Falcon Suite Server - Installation
|
Before installing, make sure you have:
|
Starting Falcon Server - Using Docker
-
Run the following command
-
Replace
FALCON_SERVER_VERSIONwith the latest version of the software. Latest version can be here. For example, if the latest version is v1.2.1, replaceFALCON_SERVER_VERSIONwith1.2.1 -
Replace
USERNAME,PASSWORD,HOST,PORT,DB_NAMEwith appropriate Database credentials and DB nameSHELL> docker run -e DATABASE_URL=postgres://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<DB_NAME> -p80:80 public.ecr.aws/h0h7r7j4/falcon-suite:<FALCON_SERVER_VERSION> -
If there is any other process running on port 80, change the -p80:80 mapping. For example - to map to port 9000 change the -p80:80 to -p9000:80
-
Once the container is up and running navigate to
SERVER_IPin the browser. For example - http://localhost
Starting Falcon Server - Using Docker Compose
-
Save the below docker compose script in a file. For example: falcon-server-docker-compose.yml
version: '3.8'
services:
falcon-server:
image: public.ecr.aws/h0h7r7j4/falcon-suite:<FALCON_SERVER_VERSION>
ports:
- '80:80'
- '443:443'
environment:
- FALCON_MODE=all
- DATABASE_URL=postgres://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<DB_NAME>
healthcheck:
test: curl --fail http://localhost/api/graphql/health || exit 1
interval: 10s
timeout: 20s
retries: 3
-
Replace the value of
FALCON_SERVER_VERSIONwith a valid server version -
Replace
USERNAME,PASSWORD,HOST,PORT,DB_NAMEwith appropriate Database credentials and DB name -
Run the below command to start the server
SHELL> docker compose -f falcon-server-docker-compose.yml up -
NOTE: Use option
-dto start the instance in background -
Once the container is up and running navigate to
SERVER_IPin the browser. For example - http://localhost
Starting Falcon Instance - with SSL
-
Create a new directory called
confand file calledserver_sslwithin theconfdirectory -
Copy the below contents to
server_sslfile
upstream falcon-server {
server localhost:8911 fail_timeout=0;
}
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
server {
access_log off;
error_log /dev/stderr; # Redirect error logs to stderr
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /var/falcon/ssl/tls.crt;
ssl_certificate_key /var/falcon/ssl/tls.key;
root /home/node/app/web/dist;
index index.html index.htm index.nginx-debian.html;
server_name falcon_suite;
gzip on;
gzip_min_length 1000;
gzip_types application/json text/css application/javascript application/x-javascript;
sendfile on;
keepalive_timeout 65;
location ~* \.(?:css|js)$ {
expires 1h;
add_header Pragma public;
add_header Cache-Control "public";
access_log off;
}
location ~* \.(?:ico|gif|jpe?g|png)$ {
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
access_log off;
}
location /api/graphql {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://falcon-server;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
try_files $uri $uri/ /index.html;
}
}
-
Make sure valid SSL certificates are copied to
confdirectory --
tls.crt- CA signed certificated -
tls.key- Key used to generate the certificate
-
-
Replace the value of
FALCON_SERVER_VERSIONwith a valid server version -
Replace
USERNAME,PASSWORD,HOST,PORT,DB_NAMEwith appropriate Database credentials and DB name -
Run the below command to start the server
SHELL> docker run -e DATABASE_URL=postgres://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<DB_NAME> -v $(pwd)/conf/server_ssl:/etc/nginx/sites-enabled/default -v $(pwd)/conf/tls.crt:/var/falcon/ssl/tls.crt -v $(pwd)/conf/tls.key:/var/falcon/ssl/tls.key -p80:80 public.ecr.aws/h0h7r7j4/falcon-suite:<FALCON_SERVER_VERSION> -
(Optional) Below is an example of running the same command using docker compose -
-
Save the below docker compose script in a file. For example: falcon-server-docker-compose.yml
-
version: '3.8'
services:
falcon-server:
image: public.ecr.aws/h0h7r7j4/falcon-suite:<FALCON_SERVER_VERSION>
volumes:
- ./conf/server_ssl:/etc/nginx/sites-enabled/default
- ./conf/tls.crt:/var/falcon/ssl/tls.crt
- ./conf/tls.key:/var/falcon/ssl/tls.key
ports:
- '80:80'
- '443:443'
environment:
- FALCON_MODE=all
- DATABASE_URL=postgres://<USERNAME>:<PASSWORD>@<HOST>:<PORT>/<DB_NAME>
healthcheck:
test: curl --fail http://localhost/api/graphql/health || exit 1
interval: 10s
timeout: 20s
retries: 3
-
Run the below command to start the server
SHELL> docker compose -f falcon-server-docker-compose.yml up -
NOTE: Use option
-dto start the instance in background
Once the container is up and running navigate to SERVER_IP in the browser. For example - https://localhost
From AWS Debian CIS Hardened Image
-
Navigate to EC2 → AMIs → select
Falcon Suite CIS 1.xand click onLaunch Instance from AMI
-
Click on "Advanced details" and add the required configuration -
| Key | Description | Required? |
|---|---|---|
SERVER_VERSION |
The latest version of Falcon Server can be found here |
Yes |
AGENT_VERSION |
The latest version of Falcon Agent |
Yes |
PORT |
Port on which the Falcon Web should be exposed. Example 80 for http protocol and 443 for https protocol |
Yes |
PROTOCOL |
Possible values |
Yes |
CLOUD_WATCH_LOGS_GROUP |
Optional |
No |
DB_URL |
A valid |
Yes |
-
Example
#!/bin/bash
bash -c "cat > /etc/falcon-suite/config.env" <<EOF
SERVER_VERSION=1.3.3
AGENT_VERSION=1.0.8
PORT=443
PROTOCOL=https
DB_URL=postgres://dbuser:dbpass@dbhost:dbport/dbname
EOF.
