Install Fleet
Table of Contents
Dependencies #
Install requirements from apt:
apt install redis nginx python3-certbot-nginx
MySQL #
Install #
Install MySQL Community Server via apt:
wget "https://dev.mysql.com/get/mysql-apt-config_0.8.33-1_all.deb"
dpkg -i "mysql-apt-config_0.8.33-1_all.deb"
apt update && apt install mysql-community-server
Configure #
Dont forget to change the password!
Setup a new database and user:
mysql
CREATE DATABASE fleet;
CREATE USER 'fleet'@'localhost' IDENTIFIED BY 'fleet';
GRANT ALL PRIVILEGES ON fleet.* TO 'fleet'@'localhost';
FLUSH PRIVILEGES; EXIT;
Redis #
Nothing to config on localhost.
Certbot #
certbot certonly --nginx -d fleetdm.example.com
The default key algorithm from version
2.0.0 is ECDSA. See here how to generate RSA key.Nginx #
nano /etc/nginx/siteas-available/fleetdm.example.com
Template for site config:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name fleetdm.example.com;
ssl_certificate /etc/letsencrypt/live/fleetdm.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/fleetdm.example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/fleetdm.example.com/fullchain.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 1.0.0.1;
resolver_timeout 5s;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy 'strict-origin' always;
add_header Strict-Transport-Security "max-age=63072000" always;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8080;
}
}
server {
listen 80;
listen [::]:80;
server_name fleetdm.example.com;
return 301 https://$host$request_uri;
}
ln -s /etc/nginx/siteas-available/fleetdm.example.com /etc/nginx/sites-enabled/
This is just the site config.
Check the
other configurations for nginx
User and Group #
Create the group first:
groupadd --system "fleet"
Create the fleet user:
useradd --system --gid="fleet" --create-home --home-dir="/var/lib/fleet" --shell="/usr/sbin/nologin" "fleet"
Binary #
Download the binary:
wget -O "fleet_linux.tar.gz" 'https://github.com/fleetdm/fleet/releases/download/fleet-v4.62.1/fleet_v4.62.1_linux.tar.gz'
Extract the archive:
tar -xvf fleet_linux.tar.gz
Install the binary:
install fleet_linux/fleet /usr/local/bin/
Remove the leftover files:
rm -r fleet_linux*
Config #
Create the directory:
install -o fleet -g fleet -d /etc/fleetdm
Dump the config:
sudo -u fleet fleet config_dump > /etc/fleetdm/config.yaml
systemd #
nano /etc/systemd/system/fleet.service
[Unit]
Description=Fleet
After=network.target
[Service]
User=fleet
Group=fleet
LimitNOFILE=8192
ExecStart=/usr/local/bin/fleet serve --config /etc/fleetdm/config.yaml
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
Prepare #
sudo -u fleet /usr/local/bin/fleet prepare db --config /etc/fleetdm/config.yaml
Start #
systemctl enable --now fleet