Systemd deployment

Run reveald as a managed systemd service for production Linux deployments with automatic restarts, logging, and security hardening.

Create a system user

sudo useradd -r -s /bin/false reveald

Install reveald

curl -L https://github.com/runreveal/reveald/releases/latest/download/reveald-linux-amd64.tar.gz | sudo tar --directory /usr/local/bin -xz
sudo chmod +x /usr/local/bin/reveald

Create the configuration

sudo mkdir -p /etc/reveald
sudo cp config.json /etc/reveald/config.json
sudo chown reveald:reveald /etc/reveald/config.json
sudo chmod 600 /etc/reveald/config.json

Create the service unit

Create /etc/systemd/system/reveald.service:

[Unit]
Description=Reveald Log Forwarder
After=network.target
 
[Service]
Type=simple
User=reveald
Group=reveald
ExecStart=/usr/local/bin/reveald run --config /etc/reveald/config.json
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
SyslogIdentifier=reveald
 
# Security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log
 
[Install]
WantedBy=multi-user.target

Adjust ReadWritePaths to include any directories reveald needs to read from.

Enable and start

sudo systemctl daemon-reload
sudo systemctl enable reveald
sudo systemctl start reveald

Verify

sudo systemctl status reveald
sudo journalctl -u reveald -f

Updating reveald

sudo systemctl stop reveald
curl -L https://github.com/runreveal/reveald/releases/latest/download/reveald-linux-amd64.tar.gz | sudo tar --directory /usr/local/bin -xz
sudo systemctl start reveald

Environment variables

Pass secrets via an environment file instead of putting them in config.json:

Create /etc/reveald/env:

WEBHOOK_URL=https://api.runreveal.com/sources/reveald/webhook/...

Add to the service unit:

[Service]
EnvironmentFile=/etc/reveald/env

Then reference $WEBHOOK_URL in your config. See Configuration.

On this page