# Server Before you install Flopsar, make sure your environment meets a few basic requirements: * A few gigabytes of free disk space for the collected data (size it to your retention needs). * Your network allows TCP connections between the agents and the server. * A 64-bit GNU/Linux host. See Supported Platforms and Requirements for details. This page covers installing the **server**. To attach agents to your Java applications, see the Agent page. {% hint style="info" %} Starting with Flopsar 7, the **Workstation** web application is embedded directly in the server binary. There is no separate workstation package to install for the standard, standalone deployment — the server serves the UI and the REST API from the same port. {% endhint %} ## Install the Package You can install the server in two ways: from the **Flopsar package repository** (recommended — it makes upgrades a simple package update) or by **downloading the package manually**. ### From the Flopsar Repository (recommended) The repository serves both RPM-based distributions (Fedora, RHEL and derivatives, openSUSE, SLES) and Debian-based distributions (Debian, Ubuntu). #### 1. Add the repository {% tabs %} {% tab title="Fedora / RHEL (dnf)" %} Using the `config-manager` plugin: * Fedora 41+ (dnf5): ```shellscript $ sudo dnf install -y dnf-plugins-core $ sudo dnf config-manager addrepo --from-repofile=https://repo.flopsar.com/flopsar.repo ``` * Fedora <41, RHEL: ```shellscript $ sudo dnf install -y dnf-plugins-core $ sudo dnf config-manager --add-repo https://repo.flopsar.com/flopsar.repo ``` Or, without the plugin, install the repository file directly: ```shellscript $ sudo curl -fsSL https://repo.flopsar.com/flopsar.repo -o /etc/yum.repos.d/flopsar.repo ``` {% endtab %} {% tab title="openSUSE / SLES (zypper)" %} ```shellscript $ sudo zypper addrepo https://repo.flopsar.com/flopsar.repo $ sudo zypper refresh ``` {% endtab %} {% tab title="Debian / Ubuntu (apt)" %} Install the prerequisites, then add the Flopsar repository source: ```shellscript $ sudo apt update $ sudo apt install -y ca-certificates curl $ sudo curl -fsSL https://repo.flopsar.com/flopsar.sources -o /etc/apt/sources.list.d/flopsar.sources $ sudo apt update ``` Or, without the ready-made source file, add the signing key and the repository manually: ```shellscript $ sudo install -m 0755 -d /etc/apt/keyrings $ sudo curl -fsSL https://repo.flopsar.com/flopsar.gpg -o /etc/apt/keyrings/flopsar.gpg $ echo "deb [signed-by=/etc/apt/keyrings/flopsar.gpg] https://repo.flopsar.com/apt stable main" \ | sudo tee /etc/apt/sources.list.d/flopsar.list $ sudo apt update ``` {% endtab %} {% endtabs %} #### 2. Install the package {% tabs %} {% tab title="Fedora / RHEL (dnf)" %} ```shellscript $ sudo dnf install flopsar-server ``` {% endtab %} {% tab title="openSUSE / SLES (zypper)" %} ```shellscript $ sudo zypper install flopsar-server ``` {% endtab %} {% tab title="Debian / Ubuntu (apt)" %} ```shellscript $ sudo apt install flopsar-server ``` {% endtab %} {% endtabs %} The first time you install from the repository, your package manager downloads the Flopsar signing key and asks you to confirm the import (on Debian/Ubuntu the key is stored in `/etc/apt/keyrings/`). Verify that the fingerprint matches before accepting: ``` Fingerprint: 0CB7 A6D0 A9EB 2EE2 F397 0F1D 0F2C 8589 8151 493F Userid : Flopsar Technology ``` {% hint style="info" %} The same signing key is published on the [keys.openpgp.org](https://keys.openpgp.org/) keyserver, so you can verify or fetch it independently of the repository. Look it up by its email (`security@flopsar.com`) or directly by [fingerprint](https://keys.openpgp.org/search?q=0CB7A6D0A9EB2EE2F3970F1D0F2C85898151493F), or import it with: ```shell-session $ gpg --keyserver hkps://keys.openpgp.org --recv-keys 0F2C85898151493F ``` {% endhint %} {% hint style="info" %} On Debian/Ubuntu you can inspect the downloaded key before trusting it: ```shell-session $ gpg --show-keys /etc/apt/keyrings/flopsar.gpg ``` {% endhint %} {% hint style="warning" %} Only accept the key if the fingerprint matches the value shown above. The signing key lets your package manager verify the authenticity and integrity of every Flopsar package, now and on future upgrades. {% endhint %} #### 3. (Optional) Open the firewall - Red Hat-based systems only {% hint style="info" %} Applies to RedHat-based distributions (RHEL, Rocky Linux, AlmaLinux, Fedora) that use `firewalld`. The package ships a `firewalld` service definition only; it does not modify your firewall automatically. openSUSE/SLES also use `firewalld`, so the same commands apply there. On other systems (or if you use `nftables`/`iptables` directly), open the ports below manually using your own tooling. {% endhint %} If `firewalld` is active, the package ships a ready-made service definition named `flopsar` that covers all required ports. Enable it with: ```shellscript $ sudo firewall-cmd --permanent --add-service=flopsar $ sudo firewall-cmd --reload $ sudo firewall-cmd --list-services ``` The `flopsar` service opens the following ports: | Port | Protocol | Purpose | | ---- | -------- | ----------------------- | | 9443 | TCP | Web UI (HTTPS) | | 9000 | TCP | Agent connections | | 4318 | TCP | OTLP over HTTP receiver | | 4317 | TCP | OTLP over gRPC receiver | ### Manual Package Install Alternatively, [download](https://cdn.flopsar.com/) the package that matches your platform and architecture and install it directly. {% tabs %} {% tab title="Debian / Ubuntu" %} ```shell-session # dpkg -i flopsar-server..deb ``` {% endtab %} {% tab title="Red Hat / SUSE" %} ```shell-session # rpm -ih flopsar-server..rpm # dnf install flopsar-server..rpm # zypper install flopsar-server..rpm ``` {% endtab %} {% endtabs %} ### What the Installation Does Regardless of the method, on the **first installation** the package: * Creates a dedicated system user and group named `flopsar`, used to run the service. * Installs the `flopsar-server` binary to `/usr/sbin`. * Registers a `flopsar` `systemd` service. * Creates the global configuration directory `/etc/flopsar` and generates: * a default configuration file, `/etc/flopsar/settings.toml`; * a self-signed TLS certificate and key in `/etc/flopsar/ssl/`; * a 256-bit master key in `/etc/flopsar/ssl/master.key` (used to encrypt agent tokens); * the service environment file `/etc/flopsar/eula.env`, with EULA acceptance left empty. {% hint style="info" %} The auto-generated TLS certificate is self-signed. For production, replace `server.crt` / `server.pem` in `/etc/flopsar/ssl/` with certificates issued by a trusted CA, and keep the file ownership and permissions intact (`root:flopsar`, `0640` for private material). {% endhint %} ## Accept the EULA The server will not start until you accept the [End User License Agreement](https://eula.flopsar.com). Acceptance is expressed through the `FLOPSAR_EULA` environment variable, which the service reads from `/etc/flopsar/eula.env`. Edit the file and set the value to `accept`: {% code title="/etc/flopsar/eula.env" %} ```sh # EULA acceptance (https://eula.flopsar.com): # set the variable below to "accept" to start the server. FLOPSAR_EULA=accept ``` {% endcode %} ## Start the Server Enable and start the service: ```shell-session # systemctl enable --now flopsar ``` The service runs as the `flopsar` user and stores its data under `/var/lib/flopsar` (provided through the `FLOPSAR_HOME` environment variable in the unit file). On first start, the server initializes a fresh environment in that directory automatically. Check that the service is running: ```shell-session # systemctl status flopsar ``` ## Sign In Once the server is running, open the Workstation in your browser. TLS is enabled by default, so the address is: ``` https://:9443 ``` {% hint style="info" %} Default credentials are `admin` / `flopsar`. Change the password immediately after your first sign-in. {% endhint %}
## File and Directory Layout After a package installation, the relevant locations are: * `/usr/sbin/flopsar-server` — the server binary. * `/etc/flopsar/settings.toml` — the global server configuration. * `/etc/flopsar/ssl/` — TLS certificate (`server.crt`), private key (`server.pem`), and the master key (`master.key`). * `/etc/flopsar/eula.env` — the service environment file, including EULA acceptance. * `/var/lib/flopsar` — the server home (the environment), containing the data storage, logs, and archives. * `flopsar.service` — the `systemd` unit for the service. ## Network Ports By default the server listens on: * `9000` — agent connections. * `9443` — the REST API and the Workstation (TLS). * `4318` and `4317` — OpenTelemetry OTLP/HTTP and OTLP/gRPC ingestion. Adjust these in the server configuration and open them in your firewall as needed. ## Using a Custom Environment Location The packaged service keeps its data in `/var/lib/flopsar`. If you