Server Installation

The LyftData binary is installed and available on the system, set up the Server as follows:

Note

Complete the installation prerequisites and Prepare the binary before configuring the service.

Use the steps below to register the service account, install the systemd unit, and verify the control plane is reachable.

Note

Use the Linux service account template with user lyftdata and staging directory /var/lib/lyftdata-server. Adjust the path if you store data elsewhere.

Success criteria

• systemctl status lyftdata-server reports active (running).
• Browsing to https://localhost:3000/ (or your chosen bind address) loads the LyftData sign-in screen (self-signed TLS by default).
• journalctl -u lyftdata-server | tail -n 50 contains “Server started” with no error entries.

Need a trial-only setup? Start with the Evaluation Quickstart before committing to service accounts and systemd units.

Create systemd files

Create a systemd service unit file:

sudo vi /etc/systemd/system/lyftdata-server.service

The file must contain the following:

Note

This systemd unit file assumes the binary is installed in /usr/sbin/. If the binary is installed elsewhere, adjust the ExecStart section path accordingly.

[Unit]
Description=lyftdata Server
After=network.target auditd.service

[Service]
EnvironmentFile=/etc/default/lyftdata-server
User=lyftdata
Group=lyftdata
ExecStart=/usr/sbin/lyftdata run server
Restart=on-failure
RestartSec=60

[Install]
WantedBy=multi-user.target

Create an environment file for the EnvironmentFile setting:

sudo vi /etc/default/lyftdata-server

Here, the Server is configured through either lyftdata run server options or environment variables. In this case, we’ll be using the latter.

Tip

See lyftdata run server --help for startup options and their environment variable equivalents and the reference.

At a minimum, the Server needs LYFTDATA_STAGING_DIR and LYFTDATA_LICENSE_EULA_ACCEPT. For unattended service installs, also set LYFTDATA_ADMIN_INIT_PASSWORD:

LYFTDATA_STAGING_DIR=/var/lib/lyftdata-server
LYFTDATA_LICENSE_EULA_ACCEPT=yes
LYFTDATA_ADMIN_INIT_PASSWORD=ChangeMeVerySoon

Note

If lyftdata user home directory is not LYFTDATA_STAGING_DIR, set accordingly.

We’ve added 2 additional environment variables:

• LYFTDATA_LICENSE_EULA_ACCEPT=yes prevents the one-time prompt for accepting the EULA.

• LYFTDATA_ADMIN_INIT_PASSWORD provides an initial password for the Server admin user.

Tip

Tune optional variables such as LYFTDATA_BIND_ADDRESS, LYFTDATA_LOG_RETENTION_DAYS, and LYFTDATA_DB_DISK_USE_MAX_PERCENT using the guidance in installation prerequisites.

If LYFTDATA_ADMIN_INIT_PASSWORD is unset, the server enters Initial Setup Required and writes a one-time setup link to /var/lib/lyftdata-server/bootstrap/initial-admin.url. journalctl shows that setup is required and where the file lives, but it does not print the token itself.

Useful local alternatives when you omit LYFTDATA_ADMIN_INIT_PASSWORD:

• sudo -u lyftdata /usr/sbin/lyftdata server bootstrap --staging-dir /var/lib/lyftdata-server --bind-address 127.0.0.1:3000 --print-url
• sudo -u lyftdata /usr/sbin/lyftdata server create-admin --staging-dir /var/lib/lyftdata-server

Note

If you plan to set LYFTDATA_BIND_ADDRESS to a non-loopback address before an admin exists, provide LYFTDATA_ADMIN_INIT_PASSWORD or complete setup while the service is still on localhost. By default the server refuses remote bootstrap on non-loopback listeners.

Note

Besides the configured data directory (LYFTDATA_STAGING_DIR), the Server will persist some minimal state information to the home directory of the user that the Server runs as (~/.local/share/lyftdata*/). This directory must be writable by the Server.

Once you have saved the service unit file, reload systemd:

sudo systemctl daemon-reload

To start the Server at boot, enable the service with:

sudo systemctl enable lyftdata-server

Finally, start the Server:

sudo systemctl start lyftdata-server

Verify that the Server started successfully:

systemctl status lyftdata-server

It’s a good idea to inspect the startup output so you can confirm the ready splash and, if needed, see the setup URL file path:

journalctl -u lyftdata-server

The Server will be listening on LYFTDATA_BIND_ADDRESS (default 127.0.0.1:3000). HTTPS is enabled by default using a self-signed certificate.

Tip

For production, use a trusted certificate:

• Built-in TLS: provide --tls-cert and --tls-key to lyftdata run server, or
• Reverse proxy: terminate TLS in a proxy (for example Caddy or Nginx) and run the server with --disable-tls.

Certificates must include a hostname in the Subject Alternative Name (SAN) that matches the URL clients use (browser + workers).

See Networking & TLS for the recommended patterns and verification commands.

Go to https://localhost:3000/ in a browser. You will see a certificate warning because the default certificate is self-signed; proceed for evaluation. If you used LYFTDATA_ADMIN_INIT_PASSWORD, sign in as admin with that password. Otherwise, retrieve the one-time setup URL from /var/lib/lyftdata-server/bootstrap/initial-admin.url, create the admin password in the setup flow, and then sign in.

At this point, the Server is ready to start serving Workers.