Linode (Akamai Cloud)
Deploy rtCloud on Linode using a StackScript. No configuration needed — just create the server and follow the post-deployment steps.
Step 1 — Launch the StackScript
This opens the StackScript page in Linode Cloud Manager. Click Deploy New Linode.
Step 2 — Fill in Linode’s form
Fill in Linode’s standard server creation form:
| Field | Recommended value |
|---|---|
| Image | Ubuntu 22.04 LTS |
| Region | Closest to your users |
| Plan | Shared CPU 4 GB or larger |
| Root Password | Set a strong password |
| Firewall | No Firewall (recommended) |
| Timezone (our only field) | Your server timezone (default: Asia/Ho_Chi_Minh) |
Why no firewall? The setup script needs outbound internet access (Docker pulls, Let’s Encrypt). Blocking ports during first boot can cause the deployment to fail. You can attach a firewall after setup is complete — see Firewall rules below for the correct rules.
Click Create Linode when done.
Step 3 — Wait for setup to complete
The script runs automatically on first boot. It installs Docker, pulls the rtSurvey image, initialises the database, and starts all services. This takes 5–10 minutes.
You can watch progress directly in Linode Cloud Manager — no SSH required:
- Go to your Linode dashboard
- Click on your newly created Linode
- Click Launch LISH Console (top right of the Linode detail page)
A browser terminal opens showing the live boot log — the Weblish tab works directly in your browser, no SSH client needed.
Wait until you see:
============================================================
rtSurvey deployment complete!
============================================================
Server IP : <your-server-ip>
App URL : http://<your-server-ip> (HTTP only until domain is set)
Admin : admin / admin
============================================================
The log also shows your server IP — you will need it for the next step.
Step 4 — Set up SSL
Open your browser at http://<server-ip>. The app will redirect you to the SSL setup screen.
Follow the Set Up SSL guide → to configure HTTPS. The free rtsurvey.com subdomain is the fastest option — no DNS setup needed.
Step 5 — Change the default password
All passwords default to admin. Change them immediately after your first login:
- App admin password — account settings inside the app
- Keycloak admin — accessible at
https://your-domain.com/auth/admin(login:admin/admin)
Firewall rules (Linode Cloud Firewall)
If you attach a Linode Cloud Firewall to this server, use the following rules:
Inbound
| Label | Action | Protocol | Port | Sources | Notes |
|---|---|---|---|---|---|
accept-inbound-ssh | Accept | TCP | 22 | All IPv4, All IPv6 | SSH access |
accept-inbound-http | Accept | TCP | 80 | All IPv4, All IPv6 | Nginx (HTTP + ACME challenge) |
accept-inbound-https | Accept | TCP | 443 | All IPv4, All IPv6 | Nginx (HTTPS after SSL setup) |
accept-inbound-shiny | Accept | TCP | 3838 | All IPv4, All IPv6 | Shiny Server (R analytics) |
accept-inbound-icmp | Accept | ICMP | — | All IPv4, All IPv6 | Ping / diagnostics |
| Default inbound policy | Drop | Block everything else |
Outbound
| Label | Action | Notes |
|---|---|---|
| Default outbound policy | Accept | Allow all outbound (Docker pulls, certbot, GoDaddy API, etc.) |
Ports NOT needed externally
These ports are bound to 127.0.0.1 only and never reachable from outside the server:
| Port | Service | Reason |
|---|---|---|
| 8080 | App container | Nginx proxies to it internally |
| 8090 | Keycloak container | Nginx proxies to it internally |
| 3306 | MySQL | Internal Docker network only |
Troubleshooting
Check the setup log
tail -200 /var/log/stackscript.log
Check the SSL log
tail -200 /var/log/rtsurvey-ssl.log
View container status
docker compose -f /opt/rtsurvey/docker-compose.production.yml ps