Installing Flix Server

The following instructions are a guide to get your Flix Server up and running quickly.

Note:  If you're new to Flix Server installation, please read Flix Server Technical Overview to familiarize yourself with server requirements and architecture before getting started.

Flix Server System Requirements

Mac

Sierra (10.12), High Sierra (10.13), Mojave (10.14)

4GB of RAM

Linux

CentOS/RHEL 7 (recommended) or 6.10 and higher, Ubuntu 18.04 LTS

A 64 bit processor @ 2GHz or higher

4GB of RAM

Warning:  For security reasons, the date and time for the machine on which Flix Server is installed needs to be set correctly. This also applies to virtual machines. For more information, please refer to this Knowledge Base article.

Note:  Flix Server is currently not available on Windows.
Other operating systems may work with Flix Server, but have not been fully tested.

Flix Server is the server application for Flix. Installation of MySQL 5.7 is required for Flix Server to run.

Installing and Running MySQL 5.7

1.   Install MySQL and check that your MySQL server is running. Instructions for this can be found in this Knowledge Base article or online.
2.   Ensure the MySQL user Flix Server is assigned has the following permissions:

Note:  The MySQL database doesn't need to be running on the same machine as the Flix Server. However, it must accept external connections over a network to allow for communication with your Flix Server(s). Refer to this Knowledge Base article for more information.

Download Flix Server

1.   Download Flix Server at https://www.foundry.com/products/flix/download.

Note:  You must be logged in to your Foundry account to download Flix Server.

2.   Unzip/untar the downloaded archive.

A folder is extracted which contains the following:

flix_server - a binary file which you execute to start server Flix Server.

flix-server-utility - a helper binary which Flix Server starts upon startup.

thirdparty - a folder containing thirdparty libraries Flix Server relies on.

Example of extracted archive:

Configuring Flix Server

You need to set up a config.yml file before you can run Flix Server. By default, Flix Server reads the config file from the same directory as its binary file (flix_server). In order to make upgrading to future versions of Flix easier, we strongly recommend storing the config file in a different location and pointing to it when running Flix Server using the --config-file CLI argument.

Example of config.yml stored alongside the Flix Server directory:

See Running Flix Server for more information.

Here's an example config.yml. You can download and edit a sample here.

hostname: flix001.mycompany.com
http_port: 8080
mysql_hostname: db1.mycompany.com
mysql_username: root
mysql_password: password

Note:  Ensure that the hostname option is set to a publicly available hostname or IP address. We recommend a fully qualified domain name and unique hostname for each server.

Note:  The mysql_username and mysql_password are for the user specified in Installing and Running MySQL 5.7 with those permissions.

Tip:  You may need to add a firewall port exception to allow access on the port through which Flix communicates with clients. See your OS documentation for more information on firewalls.

The Flix Server Address end users require is in the following format: http://[hostname]:[port]. Using the example config.yml above, the Flix Server Address is: http://flix001.mycompany.com:8080.

Warning:  macOS users: If you're installing the server on Mac OS, hostnames contain .local and aren't supported. Multicast DNS (mDNS) domains are not supported. As a workaround, set the public IP and hostname in your /etc/hosts file, for example: 172.168.3.42 flix.local

Tip:  See Flix Server Options for a full list of configuration options.

Licensing Flix Server

Single Server

If you plan on using only a single Flix Server then all you need is a nodelocked license for the Flix Server machine.

Note:  Please refer to our Licensing Documentation for instructions on installing a nodelocked license.

For more information on setting up a Flix 6 licence, see the following Knowledge Base article: Flix 6 Licensing Setup and Troubleshooting.

Multiple servers

If you plan on using more than one Flix server, we recommend using a floating license, either hosted on one of the Flix Servers or from another dedicated license server.

Note:  Please refer to our Licensing Documentation for instructions on installing a floating license.

You will then need to point all of your Flix Servers to use the license floating from your Foundry License Server by setting the floating_license_hostname and floating_license_port config options.

For example, if your Foundry License Server is running on a machine called "my_license_server" and using the default port 4101 then you would set the following:

floating_license_hostname: my_license_server
floating_license_port: 4101

Note:  If you’re unsure about the hostname and/or port to point your Flix Server to, you can refer to this section in our Licensing Documentation.

You have now completed the minimum steps for setting up Flix Server. The following instructions guide you through more advanced set up options. If you want to return to these custom options later, you can jump to Running Flix Server.

Setting a Custom Assets Directory

By default, your Flix assets are stored in an 'assets' directory, which is located in your install folder alongside the flix_server binary. We strongly recommend that you change this to a custom location, to make the upgrading process easier for all future releases of Flix. To do this, set the asset_directory option in your config.yml file. For example:

asset_directory: /mnt/flix-assets

Note:  If you were previously using Flix without specifying the asset directory, or changed the value of the asset_directory option, see Migrating Assets When Switching to a New Assets Directory to import assets from the original directory.

Note:  From Flix 6.3.0 onwards, assets are stored in subdirectories per show. See Release Notes for Flix 6.3 for more information.

Setting up Shared Storage

Flix can be configured to store assets on shared storage, accessible by all servers. This way assets aren't siloed across multiple servers. To switch to shared storage, add the shared_storage setting into the config.yml file.

By default, under the assets directory, each server will have its own directory specified by the server identification number (a long string of numbers/characters) where it stores its own assets. If you want all the servers to store assets in a shared directory, set the shared_storage option to true. Every Flix Server stores the assets in the same directory specified by the asset_directory folder.

Note:  If you were previously using Flix without shared storage and want to switch, see Migrating Assets When Switching to a New Assets Directory to import assets from each server’s asset directory to the shared one.

