This guide walks you through a complete S4E On-Prem installation on a Linux server using the provided setup package.
Before You Start
Ensure you have:
- A server meeting the system requirements.
- The setup package received from your S4E account representative.
- The harbor.enc file (encrypted registry credentials) from your S4E representative.
- Your S4E API key from app.s4e.io (Settings > API Tokens).
sudoaccess on the target server.
Use nohup for stability
The installer restarts Docker during setup, which can briefly drop SSH connections. Run the installer with nohup so it continues in the background even if your session disconnects.
Step 1: Transfer the Setup Package
Copy the setup package and harbor.enc to the server:
On the server, extract and place in the standard location:
sudo mkdir -p /opt/s4e/setup
sudo tar -xzf /tmp/setup-package.tar.gz -C /opt/s4e/setup --strip-components=1
sudo cp /tmp/harbor.enc /opt/s4e/setup/harbor.enc
sudo chown -R $USER:$USER /opt/s4e
Step 2: Create Your Configuration File
sudo cp /opt/s4e/setup/setup.conf.example /opt/s4e/setup/setup.conf
sudo nano /opt/s4e/setup/setup.conf
Required Fields
| Field | Description | Example |
|---|---|---|
S4E_API_KEY |
Your API key from app.s4e.io > Settings > API Tokens | sk-abc123... |
S4E_BASE_DOMAIN |
Base domain for all subdomains (app, core, api, etc.) | s4e.example.com |
Hardware Thresholds
The installer checks hardware before proceeding. Adjust these if your environment differs:
Optional: SMTP Configuration
If you need outbound email notifications (alerts, reports), configure SMTP:
SMTP_HOST=smtp.company.com
SMTP_PORT=587
SMTP_USER=[email protected]
SMTP_PASSWORD=your_smtp_password
SMTP_USE_TLS=true
SMTP_USE_SSL=false
SMTP_VERIFY_SSL=true
SMTP_DEFAULT_FROM=[email protected]
SMTP_DEFAULT_FROM_NAME=S4E
Leave these empty if email is not required.
Optional: DNS and AI
# DNS server for worker containers (default: 8.8.8.8)
WORKER_DNS=8.8.8.8
# OpenAI key for AI Smart Assistant (optional)
OPENAI_API_KEY=sk-...
Never commit setup.conf
setup.conf contains your API key and credentials. It is excluded from version control by default. Keep it secure and do not share it.
Step 3: Run the Installer
If you have harbor.enc (recommended):
If you set Harbor credentials directly in setup.conf:
Monitor progress in real time:
The installer will:
- Preflight checks -- verify CPU, RAM, disk, and network connectivity.
- Install dependencies -- Docker, Docker Compose, Nginx (if not present).
- Generate secrets -- random passwords for all databases and services.
- Configure Nginx -- generate TLS certificates and subdomain configs.
- Pull Docker images -- download all service images from Harbor.
- Start containers -- bring up all services in dependency order.
- Run database migrations -- apply schema changes.
- Sync cloud data -- pull scan definitions and templates from S4E Cloud.
- Post-flight setup -- initialize Gitea, Portainer, create admin account, and verify services.
Installation typically takes 10-20 minutes depending on network speed.
A detailed log is also written to /opt/s4e/setup/setup.log with timestamps.
Reconnecting after disconnect
If your SSH session drops during installation, reconnect and run tail -f /tmp/s4e-setup.log to check progress. The installer continues in the background.
Step 4: Configure DNS or Hosts
At the end of installation, the script prints a block of host entries:
<SERVER_IP> cert.<domain>
<SERVER_IP> app.<domain>
<SERVER_IP> admin.<domain>
<SERVER_IP> api.<domain>
<SERVER_IP> core.<domain>
<SERVER_IP> sse.<domain>
<SERVER_IP> rmq.<domain>
<SERVER_IP> adminer.<domain>
<SERVER_IP> portainer.<domain>
<SERVER_IP> git.<domain>
Replace <SERVER_IP> with your server's actual IP address and <domain> with your S4E_BASE_DOMAIN.
For testing: Add these lines to /etc/hosts on each machine that needs access.
For production: Create DNS A records pointing each subdomain to the server's IP.
Step 5: Trust the TLS Certificate
The installer generates a self-signed CA certificate. Visit https://cert.<domain> and follow the on-screen instructions to download and install the certificate for your operating system.
Step 6: Access the Platform
| URL | Purpose | Authentication |
|---|---|---|
https://app.<domain> |
Main user interface | S4E account login |
https://admin.<domain> |
Admin panel | HTTP Basic Auth + S4E login |
https://api.<domain> |
Public API | API Token |
https://core.<domain> |
Core API (internal) | Session cookie |
https://sse.<domain> |
Real-time events (SSE) | Session cookie |
https://adminer.<domain> |
Database UI | HTTP Basic Auth |
https://portainer.<domain> |
Container management | Portainer admin account |
https://rmq.<domain> |
RabbitMQ management | HTTP Basic Auth |
https://git.<domain> |
Gitea (config tracking) | HTTP Basic Auth |
Default credentials
- HTTP Basic Auth (adminer, rmq, git): username
admin, password fromHTTP_AUTH_PASSWORDin.env(default:S4Esecret_1234!). - S4E login: the email/password from your S4E Cloud account (provisioned during post-flight).
- Portainer: username
admin, password fromPORTAINER_ADMIN_PASSWORDin.env. - All generated passwords are stored in
/opt/s4e/setup/.env.
Step 7: Verify the Installation
Check that all containers are running:
All services should show Up or Up (healthy). If any are unhealthy, check their logs:
docker compose --env-file .env logs core --tail 50
docker compose --env-file .env logs base --tail 50
Test the core API:
Useful Commands
All commands run from /opt/s4e/setup:
| Action | Command |
|---|---|
| Start all services | docker compose --env-file .env up -d |
| Stop all services | docker compose --env-file .env down |
| View logs | docker compose --env-file .env logs -f --tail=100 core |
| Pull latest images | docker compose --env-file .env pull |
| Update a single service | docker compose --env-file .env up -d --pull always core |
| Force recreate after .env change | docker compose --env-file .env up -d --force-recreate |
| Check setup log | cat /opt/s4e/setup/setup.log |
Uninstalling
To stop all services and remove containers:
Next Steps
- Environment variables -- customize service behavior.
- Monitoring & Logs -- monitor your installation.
- Troubleshooting -- resolve common installation issues.