First you need to grab the binary from their site. The download page.
Then rename it to
concourse and make it executable with
Then, let's generate the RSA key pairs that Concourse needs. You can generate each one with following command:
ssh-keygen -t rsa -N "" -C "put whatever you want here"
It's going to ask you about the path where to generate the keys, and then will generate the public and private keys. According to the documentation, Concourse needs 3 keys:
The following command is needed to start the Concourse web interface:
concourse web --basic-auth-username username --basic-auth-password password --session-signing-key /path/to/session_signing_key --tsa-host-key /path/to/tsa_host_key --tsa-authorized-keys /path/to/worker_key.pub --external-url http://domain.example --postgres-data-source postgres://user:pass@host/db
--tsa-authorized-keys option is meant to provide a single file with all authorized keys (similar to SSH authorized keys file), but right now we'll only configure one worker.
supervisord to manage these processes, so you can put your customized command in a new supervisor program section. If you don't know supervisor (you should), please take a look at their web page.
If you got it working, Concourse will start to listen in the port 8080 but only in the local interface. Yeah, you have to put a reverse proxy on it (there are other options but that's the most reasonable).
Now let's start our only worker, with the following (shorter) command:
sudo concourse worker --work-dir /path/to/workdir --tsa-host 127.0.0.1 --tsa-public-key /path/to/tsa_host_key.pub --tsa-worker-private-key /path/to/worker_key
--work-dir option specifies where all the build data form your pipelines is going to be saved, so as the docs say, make sure you have enough disk space there. The other options are self explanatory. Note that the worker is executed with root priviledges, so if you're using
supervisord make sure you execute the program as the root user (it's the
user option, and take
sudo out of the main command).
If everything has gone fine, the only thing remaining is to setup the reverse proxy for the concourse web interface, and HTTPS to enforce security. If you don't want to pay for SSL certificates, take a look at Let's Encrypt, you're welcome.