Skip to content

Management Interface: install

This command installs a fresh Enterprise server into the current directory by generating secrets, configuration, and the service manifest.

Warning

The command refuses to run if config.env already exists. Move, rename, or delete it if you intend to reinstall. Other generated files will be overwritten.

Typical Usage

Online (pulls images and keys from Vector 35):

./manage_server install --domain https://enterprise.example.com

Offline (uses a previously-downloaded install bundle):

./manage_server install --offline --imagefile images.tar --certfile server.pem --keyfile server.key

See the Installation guide for more information.

Command Help

Install server config/keys and generate .env; with --offline, also load images from file

Usage: manage_server install [OPTIONS]

Options:
  -n, --offline                             Do not fetch resources from the network, install from local files
      --swarm[=<STACK_NAME>]                Operate in docker swarm mode [env: ENTERPRISE_STACK_NAME=]
  -i, --imagefile <imagefile>               Path to local image file [default: images.tar]
      --registry-host <HOSTNAME>            Hostname of custom registry [env: ENTERPRISE_REGISTRY_HOST=registry.internal.v35.us] [default: registry.enterprise.binary.ninja]
  -c, --certfile <certfile>                 Path to local cert file [env: ENTERPRISE_SERVER_CERT_FILE=] [default: server.pem]
      --registry-username <USER>            Username for custom registry [env: ENTERPRISE_REGISTRY_USERNAME=]
  -k, --keyfile <keyfile>                   Path to local key file [env: ENTERPRISE_SERVER_KEY_FILE=] [default: server.key]
      --registry-password <PASSWORD>        Password for custom registry [env: ENTERPRISE_REGISTRY_PASSWORD=]
      --docker-host <HOST>                  Overrides the default Docker/Podman Unix socket [env: DOCKER_HOST=]
      --overwrite-keys                      Overwrite server key files
      --container-engine <ENGINE>           Container engine to use for deployments (docker or podman) [env: ENTERPRISE_CONTAINER_ENGINE=docker] [default: docker] [possible values: docker, podman]
      --platform <PLATFORM>                 Docker platform for images (for example, linux/arm64) [env: DOCKER_DEFAULT_PLATFORM=] [possible values: linux/arm64, linux/amd64]
      --tag <tag>                           Use a specific version of the Enterprise server to obtain default keys/certs
      --debug                               Enable server debug mode by default [env: DEBUG=]
      --validate-tls <validate-tls>         Whether backend TLS validation should be enabled by default [env: ENTERPRISE_SERVER_VALIDATE_TLS=] [default: true] [possible values: true, false]
      --detach                              Default to running server in background [env: DETACH=]
      --no-warp                             Do not configure or deploy WARP services
      --domain <URL>                        The base URL this server will be hosted at [env: ENTERPRISE_SERVER_DOMAIN=http://localhost:3535]
      --no-tls                              Disable TLS by default [env: ENTERPRISE_PROXY_NO_TLS=false]
  -a, --allowed-host <allowed-host>...      Default allowed hostnames or addresses (comma separated supported) [env: ENTERPRISE_SERVER_ALLOWED_HOSTS=] [default: *]
      --bind-ip <bind-ip>                   Default host IP address to bind [env: ENTERPRISE_SERVER_BIND_IP=] [default: 0.0.0.0]
  -p, --port <port>                         Default port the Enterprise server will listen on [env: ENTERPRISE_SERVER_PORT=] [default: 3535]
      --admin-password-file <FILE>          Path to file containing the initial admin password [env: ENTERPRISE_INITIAL_ADMIN_PASSWORD_FILE=./secrets/initial_admin_password]
  -l, --license-file <license-file>         Path to Binary Ninja license file [env: ENTERPRISE_SERVER_LICENSE_FILE=] [default: license.dat]
  -b, --license-bundle <license-bundle>     Local path to Enterprise client floating license bundle [env: ENTERPRISE_SERVER_LICENSE_BUNDLE_FILE=] [default: license-bundle.b64]
      --disable-directio                    Disable nginx directio/aio optimizations (useful when serving static files from network-backed storage)
      --uid <uid>                           User ID used for data and tasks (defaults to current User ID) [env: ENTERPRISE_SERVER_UID=]
      --warp-db-name <NAME>                 Name of WARP database to use [env: WARP_DATABASE_NAME=]
      --gid <gid>                           Group ID used for data and tasks (defaults to current Group ID) [env: ENTERPRISE_SERVER_GID=]
      --warp-db-host <HOSTNAME>             Hostname of WARP database [env: WARP_DATABASE_HOST=]
      --warp-db-port <PORT>                 Port for WARP database connection [env: WARP_DATABASE_PORT=]
      --warp-db-user <USERNAME>             Username for WARP database authentication [env: WARP_DATABASE_USER=]
      --warp-db-password-file <FILE>        Path to file containing WARP database password [env: WARP_DATABASE_PASSWORD_FILE=]
      --warp-redis-url <URL>                URL to use when connecting to Redis for WARP [env: WARP_REDIS_URL=]
      --warp-oauth-provider <PROVIDER>      OAuth provider for WARP [env: WARP_OAUTH_PROVIDER=]
      --warp-oauth-redirect-url <URL>       OAuth redirect URL for WARP [env: WARP_OAUTH_REDIRECT_URL=]
      --warp-web-allowed-origins <ORIGINS>  Comma-separated list of allowed origins for WARP web frontend [env: WARP_WEB_ALLOWED_ORIGINS=]
  -h, --help                                Print help

Database Options:
      --db-name <NAME>           Name of database to use [env: ENTERPRISE_DATABASE_NAME=] [default: binaryninja_enterprise]
      --db-host <HOSTNAME>       Name of host to use when connecting to database [env: ENTERPRISE_DATABASE_HOST=] [default: database]
      --db-port <PORT>           The port to use when connecting to database [env: ENTERPRISE_DATABASE_PORT=] [default: 5432]
      --db-user <USERNAME>       The user to use when connecting to database [env: ENTERPRISE_DATABASE_USER=] [default: binaryninja_enterprise]
      --db-password-file <FILE>  Path to file containing password to authenticate with the database [env: ENTERPRISE_DATABASE_PASSWORD_FILE=] [default: ./secrets/db_password]

Key-Value Store Options:
      --redis-url <URL>  URL to use when connecting to message broker [env: ENTERPRISE_KV_STORE_URL=] [default: redis://redis:6379]

Object Store Options:
      --object-store-bucket-name <BUCKET>    Object store bucket name (must be between 3 and 63 characters, only using lowercase letters, numbers, dot, and hyphen) [env: ENTERPRISE_OBJECT_STORE_BUCKET_NAME=] [default: binaryninja-enterprise]
      --object-store-endpoint-url <URL>      Object store endpoint URL [env: ENTERPRISE_OBJECT_STORE_URL=] [default: https://object-store:8333]
      --object-store-access-key-file <FILE>  Path to file containing the access key ID to use when authenticating with the object store [env: ENTERPRISE_OBJECT_STORE_ACCESS_KEY_FILE=] [default: ./secrets/object_store_access_key_id]
      --object-store-secret-key-file <FILE>  Path to file containing the secret access key to use when authenticating with the object store [env: ENTERPRISE_OBJECT_STORE_SECRET_KEY_FILE=] [default: ./secrets/object_store_secret_access_key]