prefer a different location (for example, a dedicated data volume), you have two options: * Point the service at another directory by overriding `FLOPSAR_HOME` (for example, with a `systemd` drop-in), or set the `data` option in `settings.toml`. Make sure the `flopsar` user can read and write that directory. * Pre-create an environment explicitly and start the server against it: ```shell-session $ flopsar-server create ``` This creates a new, empty environment at ``. See the Server page for the full list of command line operations (`create`, `config`, `gencerts`, `genmkey`, and more). {% hint style="warning" %} If you start the server through `systemd`, it runs as the `flopsar` user by default. Ensure that this user has read/write permissions to the environment directory. {% endhint %} ## Troubleshooting This section covers the most common issues after installing Flopsar Server via the package and starting it with `systemctl`. ### Where to look first ```shellscript $ sudo systemctl status flopsar # current state and last log lines $ sudo journalctl -u flopsar -e # full service log (most recent at the end) $ sudo journalctl -u flopsar -f # follow the log live ``` Almost every startup problem is explained in `journalctl -u flopsar`. ### The service does not start **Symptom**: `systemctl status flopsar` shows `failed` or the service exits immediately. Most common cause — the EULA is not accepted. The log will contain a message about `FLOPSAR_EULA`. Fix: ```shellscript $ sudo sed -i 's/^FLOPSAR_EULA=.*/FLOPSAR_EULA=accept/' /etc/flopsar/eula.env $ sudo systemctl restart flopsar ``` Other causes: * A malformed `/etc/flopsar/settings.toml` — the log shows a parse error and the offending field. Restore defaults by removing the file and regenerating: ```shellscript $ sudo flopsar-server config /etc/flopsar/sudo systemctl restart flopsar ``` Missing TLS material in `/etc/flopsar/ssl/`. Regenerate: ```shellscript $ sudo flopsar-server gencerts /etc/flopsar/ssl/ $ sudo flopsar-server genmkey --path /etc/flopsar/ssl/ $ sudo systemctl restart flopsar ``` ### The service starts, then keeps restarting **Symptom**: `systemctl status` shows repeated `activating (auto-restart)`. The unit uses `Restart=on-failure`, so a crash loop means the process exits with an error on each attempt. Inspect the reason: ```shellscript $ sudo journalctl -u flopsar -e --no-pager | tail -n 50 ``` Typical reasons: EULA not accepted, unreadable `master.key`, or a port already in use (see below). ### The web interface is not reachable **Symptom**: `https://:9443` times out or refuses the connection. Diagnose in order: **Is the service running?** ```shellscript $ sudo systemctl is-active flopsar ``` **Is it listening on the expected ports?** ```shellscript $ sudo ss -tlnp | grep -E '9443|9000|4318|4317' ``` You should see `flopsar-server` bound to `0.0.0.0:9443` (and the other ports). **Is a firewall blocking access? (RedHat-based / `firewalld`)** ```shellscript $ sudo firewall-cmd --list-services # is "flopsar" listed? $ sudo firewall-cmd --permanent --add-service=flopsar $ sudo firewall-cmd --reload ``` On Debian/Ubuntu with `ufw` enabled: `sudo ufw allow 9443/tcp`. **Are you using the right port? The web UI listens on 9443 (HTTPS), not 9943 or 9000.** ### Browser shows a certificate warning This is expected. Flopsar generates a self-signed certificate by default, so browsers will warn on first access. Either accept the exception, or replace `/etc/flopsar/ssl/server.crt` and the corresponding key with your own CA-signed certificate and restart the service. ### SELinux (RedHat-based, enforcing) Flopsar runs as an unconfined `systemd` service, so SELinux does not require any configuration in normal installations. If you suspect SELinux is blocking something: ```shellscript $ sudo ausearch -m AVC -ts recent # look for denials (AVC entries) $ sudo setenforce 0 # temporary test; if it works now, SELinux is the cause $ sudo setenforce 1 # re-enable ``` If a denial is confirmed, generate an allow rule from the audit log with `audit2allow`, or report it to support. ### Collecting information for support When contacting support, include: ```shellscript $ flopsar-server --version $ systemctl status flopsar --no-pager $ journalctl -u flopsar --no-pager | tail -n 200 ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.flopsar.com/7/administrator-guide/installation/server.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.