Deploy Devolutions Server with Docker

On this page

This article shows how to deploy Devolutions Server using Docker.

For the sake of simplicity, Devolutions Server's Docker image version is written 20XX.X in the code blocks of this article. Change this variable to the version you wish to use.

Prerequisites

  • Docker version 20.10.X or higher. On macOS ARM64, use --platform linux/amd64 during the initialization phase due to assembly compatibility. The runtime mode runs natively on ARM64.

  • An SQL Server instance properly set up for Devolutions Server.

  • The minimum system requirements to run Devolutions Server.

Devolutions Server first time setup

  1. Create a dedicated login and database using an admin account (for example, sa or an Azure SQL admin). Grant least-privilege access to Devolutions Server.

  2. Pull the latest Devolutions Server Docker image:

    docker pull devolutions/devolutions-server:release-20XX.X

  3. Run Devolutions Server in initialization mode to create the database schema and its first administrator, generate encryption keys, and configure HTTPS with a self-signed certificate. Save App_Data so the encryption configuration is retrievable for the next step.

    On macOS, this is where to add --platform linux/amd64.

    docker volume create dvls-init-data

docker run --rm `
  -e DATABASE_HOST=your-sql-server.database.windows.net `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourSecurePassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e DVLS_INIT=true `
  -v dvls-init-data:/opt/devolutions/dvls/App_Data `
  -p 5000:5000 `
  devolutions/devolutions-server:release-20XX.X

  4. Extract encryption.config from the initialization volume:

    docker run --rm `
  -v dvls-init-data:/data `
  alpine `
  cat /data/encryption.config

  5. Convert the extracted file to base64 and store it securely as it will be needed for every runtime start:

    docker run --rm `
  -v dvls-init-data:/data `
  alpine `
  cat /data/encryption.config > $env:TEMP\encryption.config

$content = Get-Content -Path "$env:TEMP\encryption.config" -Raw
$bytes = [System.Text.Encoding]::UTF8.GetBytes($content)
$base64 = [System.Convert]::ToBase64String($bytes)
$base64 | Out-File -FilePath "$env:TEMP\encryption.config.b64" -NoNewline -Encoding ASCII

  6. Start Devolutions Server using the base64 encryption configuration. Once this is done, use the docker ps and docker logs dvls-server commands to make sure everything is in working order.

    $encryptionConfig = Get-Content "$env:TEMP\encryption.config.b64" -Raw

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server.database.windows.net `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourSecurePassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e DVLS_ENCRYPTION_CONFIG_B64="$encryptionConfig" `
  -p 5000:5000 `
  devolutions/devolutions-server:release-20XX.X

  7. Access the web interface by opening https://localhost:5000 in your browser. Go past the self-signed certificate security warning by clicking AdvancedProceed. You can mount a custom TSL certificate later.

  8. Log in by using dvls-admin for both the username and password.

    Immediately after login, change the default password by heading to AdministrationUsers, clicking on the vertical ellipsis button of the dvls-admin user, and selecting Change password.

  9. Make sure that Devolutions Server is running with DVLS_ENCRYPTION_CONFIG_B64, its web interface is accessible, and encryption.config.b64 is saved in a secure location (it is needed for every restart and redeployment). Once this is done, the temporary initialization volume can be safely removed:

    docker volume rm dvls-init-data

Devolutions Server first time setup

  1. Create a dedicated login and database using an admin account (for example, sa or an Azure SQL admin). Grant least-privilege access to Devolutions Server.

  2. Pull the latest Devolutions Server Docker image:

    docker pull devolutions/devolutions-server:release-20XX.X

  3. Run Devolutions Server in initialization mode to create the database schema and its first administrator, generate encryption keys, and configure HTTPS with a self-signed certificate. Save App_Data so the encryption configuration is retrievable for the next step.

    On macOS, this is where to add --platform linux/amd64.

    docker volume create dvls-init-data

docker run --rm `
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_INIT=true \
  -v dvls-init-data:/opt/devolutions/dvls/App_Data \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

  4. Extract encryption.config from the initialization volume:

    docker run --rm \
  -v dvls-init-data:/data \
  alpine \
  cat /data/encryption.config

  5. Convert the extracted file to base64 and store it securely as it will be needed for every runtime start:

    docker run --rm \
  -v dvls-init-data:/data \
  alpine \
  cat /data/encryption.config > /tmp/encryption.config

base64 -i /tmp/encryption.config -o /tmp/encryption.config.b64

  6. Start Devolutions Server using the base64 encryption configuration. Once this is done, use the docker ps and docker logs dvls-server commands to make sure everything is in working order:

    docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

  7. Access the web interface by opening https://localhost:5000 in your browser. Go past the self-signed certificate security warning by clicking AdvancedProceed. You can mount a custom TSL certificate later.

  8. Log in by using dvls-admin for both the username and password.

    Immediately after login, change the default password by heading to AdministrationUsers, clicking on the vertical ellipsis button of the dvls-admin user, and selecting Change password.

  9. Make sure that Devolutions Server is running with DVLS_ENCRYPTION_CONFIG_B64, its web interface is accessible, and encryption.config.b64 is saved in a secure location (it is needed for every restart and redeployment). Once this is done, the temporary initialization volume can be safely removed:

    docker volume rm dvls-init-data

Devolutions Server first time setup

  1. Create a dedicated login and database using an admin account (for example, sa or an Azure SQL admin). Grant least-privilege access to Devolutions Server.

