Installation

Deploying to Heroku (recommended)

The most convenient way to deploy Falco is to deploy it on Heroku using our one-click deploy feature.

Prerequisite

To install Falco on Heroku, you will need a Heroku account with valid payment information (some of Falco features can be run for free under Heroku’s Free Tier, however the credit card details are needed to qualify for free Heroku Addons). Click here to create a Heroku account.

A note about Heroku’s princing and Falco features

Heroku pricing is splitted in two: the “dyno” (understand the actual hosting) and the “addons”.

Under the Free Tier, any Heroku app not used for 30 minutes will enter “Sleep mode”. This means that any processes running will be stopped. To “wake” an Heroku app, you can just hit its URL—after around 30 seconds, it should be back up.

Only the web dyno (the user interface) can “fall asleep”—the worker dyno responsible for running the audits automatically stays up. If you do not want to wait for the app to wake up, you might want to pay for their dyno “Hobby” tier, which at the time of writing costs $14/month for both dynos.

In addition, the Free Tier of the PostgreSQL addon used in Falco currently allows a maximum of 10.000 rows. Should you use Falco intensively, you might have to upgrade to the “Hobby Basic” Tier ($9/month, independently of the dyno tier discussed above).

To sum up:

Falco featuresFree TierUpgraded dyno ($14/month)Upgraded Postgres ($9/month)Both upgrades ($16/month)
Running audits automatically
Visualizing and comparing results
Always-up instance
Running lots of audits

You are free to upgrade or downgrade at any time—beware though that should you have more than 10.000 rows in the database, you will have to delete old audits to qualify again for the free Postgres tier.

Installation

Click on the following button to trigger the deployment of your Falco instance:

Deploy to Heroku

Then, choose a name for your instance (like falco-mycompany), pick the region closest to you, and follow Heroku’s instructions.

The actual deployment should take approximately 10 minutes.

Once Falco is deployed, you should be able to log in to the admin interface using the credentials admin and admin.

Deploying with Docker Compose

Installing Docker Compose

The following steps are applicable to Ubuntu and were taken from the Mattermost documentation (thanks to them!). If you are using another platform, please check the Docker installation Docs.

  1. Install Docker using the Ubuntu online guide or these instructions:
sudo apt-get update
sudo apt-get install wget
wget -qO- https://get.docker.com/ | sh
sudo usermod -aG docker <username>
sudo service docker start
newgrp docker
  1. Install Docker Compose using the online guide. You have to download the latest release from Docker Compose Github’s page and put the binary on your /usr/local/bin folder. Usually, you can use the following command, replacing $dockerComposeVersion by the Docker Compose version to install :
curl -L https://github.com/docker/compose/releases/download/$dockerComposeVersion/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Installing Falco with Docker Compose

To install Falco with docker-compose:

  1. Create a new directory.
  2. Copy the docker-compose.prod.yml file (link) inside that directory and rename it docker-compose.yml. You can change the latest tag to a specific version if you need to.
  3. Copy the .env.prod.dist file (link) inside that directory and rename it to .env.prod. Edit the file and generate the secrets, change the emails, etc.
  4. Start the stack with docker-compose up -d

This will start the stack: Redis + PostgreSQL + Celery + the main application. The main application should be available on http://localhost:80.

For a production use, we recommend using a PostreSQL with valid SSL certificates and expose the application with a frontal server managing the HTTPS certificates. Without a valid SSL certificate, the application will not work.

The first time the application starts, you will need to manually run the migrations and add some data:

docker-composer exec backend sh
# You are now inside the Docker container
./manage.py migrate --noinput
./manage.py createcachetable
# Please change login, mail and password below
./manage.py shell -c "from django.contrib.auth import get_user_model; User = get_user_model(); User.objects.create_superuser('admin', 'yourmail@example.com', 'admin')"
./manage.py populate-periodic-tasks
Last updated on 10/24/2019 by Kevin Raynel