Systemd Service¶
Running dawu-manager as a systemd service provides automatic startup on boot, process supervision, and log integration with journald. This is the recommended approach for bare-metal or VM deployments where Docker is not used.
Prerequisites¶
- Node.js 20 or later installed on the host.
- dawu-manager installed globally or via npx.
- A dedicated non-root user for running the service.
Create a Service User¶
Install dawu-manager¶
Option A: Global npm Install¶
Option B: Local Install¶
sudo mkdir -p /opt/dawu-manager
sudo chown dawu:dawu /opt/dawu-manager
sudo -u dawu npm install --prefix /opt/dawu-manager dawu-manager
Create the Data Directory¶
Create the Environment File¶
Create /etc/dawu-manager/dawu.env:
NEXTAUTH_SECRET=your-secret-key-here
NEXTAUTH_URL=http://your-server-ip:3789
DATABASE_URL=file:/var/lib/dawu-manager/data.db
PORT=3789
NODE_ENV=production
Set permissions:
Generate a secret:
Create the Systemd Unit¶
Create /etc/systemd/system/dawu-manager.service:
[Unit]
Description=dawu-manager - BNG Node Management Dashboard
Documentation=https://github.com/Cepat-Kilat-Teknologi/dawu-manager
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=dawu
Group=dawu
EnvironmentFile=/etc/dawu-manager/dawu.env
ExecStart=/usr/bin/npx dawu-manager --port 3789
WorkingDirectory=/var/lib/dawu-manager
Restart=on-failure
RestartSec=5
StartLimitBurst=3
StartLimitIntervalSec=60
# Security hardening
NoNewPrivileges=yes
ProtectSystem=strict
ProtectHome=yes
ReadWritePaths=/var/lib/dawu-manager
PrivateTmp=yes
ProtectKernelTunables=yes
ProtectKernelModules=yes
ProtectControlGroups=yes
# Logging
StandardOutput=journal
StandardError=journal
SyslogIdentifier=dawu-manager
[Install]
WantedBy=multi-user.target
If dawu-manager was installed locally (Option B), change the ExecStart line:
Enable and Start¶
Verify¶
# Check service status
sudo systemctl status dawu-manager
# Test the health endpoint
curl -sf http://localhost:3789/api/auth/csrf
# View recent logs
sudo journalctl -u dawu-manager --since '5 minutes ago' --no-pager
Managing the Service¶
| Command | Description |
|---|---|
sudo systemctl start dawu-manager |
Start the service |
sudo systemctl stop dawu-manager |
Stop the service |
sudo systemctl restart dawu-manager |
Restart the service |
sudo systemctl status dawu-manager |
Check current status |
sudo systemctl enable dawu-manager |
Enable auto-start on boot |
sudo systemctl disable dawu-manager |
Disable auto-start on boot |
Log Management¶
dawu-manager logs are captured by journald:
# Follow logs in real time
sudo journalctl -u dawu-manager -f
# Show logs from the last hour
sudo journalctl -u dawu-manager --since '1 hour ago'
# Show only error-level messages
sudo journalctl -u dawu-manager -p err
# Export logs to a file
sudo journalctl -u dawu-manager --since today > /tmp/dawu-logs.txt
Upgrading¶
# Stop the service
sudo systemctl stop dawu-manager
# Update the package
sudo npm install -g dawu-manager@latest
# Start the service (migrations run automatically on startup)
sudo systemctl start dawu-manager
# Verify the new version is running
curl -sf http://localhost:3789/api/auth/csrf
Backup¶
Database Backup¶
The SQLite database is a single file. Back it up by copying:
For automated backups, create a cron job:
Add:
Configuration Backup¶
Back up the environment file:
Security Hardening¶
The systemd unit includes several security directives:
| Directive | Effect |
|---|---|
NoNewPrivileges=yes |
Prevents the process from gaining additional privileges |
ProtectSystem=strict |
Mounts the filesystem as read-only except for allowed paths |
ProtectHome=yes |
Makes home directories inaccessible |
ReadWritePaths=/var/lib/dawu-manager |
Only the data directory is writable |
PrivateTmp=yes |
Gives the service its own /tmp directory |
ProtectKernelTunables=yes |
Prevents modification of kernel parameters |
ProtectKernelModules=yes |
Prevents loading kernel modules |
ProtectControlGroups=yes |
Prevents modification of control groups |