On-Premise Installation
This guide covers the installation of Vulnotes for on-premise deployments using the Vulnotes CLI.
System Requirements
Minimum Requirements
- CPU: 2 cores
- RAM: 4GB
- Storage: 20GB
Recommended Requirements
- CPU: 4+ cores
- RAM: 8GB+
- Storage: 50GB+
Software Dependencies
- Docker and Docker Compose
- curl, jq and openssl
Install Dependencies
Docker
Follow the official Docker installation guide for your OS: docs.docker.com/engine/install
Other Dependencies
# Ubuntu/Debian
sudo apt-get install -y curl jq opensslInstall the Vulnotes CLI
Quick Install
curl -fsSL https://raw.githubusercontent.com/vulnotes/vulnotes-cli/master/install.sh | bashThis installs the CLI to ~/.vulnotes-cli and creates a symlink in ~/.local/bin.
TIP
Make sure ~/.local/bin is in your PATH. You can verify with echo $PATH. If it's not, add export PATH="$HOME/.local/bin:$PATH" to your shell profile.
Manual Install
git clone https://github.com/vulnotes/vulnotes-cli.git
cd vulnotes-cli
chmod +x vulnotesWhen using the manual install, replace vulnotes with ./vulnotes in the commands below.
Get a Provisioning Token
- Go to manager.vulnotes.com
- Log in with your on-premise license
- Generate a provisioning token
WARNING
Provisioning tokens expire after 30 minutes.
Initialize Vulnotes
vulnotes init --token <provisioning-token>The CLI will interactively ask you to configure:
- Domain/URL: e.g.
https://vulnotes.company.comorhttp://localhost - HTTP port: default
80 - Network binding:
127.0.0.1(local only) or0.0.0.0(network accessible)
The init command handles everything automatically:
- Authenticates with the Vulnotes private Docker registry
- Generates all configuration files (
.env,docker-compose.yml,nginx.conf,license.json) - Creates the backup directory
Start Vulnotes
vulnotes startThis pulls the latest Docker images and starts all services. Once started, access Vulnotes.
SSL / HTTPS
The CLI configures Vulnotes with HTTP by default. For production deployments, place a reverse proxy in front of Vulnotes with SSL termination.
You can use Traefik, Caddy, or an Nginx reverse proxy with Let's Encrypt certificates. Vulnotes supports the X-Forwarded-Proto header for proper SSL detection behind a proxy.
WARNING
Running without HTTPS in production is not recommended. All authentication tokens and session data would be transmitted in plaintext.
CLI Commands
Lifecycle
| Command | Description |
|---|---|
vulnotes start | Pull latest images and start all services |
vulnotes stop | Stop all services |
vulnotes restart | Restart all services |
vulnotes update | Pull latest images and recreate containers |
Logs
# View all logs
vulnotes logs
# View logs for a specific service
vulnotes logs backend
# Follow logs in real-time
vulnotes logs -f
# Show last 50 lines
vulnotes logs -n 50Available services: nginx, backend, frontend, mongodb, puppeteer, mcp
Backup & Restore
# Create a backup
vulnotes backupCreates a timestamped archive in the backups/ directory containing the MongoDB database, uploaded files, and configuration.
# Full restore
vulnotes restore <backup-file>
# Restore only data (keep current configuration)
vulnotes restore <backup-file> --data-onlyThe --data-only flag restores the database and uploads but keeps your current configuration, which is useful for migrations.
INFO
A safety backup is automatically created before every restore operation.
Help
vulnotes help
vulnotes versionArchitecture
The deployment consists of 6 Docker containers:
| Service | Description |
|---|---|
| nginx | Reverse proxy, rate limiting, security headers |
| backend | Node.js API server with Socket.IO |
| frontend | Next.js application |
| mongodb | Database |
| puppeteer | Headless Chrome for PDF generation |
| mcp | Model Context Protocol server for AI integrations |
All containers run on an isolated Docker bridge network. Data is persisted using Docker named volumes.
Troubleshooting
Port already in use
If port 80 is taken by another service, you can reinitialize with a different port or edit the generated docker-compose.yml to change the port mapping.
Cannot connect to Docker daemon
Make sure Docker is running and your user is in the docker group:
sudo systemctl start docker
sudo usermod -aG docker $USERLog out and back in after adding yourself to the group.
Containers not starting
Check the logs to identify the failing service:
vulnotes logs
vulnotes logs backend
vulnotes logs mongodbCommon causes:
- Insufficient disk space for Docker volumes
- MongoDB needs a few seconds to become healthy on first start
- Missing or expired license (check
license.json)
Next Steps
- Initial Setup: Create your admin account and configure your instance