Standard Install

The standard install runs the core Honeyframe services (Platform, Cloud, plus an optional vertical App service) on a single Linux host with PostgreSQL local or remote. Provisioning is driven by the setup-customer.sh script.

Before you start, confirm System Requirements and have:

• A reachable PostgreSQL instance (host, port, role with CREATE on the database).
• A registered DNS record pointing at the host (or LAN IP for an internal-only deploy).
• An empty install directory you control (/opt/honeyframe is the convention; the legacy default is /opt/dataintel).
• An empty data directory (/data/honeyframe is the convention).

One-command provisioning

./iaas/scripts/setup-customer.sh --config install.conf

Copy install.conf.example to install.conf and fill in:

CUSTOMER_DISPLAY_NAME=Acme Corp
INSTALL_DIR=/opt/honeyframe
DATA_DIR=/data/honeyframe
DATABASE_HOST=db.example.com
DATABASE_PORT=5432
DATABASE_USER=honeyframe
DATABASE_PASSWORD=<redacted>
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_USERNAME=ops@example.com
SMTP_PASSWORD=<redacted>
SMTP_FROM_EMAIL=ops@example.com
SMTP_FROM_NAME=Acme Honeyframe

The same parameters can be passed individually on the command line — see ./iaas/scripts/setup-customer.sh --help.

What the script does

1. Verifies dependencies (Python 3.10+, Node 22, nginx, PostgreSQL client tools, certbot).
2. Substitutes placeholders in the systemd unit templates (__INSTALL_DIR__, __DATA_DIR__, __DISPLAY_NAME__) and writes them to /etc/systemd/system/.
3. Creates the data directory layout under $DATA_DIR (tenant data, dbt profiles, vector stores, license file).
4. Installs Python dependencies from requirements.txt to the system interpreter (no venv — see Custom systemd Units for the rationale).
5. Builds the frontend bundles (paas/frontend, iaas/frontend, plus saas/frontend if a vertical app is enabled) via Vite.
6. Bootstraps the database: creates schemas (hubstudio, dataintel), runs migrations, seeds the default organization and superadmin user.
7. Wires nginx: installs nginx.conf to /etc/nginx/sites-available/honeyframe, the rate-limit zones to /etc/nginx/conf.d/honeyframe-security.conf, then nginx -t && systemctl reload nginx.
8. Issues TLS certificates via certbot for each domain (skipped if --no-tls is passed).
9. Enables and starts the systemd services (hub-platform, hub-cloud, plus the vertical app unit if enabled).

The script is idempotent — re-running it picks up changes to the config file and only restarts services whose units changed.

Verifying the install

# Core services should report active.
systemctl is-active hub-platform hub-cloud

# Each API responds with 200 on /api/health.
for p in 8001 8002; do curl -s -o /dev/null -w "%{http_code}\n" http://localhost:$p/api/health; done

# nginx serves the frontends over HTTPS.
curl -s -o /dev/null -w "%{http_code}\n" https://platform.your-domain.com/

Logging in for the first time

The bootstrap step creates a single superadmin user from setup-customer.sh. The username and one-time password are printed to the script's stdout — capture them before the terminal scrolls. Sign in to https://platform.your-domain.com/, change the password, then create your first organization and project.

What's next

• Reverse Proxy — anatomy of the nginx config the script wrote.
• TLS / Certificates — renewing certs and adding new domains.
• Custom systemd Units — overriding limits, env vars, or the run user.