# Manual Installation

1. Check system [requirements](/docs/manual/english/on-premises/requirements.md) for application server, database server, and software components.
2. Get approved to receive Enginsight and request Docker credentials. Email <insidesales@enginsight.com>.
3. Database server
   1. Install [MongoDB](https://docs.mongodb.com/manual/administration/install-on-linux/).
   2. [Configure the database](/docs/manual/english/on-premises/installation.md#db-server-mongodb-database) (especially set up replica set).
4. Application server
   1. Install [Docker](https://docs.docker.com/engine/install/).
   2. Install [Docker Compose](https://docs.docker.com/compose/install/).
   3. Install [Enginsight](/docs/manual/english/on-premises/installation.md#app-server-enginsight-application).
5. Set up the [DNS name for app and sensors](/docs/manual/english/on-premises/installation.md#set-up-dns-name-for-app-and-sensors).
6. [Install the license file](/docs/manual/english/on-premises/installation.md#buy-and-import-license-file).
7. Take care of securing via [SSL/TLS certificate](/docs/manual/english/on-premises/installation.md#certificate).
8. Configure your On-Premises instance.
9. Roll out the [software components](/docs/manual/english/on-premises/installation.md#software-components) as sensors.

{% hint style="warning" %}
Make sure that the latest version of Docker Compose is always installed. In addition, do not install Docker via Snap or when installing the operating system, but only install Docker from the package sources in the official instructions.
{% endhint %}

## Database Server: Config MongoDB

{% hint style="info" %}
All of the following commands require root privileges.\
You can either execute each command with `sudo` (as shown below), or alternatively log in as superuser once:

```
su - root
```

In this case, sudo can be omitted from the following commands.
{% endhint %}

1. Start MongoDB if it does not start automatically.

```
sudo systemctl enable mongod && sudo systemctl start mongod
```

2. Open the file `/etc/mongod.conf` in an editor of your choice, for example `nano`.

```
sudo nano /etc/mongod.conf
```

3. Change the net section as follows so that MongoDB is accessible from outside.

```
net:
  port: 27017
  bindIp: 0.0.0.0
```

4. Insert the following replica set into the configuration file you already have open so that the database can push information to the API.

```
replication:
   replSetName: "rs0"
```

5. Save the configuration file (Ctrl+o) and confirm the saving process. Close nano (Ctrl+x).

{% hint style="danger" %}
If the database is not running in replica mode, many Enginsight functions will not work correctly.
{% endhint %}

6. Restart MongoDB.

```
sudo systemctl restart mongod
```

7. Open the MongoDB CLI.

```
sudo mongosh
```

8. Activate the replica set. For `<public DB IP>`, enter the IP of the database server that can be reached from the application server.

```
rs.initiate( {
   _id : "rs0",
   members: [
      { _id: 0, host: "<PUBLIC_DB_IP>:27017" }
   ]
})
```

9. Check if the replica sets are active.

```
rs.status()
```

If the configuration is correct, you will see the prompt after executing the command:

```
rs0:PRIMARY>
```

10. Close the Mongo interface.

```
quit()
```

11. Secure the database with `iptables`.

{% hint style="danger" %}
This step is important to ensure the security of the Enginsight software. It results in only the application being able to access MongoDB. Unauthorized access is prevented.
{% endhint %}

{% hint style="info" %}
Replace `<APP_SERVER_IP>` with the IP address of the application server that is accessible from the database. Replace `<DB_SERVER_IP>` with the IP address of the database server that is accessible from the application.
{% endhint %}

```
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s 127.0.0.1 -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <APP_SERVER_IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -s <DB_SERVER_IP> -j ACCEPT
sudo iptables -A INPUT -p tcp -m tcp --dport 27017 -j DROP
```

12. Save the rules and make sure they are loaded at every restart.

```
sudo apt-get install -y iptables-persistent
```

## Application Server: Install Enginsight

{% hint style="info" %}
All of the following commands require root privileges.\
You can either execute each command with `sudo` (as shown below), or alternatively log in as superuser once:

```
su - root
```

In this case, sudo can be omitted from the following commands.
{% endhint %}

1. Make sure that you have the latest version of Docker and Docker Compose installed.

   The current version numbers can be found here: [Docker Engine](https://docs.docker.com/engine/release-notes/).

