write data properly.
To configure the permissions, run the following command:
chown -R 53380:53380 /directory/to/seer_box_volume
YAML definition
You can use the following definition to start services:
services:
sbx-queue:
image: docker.io/rabbitmq:3.13
container_name: seer_box_queue
hostname: seer_box_queue
volumes:
- /directory/to/seer_box_queue_volume:/var/lib/rabbitmq/mnesia:Z
# Remove comment to modify RabbitMQ default configuration
# - ./seer_box_queue.conf:/etc/rabbitmq/conf.d/30-seer_box_queue.conf:Z
networks:
- seer_box_network
environment:
- RABBITMQ_DEFAULT_USER=seer_box
- RABBITMQ_DEFAULT_PASS=seer_box
restart: unless-stopped
healthcheck:
test: rabbitmq-diagnostics -q ping
interval: 5s
timeout: 10s
retries: 6
sbx-storage:
image: docker.io/postgres:15
container_name: seer_box_storage
volumes:
- /directory/to/seer_box_storage_volume:/var/lib/postgresql/data:Z
networks:
- seer_box_network
environment:
- POSTGRES_USER=seer_box
- POSTGRES_DB=seer_box
- POSTGRES_PASSWORD=seer_box
restart: unless-stopped
healthcheck:
test: [ "CMD-SHELL", "/usr/bin/pg_isready -U seer_box" ]
interval: 5s
timeout: 10s
retries: 6
sbx-engine:
image: quay.io/pluribus_one/seer_box_engine:24.3
container_name: seer_box_engine
user: seer-box:seer-box
volumes:
- /directory/to/seer_box_volume:/opt/seer_box:z
# Remove comments to user docker volumes
# - seerbox_volume:/opt/seer_box/
networks:
- seer_box_network
environment:
- SBX_DATABASE_HOSTNAME=seer_box_storage
- SBX_QUEUE_HOSTNAME=seer_box_queue
- SBX_SERVER_WEB_URL_HOST=seer_box_engine
- SBX_DATABASE_PASSWORD=seer_box
- SBX_QUEUE_PASSWORD=seer_box
- SBX_ACCEPT_EULA=NO
ports:
- 20050-20100:20050-20100/udp
- 20050-20100:20050-20100/tcp
restart: unless-stopped
depends_on:
sbx-queue:
condition: service_healthy
sbx-storage:
condition: service_healthy
sbx-reporter:
image: quay.io/pluribus_one/seer_box_reporter:24.3
container_name: seer_box_reporter
user: seer-box:seer-box
volumes:
- /directory/to/seer_box_volume:/opt/seer_box:z
# Remove comments to user docker volumes
# - seer_box_volume:/opt/seer_box/
networks:
- seer_box_network
environment:
- SBX_DATABASE_HOSTNAME=seer_box_storage
- SBX_QUEUE_HOSTNAME=seer_box_queue
- SBX_QUEUE_PASSWORD=seer_box
- SBX_DATABASE_PASSWORD=seer_box
restart: unless-stopped
depends_on:
sbx-engine:
condition: service_started
sbx-storage:
condition: service_healthy
cap_add:
- SYS_ADMIN
sbx-gui:
image: quay.io/pluribus_one/seer_box_gui:24.3
container_name: seer_box_gui
# Remove comments to enable SSL
# volumes:
# - ./default.conf.template:/etc/nginx/templates/default.conf.template:Z
# - ./your-cert.crt:/etc/ssl/certs/seer-box.crt:Z
# - ./your-cert-key.key:/etc/ssl/private/seer-box.key:Z
networks:
- seer_box_network
environment:
- SBX_API_HOST=seer_box_engine
- SBX_DNS_RESOLVER=127.0.0.11
ports:
- 53380:80
restart: unless-stopped
depends_on:
- sbx-engine
volumes:
seer_box_queue_volume:
seer_box_storage_volume:
seer_box_volume:
networks:
seer_box_network:
Startup
To start the application, simply run the following command from the directory where the docker-compose.yml
file is located:
docker compose up -d
Once the services have finished starting up, it will be possible to access the system's web interface, available at:
http://<machine_ip>:53380/
It is recommended to expose the web interface behind reverse proxy with SSL enabled and, if possible, limit access to it only to authorized IP addresses. In any case, it is preferable not to expose such an interface on public address.
The default credentials for the administration user are:
- Username:
admin
- Password:
SeerBox_4dm1n
After the first login, it is recommended to change the default password.
License
Following login it will be possible to enter the License Key provided by Pluribus One for instance activation.
You can request a free license from the following link: https://license.seerbox.it
HTTPS Configuration
By default, Seer Box exposes its web interface over HTTP on port 80
of the seer_box_gui container.
To enable HTTPS, follow these steps:
- Create the
seer_box_gui.template
file and insert the following configuration:
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
error_page 500 502 503 504 /50x.html;
ssl_certificate /etc/ssl/certs/seer-box.crt;
ssl_certificate_key /etc/ssl/private/seer-box.key;
resolver ${SBX_DNS_RESOLVER} valid=${SBX_DNS_RESOLVER_VALIDITY};
set $upstream_endpoint ${SBX_API_PROTOCOL}://${SBX_API_HOST}:${SBX_API_PORT};
location = /50x.html {
root /usr/share/nginx/html;
}
location ${SBX_API_ENDPOINT} {
rewrite ${SBX_API_ENDPOINT}(.*) /$1 break;
proxy_pass $upstream_endpoint${SBX_API_ENDPOINT}$1$is_args$args;
proxy_pass_request_headers on;
proxy_redirect off;
}
location ${SBX_FEEDS_ENDPOINT} {
rewrite ${SBX_FEEDS_ENDPOINT}(.*) /$1 break;
proxy_pass $upstream_endpoint${SBX_FEEDS_ENDPOINT}$1$is_args$args;
proxy_pass_request_headers on;
proxy_redirect off;
}
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
}
- Generate an SSL certificate and key to be mounted inside the
sbx-gui
service. You can create a self-signed certificate using theopenssl
command-line tool:
openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ./seer-box.key -out ./seer-box.crt
-
Uncomment the volumes defined in the YAML file for the
sbx-gui
service, updating the certificate and key paths on the host machine if necessary. -
Update the port forwarding in the
sbx-gui
service from53380:80
to53380:443
.