  2. Pull the latest Devolutions Server Docker image:

    docker pull devolutions/devolutions-server:release-20XX.X

  3. Run Devolutions Server in initialization mode to create the database schema and its first administrator, generate encryption keys, and configure HTTPS with a self-signed certificate. Save App_Data so the encryption configuration is retrievable for the next step.

    On macOS, this is where to add --platform linux/amd64.

    docker volume create dvls-init-data

docker run --rm `
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_INIT=true \
  -v dvls-init-data:/opt/devolutions/dvls/App_Data \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

  4. Extract encryption.config from the initialization volume:

    docker run --rm \
  -v dvls-init-data:/data \
  alpine \
  cat /data/encryption.config

  5. Convert the extracted file to base64 and store it securely as it will be needed for every runtime start:

    docker run --rm \
  -v dvls-init-data:/data \
  alpine \
  cat /data/encryption.config > /tmp/encryption.config

base64 -w 0 /tmp/encryption.config > /tmp/encryption.config.b64

  6. Start Devolutions Server using the base64 encryption configuration. Once this is done, use the docker ps and docker logs dvls-server commands to make sure everything is in working order:

    docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e DVLS_ENCRYPTION_CONFIG_B64="$(cat /tmp/encryption.config.b64)" \
  -p 5000:5000 \
  devolutions/devolutions-server:release-20XX.X

  7. Access the web interface by opening https://localhost:5000 in your browser. Go past the self-signed certificate security warning by clicking AdvancedProceed. You can mount a custom TSL certificate later.

  8. Log in by using dvls-admin for both the username and password.

    Immediately after login, change the default password by heading to AdministrationUsers, clicking on the vertical ellipsis button of the dvls-admin user, and selecting Change password.

  9. Make sure that Devolutions Server is running with DVLS_ENCRYPTION_CONFIG_B64, its web interface is accessible, and encryption.config.b64 is saved in a secure location (it is needed for every restart and redeployment). Once this is done, the temporary initialization volume can be safely removed:

    docker volume rm dvls-init-data

Operating modes

DVLS Docker container operates in three distinct modes:

Mode Environment Variable Purpose Behavior
Runtime (default) No special variables Normal operation Starts web server and keeps running.
Initialization DVLS_INIT=true First-time setup Creates database schema, administrator user, then exits.
Update DVLS_UPDATE_MODE=true Database upgrade Backs up configuration files, migrates database, then exits.

Initialization and Update modes are mutually exclusive.

Custom port

Change the port Devolutions Server listens on by setting the PORT environment variable, e.g., with the 8080 port as in the example below:

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server.database.windows.net `
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourSecurePassword!' `
  -e HOSTNAME=localhost `
  -e WEB_SCHEME=https `
  -e PORT=8080 `
  -p 8080:8080 `
  devolutions/devolutions-server:release-20XX.X

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=8080 \
  -p 8080:8080 \
  devolutions/devolutions-server:release-20XX.X

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=localhost \
  -e WEB_SCHEME=https \
  -e PORT=8080 \
  -p 8080:8080 \
  devolutions/devolutions-server:release-20XX.X

Mount a custom TSL certificate

Mount your own certificate files instead of using the auto-generated self-signed certificate:

mkdir -p /host/path/certs
cp /path/to/server.pem /host/path/certs/
cp /path/to/server.key /host/path/certs/

docker run -d --name dvls-server `
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls `
  -e DATABASE_USERNAME=dvls_user `
  -e DATABASE_PASSWORD='YourSecurePassword!' `
  -e HOSTNAME=dvls.company.com `
  -e WEB_SCHEME=https `
  -e PORT=5000 `
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem `
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key `
  -p 5000:5000 `
  -v /host/path/certs:/opt/devolutions/dvls/certs:ro `
  devolutions/devolutions-server:release-20XX.X

mkdir -p /host/path/certs
cp /path/to/server.pem /host/path/certs/
cp /path/to/server.key /host/path/certs/

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=dvls.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem \
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key \
  -p 5000:5000 \
  -v /host/path/certs:/opt/devolutions/dvls/certs:ro \
  devolutions/devolutions-server:release-20XX.X

mkdir -p /host/path/certs
cp /path/to/server.pem /host/path/certs/
cp /path/to/server.key /host/path/certs/

docker run -d --name dvls-server \
  -e DATABASE_HOST=your-sql-server.database.windows.net \
  -e DATABASE_NAME=dvls \
  -e DATABASE_USERNAME=dvls_user \
  -e DATABASE_PASSWORD='YourSecurePassword!' \
  -e HOSTNAME=dvls.company.com \
  -e WEB_SCHEME=https \
  -e PORT=5000 \
  -e TLS_CERTIFICATE_FILE=/opt/devolutions/dvls/certs/server.pem \
  -e TLS_PRIVATE_KEY_FILE=/opt/devolutions/dvls/certs/server.key \
  -p 5000:5000 \
  -v /host/path/certs:/opt/devolutions/dvls/certs:ro \
  devolutions/devolutions-server:release-20XX.X

Container management

Commands Functions
docker start dvls-server Starts the container.
docker stop dvls-server Stops the container.
docker rm dvls-server Remove the container.

Removing the container is safe as long as you have the encryption.config.b64 file, access to your SQL Server database, and your environment variables documented.

See also

Devolutions Forum logo Share your feedback