   ```
   sudo docker version
   ```

   ```
   sudo docker compose -v
   ```

{% hint style="warning" %}
Do not install Docker via Snap or when installing the operating system. Only install Docker from the package sources in the official guide.
{% endhint %}

2. Log in to Docker.

   <pre><code><strong>sudo docker login registry.enginsight.com
   </strong></code></pre>

   <div data-gb-custom-block data-tag="hint" data-style="warning" class="hint hint-warning"><p>You receive the credentials from us.</p></div>

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>If problems occur during authentication, check whether a current gpg2 key is available and generate it automatically if necessary:</p><p><code>sudo apt install gnupg2</code><br><code>gpg2 --gen-key</code></p></div>
3. Create a directory and clone Enginsight.

   ```
   sudo mkdir -p /opt/enginsight && cd /opt/enginsight
   ```

   ```
   git clone https://github.com/enginsight/enterprise.git
   ```

   <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Please note that you must have GIT installed beforehand to perform this step.</p></div>
4. Execute the setup.

   ```
   cd enterprise && ./sudo setup.sh
   ```
5. The installation may take a few moments. In the browser, open the application.
6. Once the installation is complete, you can log in using the temporary login credentials. You can obtain them as follows:

   ```
   sudo docker ps
   ```

   \
   Copy the ID of the `server-m2` module.

   ```
    sudo docker logs <CONTAINER_ID>
   ```

   (Container ID of the “server-m2” container, which can be determined via `docker ps`.)
7. The credentials for the initial login will now be issued to you. \
   **Please save the initial login data.**

![](/files/-Mber39bKWFJhuV5565w)

{% hint style="danger" %}
**Change the initial login data immediately after you have logged in for the first time.**

To do this, go to *Settings* → *User account*. Adjust your e-mail address in the personal details and assign a new password under Password.
{% endhint %}

{% hint style="danger" %}
**ATTENTION!**\
Without a *changed and saved password* or *saved intial password* you will lose access to the Enginsight platform.\
Use a password manager!
{% endhint %}

8. Regulate the memory requirements of the Docker logs by limiting them to 100 Mb as follows:

   ```
   sudo nano /etc/docker/daemon.json
   ```

   Insert the following:

   ```
   {  
     "log-driver": "json-file",  
     "log-opts": {
       "max-size": "100,",
       "max-file": "30"  
     }
   }
   ```
9. Restart Docker service:

   ```
   sudo systemctl restart docker
   ```

### Certificate

{% hint style="danger" %}
For a proper operation of the Enginsight application, the access via HTTPS is mandatory.
{% endhint %}

Install and configure nginx to set up an encrypted connection and enable HTTPS. [You can get instructions here.](/docs/manual/english/on-premises/configuration/https.md)

## Buy and import license file

To use Enginsight OnPremises, you need a license file. Contact us to purchase a license package: <insidesales@enginsight.com>

You can import the license file under *Settings* → *License*.

Do you want to manage multiple organisations with Enginsight and use the multitenancy? [Here you can find out,](/docs/manual/english/on-premises/configuration/licences-and-organisations.md) what you have to consider regarding the license.

## Configure On-Premises instance

Configure your Enginsight on-premises installation.

* [Set up your mail server,](/docs/manual/english/on-premises/configuration/mail-server.md) to be able to send emails.
* [Enable 2-factor authentication,](/docs/manual/english/on-premises/configuration/2-factor-authentication.md) to secure login.
* [Adjust storage times,](/docs/manual/english/on-premises/configuration/storage-times.md) to keep data longer in the database.
* [Do white labeling,](/docs/manual/english/on-premises/configuration/white-label.md) to customize the installation to your corporate identity.

## Software Components

In addition to the Enginsight application, you can install other software components to take advantage of the full range of Enginsight features.

### Pulsar Agent

Install Pulsar Agent on all servers and clients you want to monitor with Enginsight. Start with the servers on which you have installed Enginsight.

To learn how to install a Pulsar agent, click [here](/docs/manual/english/operation/platform/legacy/hosts-agent-pulsar/pulsar-agent.md#installation-creating-a-new-host).

### Observer

The Observer is responsible for monitoring your endpoints from the outside. You can place multiple Observers at different points of the network (e.g. in different network segments) and Internet (e.g. different countries and continents).

You can learn how to add an Observer [here](/docs/manual/english/operation/platform/endpunkte/observer.md#add-observer).

### Watchdog

A watchdog installed in a network segment can perform asset discovery. It is also responsible for agentless monitoring (ping and port monitoring, SNMP).

To learn how to add a watchdog, click [here](/docs/manual/english/operation/platform/discoveries.md#add-watchdog).

### Hacktor

The Hacktor is a software component that can be installed on a specific network segment to perform penetration tests on reachable assets.

To learn how to add a Hacktor, click [here](/docs/manual/english/operation/platform/penetration-testing.md#create-hacktor).


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enginsight.com/docs/manual/english/on-premises/installation/manual-installation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.