Faraday Installation Guide — Docker Compose¶
Docker Compose is the easiest and recommended way to run Faraday. This setup includes the Faraday Server, a PostgreSQL database, Redis for task queuing, and dedicated Celery workers for background processing.
Prerequisites¶
- Docker Engine 20.10+
- Docker Compose v2 (the
docker composeCLI plugin)
Note
Use docker compose (v2 plugin syntax), not the legacy docker-compose (v1 standalone binary).
Getting Started — Community Edition¶
1. Get the Docker Compose file¶
Save the docker-compose.yaml file in your working directory. You can download it directly from the Faraday repository:
curl -O https://raw.githubusercontent.com/infobyte/faraday/master/docker-compose.yaml
The Compose file defines the following services:
| Service | Image | Purpose |
|---|---|---|
db |
postgres:12.7-alpine |
PostgreSQL database |
redis |
redis:8.4-alpine |
Message broker for Celery task queues |
faraday-server |
faradaysec/faraday:latest |
Main API server (port 5985) |
faraday-default-worker |
faradaysec/faraday:latest |
Background task processor (Celery) |
Pin your image version for production
For production deployments, replace :latest with a specific version tag (e.g., faradaysec/faraday:v5.19.0) to avoid unexpected upgrades. Check Docker Hub for available tags.
2. Launch services¶
docker compose up -d
3. Get the admin password¶
On first run, an admin user (faraday) is created with an auto-generated password. Retrieve it from the logs:
docker compose logs faraday-server | grep -i password
4. Access Faraday¶
Open http://localhost:5985 in your browser and log in with username faraday and the password from the logs.
Getting Started — Pro / Corporate Edition¶
1. Download the image¶
Download the latest Docker image from portal.faradaysec.com.
2. Load the image¶
docker load < faraday-docker.tar.gz
3. Configure Docker Compose¶
Use the docker-compose.yaml provided with your Pro/Corp distribution. It includes additional services:
| Service | Purpose |
|---|---|
faraday-executive-reports-worker |
Dedicated worker for executive report generation |
import-license |
One-time license import utility |
4. Import your license¶
docker compose run --rm import-license
5. Launch services¶
docker compose up -d
Faraday Server is available at http://localhost:5985.
The admin password is automatically generated and displayed in the server logs on first run.
Change Password¶
docker compose run --rm change-password
This prompts you to set a new password for the admin user.
Persistence and Volumes¶
Data is persisted using Docker named volumes:
| Volume | Path in Container | Content |
|---|---|---|
faraday |
/home/faraday/.faraday |
Configuration, logs, evidence, session data |
db |
/var/lib/postgresql/data |
PostgreSQL database files |
To use a local folder instead of a named volume (useful for backups or inspection):
x-faraday-volumes: &faraday-volumes
- "$HOME/.faraday:/home/faraday/.faraday:rw"
YAML anchors
The Compose file uses YAML anchors (&faraday-volumes / *faraday-volumes) to share volume definitions across services. This is standard YAML syntax supported by Docker Compose.
Environment Variables¶
The Docker entrypoint accepts the following environment variables:
| Variable | Required | Description |
|---|---|---|
PGSQL_USER |
Yes | PostgreSQL username |
PGSQL_PASSWD |
Yes | PostgreSQL password |
PGSQL_HOST |
Yes | PostgreSQL host |
PGSQL_DBNAME |
Yes | PostgreSQL database name |
REDIS_SERVER |
No | Redis server address (enables Redis-backed sessions) |
FARADAY_PASSWORD |
No | Admin password (auto-generated if not set) |
FQDN |
No | Fully qualified domain name (used for OpenAPI spec generation) |
Configuration Defaults¶
Docker deployments use different configuration defaults than bare-metal installations:
| Setting | Docker Default | Bare-Metal Default |
|---|---|---|
api_token_expiration |
604800 seconds (7 days) | 43200 seconds (12 hours) |
session_timeout |
24 hours | 12 hours |
bind_address |
0.0.0.0 (all interfaces) |
localhost (loopback only) |
delete_report_after_process |
true |
false |
These values are set in ~/.faraday/config/server.ini inside the container. To customize, mount a local server.ini into the container or set environment variables.
Development Mode¶
To work on the Faraday source code with Docker:
1. Configure the Compose file¶
Edit docker-compose.yaml:
- Uncomment the
argssection withDEV_ENV=1 - Use a custom image name (e.g.,
faraday-local) - Map your local repository to
/src:
volumes:
- "/path/to/faraday/cloned/repo:/src"
2. Build and run¶
docker compose build
docker compose up -d
Local code changes are reflected without rebuilding the image.
Health Check¶
The Faraday Server container includes a built-in health check:
GET http://localhost:5985/_api/config
Check container health with:
docker compose ps
Troubleshooting¶
Viewing logs¶
# All services
docker compose logs -f
# Specific service
docker compose logs -f faraday-server
Database connection refused¶
Error: connection to server at 'localhost' (127.0.0.1), port 5432 failed: Connection refused
Cause: The Faraday Server container is trying to connect to localhost instead of the db service.
Fix: Edit ~/.faraday/config/server.ini inside the container and change the connection_string host from localhost to db:
[database]
connection_string = postgresql+psycopg2://postgres:postgres@db/faraday
Worker not starting¶
If faraday-default-worker exits immediately, check that:
- The Faraday Server is healthy:
docker compose psshould showhealthystatus - Redis is running:
docker compose logs redis - The worker can reach Redis: check
celery_broker_urlinserver.ini
Disk space¶
Docker images, PostgreSQL data, and Redis data consume disk space. Plan for:
- Docker images: ~500 MB per Faraday image
- PostgreSQL data: 40–80 GB depending on vulnerability count
- Redis: minimal (in-memory cache, typically < 1 GB)
Docker Services Reference¶
| Service | Container Name | Port | Purpose |
|---|---|---|---|
faraday-server |
faraday_server |
5985 | Main API server and Web UI |
db |
faraday_db |
5432 (internal) | PostgreSQL database |
redis |
faraday_redis |
6379 (internal) | Message broker / task queue |
faraday-default-worker |
faraday_worker |
— | Celery background task processor |
faraday-executive-reports-worker |
— | — | Pro/Corp report generation worker |