Deploying a Secure, Single-Server Aesel Environment

Go Home

System Requirements

In order to run Aesel, you should have at least one server with a minimum of:

  • 8GB RAM Available
  • 8GB Hard Disk Space Available

Note that production systems will likely require significantly more resources.

In order to run Aesel on Docker, you should have at least:

  • Docker CE >17.03 or Docker EE >17.06
  • Docker Compose >1.12.0 for using Docker Compose scripts

Running Aesel natively is supported on the following platforms:

  • Ubuntu >16.04
  • Redhat/Centos >7

Note that the above recommendations are minimum requirements, and production deployments will likely require significantly more resources, especially when handling very high-volumes of traffic.

This is a great option for Demo environments, or small LAN-based networks which only need to handle scenes for a few users.

While this is secure, it is not intended for deployment in a cloud production environment. The security of this deployment depends on the security of the underlying server running Aesel.


First, Download the Aesel setup files from

Unzip the files, and open a terminal/command prompt from the main folder.

Open the file. This contains the central definitions for the variables you’ll fill out. First, pay attention to the ‘SSL_BASE_DIR’ variable. This sets the base directory where your SSL Certificates are contained, with a default of ‘/var/ssl’.

Make sure to update the ‘NETWORK_INTERFACE_ADDRESS’ environment variable to your server’s public IP address before continuing.

Finally, set the Mongo init credentials, that can be used to connect only from the same server that Mongo is running on, in order to administer it.


SSL Setup

Before we go any further, let’s go ahead and obtain valid SSL Certificates. The best way to do this is through Let’s Encrypt, you can follow the tutorials at Self-Signed Certificates are not supported. Make sure that you’re certificates are registered to the same domain that you enter into the AESEL_DOMAIN variable. A basic example certbot command is shown below:

certbot certonly –standalone –preferred-challenges http -d AESEL_DOMAIN

You may need to copy/convert some of the certs around, below is a tree of the basic file structure needed in /var/ssl (or whatever you enter for the SSL_BASE_DIR):


The pem files generated by certbot can be simply copied anywhere a .crt or .pem file is required. To get a .p12 file, an example is shown below:

openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out /var/ssl/adrestia/certificate.p12 -name tomcat -CAfile chain.pem -caname root

Then, you’ll need to open up the file, and enter your export password in the ‘SSL_KEYSTORE_PW’

AES Configuration

AES Information is set in the script, and can be generated with:

openssl enc -aes-256-cbc -k secret -P -md sha1

Where ‘secret’ is a password for generating the key.

Start Database Layer

To start the Aesel DB Layer, run the below command:

./ db

The easiest way to update the neo4j login information is to use Neo4j Client. Simply connect to your instance with username and password neo4j/neo4j, and you will be prompted to change the password.

Finally, you’ll need to setup a Mongo admin user, and separate users for Adrestia and CLyman. You can connect from the same server running Mongo by using the mongo shell with:

mongo admin -u <mongo-init-un> -p <mongo-init-pw>

Create an administrator user:

use admin

user: “myUserAdmin”, pwd: “abc123”, roles: [ { role: “userAdminAnyDatabase”, db: “admin” }, “readWriteAnyDatabase” ]



Then, an example user creation for Adrestia is shown below:

use _adrestia


user:”test1”, pwd:”test1”, roles:[

role:”readWrite”, db:”_adrestia”


], mechanisms:[




A similar user should be created for CLyman in the database ‘clyman’, Projects in the database ‘_projects’, and Kelona in the database ‘_avc’.

Authentication Configuration

Open back up the file, and start by entering the Neo4j login into the NEO4J_UN and NEO4J_PW variables. Then, you can update the variables for:


Start Scene Cluster

Starting a Scene Cluster (Crazy Ivan and CLyman), can be done with the below command:

./ cluster

Start Stateless Services

Core, Stateless Services (Adrestia, Kelona, Projects), can be started with:

./ core


Now you can open your web browser and navigate to https://localhost:8080/portal/home. Login with an account you setup on your Auth0 dashboard.