Setting Up User Authentication

Flix provides three ways to authenticate users: LDAP (Lightweight Directory Access Protocol) , OAuth and the User Management system.

Note:  The first time the Flix Server is run, it automatically creates an admin user with the username and password both set to admin, which you can use to log in to Flix for the first time. It is recommended that you change the default password after the first log in. In case the admin user login details are lost, you can reset the admin account username and password to back to admin using the -reset-admin flag.

LDAP (Lightweight Directory Access Protocol)

LDAP/AD (Active Directory) Authentication allows Flix users to log in using their LDAP/AD credentials. The first time a user logs in, Flix obtains the group names they belong to in LDAP/AD and associate those groups with the user in Flix. This allows Flix administrators to add permissions in Flix based on which groups a user belongs to in LDAP/AD. For guidance on formatting, please refer to the example at the end of this section.

use_ldap (optional) - This turns on or off the LDAP authentication method for this server. Values: true or false.

base - The base dn is the point from where a server searches for users in your LDAP/AD. You must supply at least the Domain Component (DC).

host - The hostname or IP address of your LDAP/AD server.

use_ssl (optional) -This indicates whether or not to use SSL/TLS when connecting to your LDAP/AD server. Values: true or false.

bind_user (optional) - This is an account that binds to the LDAP server and performs user and group searches. It can be a read-only account. Make sure the bind user you want to use has permissions to search through the desired paths. The value of this setting can be in one of the following formats:

username
cn=username,dc=domain,dc=com
username@domain

bind_pass (optional) - The password for the name provided in bind_user. If you don't use bind_user, or if it does not require a password, you don't need to set this.

self_auth (optional) - If this is set, bind_user and bind_pass are ignored. Instead, Flix attempts to use the username and password from the user logging in to bind.

User Search

dn (optional) - DN from where to start the search from. If this value is not set the 'base' will be used.

filter (optional) - Filter to apply when searching the directory. Specify the objectClass for your users. The default value is: '(objectClass=organizationalPerson)'

user_attr - The attribute to use for the username matching for the authentication. On most AD servers, the default setting is - 'sAMAccountName'.

name_attr (optional) - The attribute used to return the user's full name. On most AD servers, the default setting is - 'displayName'.

Group Search

dn (optional) - DN from where to start the search from. If this value is not set the 'base' will be used.

filter (optional) - Filter to apply when searching the directory. The default value is empty.

user_attr - The name of the attribute from the user search which can be found in a group attribute such as 'member'. Common values are 'distingishedName', 'uid', 'sAMAccountName'.

group_attr - The group attribute that has the same value as the user attribute set above. On most AD servers the default setting is 'member'.

name_attr (optional) - The name of the group. On most AD servers the default setting is either 'name', 'cn' or even 'description'.

group_prefix (optional) - Only groups that start with this string will be added to Flix when a user logs in.

group_suffix (optional) - Only groups that end with this string will be added to Flix when a user logs in.

Example of a LDAP subsection in a Flix config file:

Note:  This example is for illustration purposes. The entry preceding the ':' is a key that Flix reads, which needs to be named as in the example, but the entry following the ':' follows the exact naming of the attribute name in your AD.

ldap:
  use_ldap: true
  base: dc=flix,dc=ad
  host: 10.10.10.10
  use_ssl: false
  self_auth: false
  bind_user: CN=Flix,OU=Flix-Users,DC=flix,DC=ad
  bind_pass: PASSWORD
  user_search:
    dn: OU=Flix-Users,DC=flix,DC=ad
    filter: (objectClass=organizationalPerson)
    user_attr: sAMAccountName
    name_attr: displayName
  group_search:
    dn: OU=Groups,DC=flix,DC=ad
    filter: (objectClass=group)
    user_attr: distinguishedName
    name_attr: name
    group_attr: member
    group_prefix: flix-
    group_suffix: -flix

Article:  For more information on setting up LDAP and for troubleshooting tips, please refer to this Knowledge Base Article.

OAuth

The OAuth configuration allows users to log in to Flix using their credentials provided by an OAuth service. Using the example below, configure your Flix server config file to use OAuth. Once the configuration is enabled, restart your Flix Server, and users should now be able to log in using the Sign In with Google button.

use_oauth - This determines whether to use OAuth authentication or not.

username - This determines whether artists are authenticated by 'username' or 'email' address and is used to create their Flix username. Setting the username parameter to email forces Flix to create unique usernames.

Note:  If the username parameter is blank, misspelled, or omitted, authentication defaults to 'username'.

domain - This specifies the domain name for your OAuth provided credentials.

providers - This specifies the OAuth provider.

Example of OAuth:

oauth:
  use_oauth: true
  username: email			
  domain: my_domain.com
  providers:
    - Google

Warning:  Please be certain not to have LDAP and OAuth both enabled.

OAuth doesn't currently obtain the user groups from Google like it does for LDAP, so group management for project access needs to be done using Flix's built-in Group Management.

Warning:  OAuth is not supported when using HTTPS. Due to the design of OAuth, it requires making a HTTP callback to the Flix Server. With HTTPS enabled, this callback would also need to be via HTTPS, however without external access to your certificate authority, this request would fail. Currently this limitation prevents OAuth and HTTPS from being used at the same time.

Note:  Currently the only OAuth provider supported is Google.

Setting Up Email Notifications

Flix can be configured to send email notifications to members of the production when publishing a sequence to and from editorial.

To do this, Flix uses your SMTP server. To set up email notifications, set the following options in your server's config.yml file:

smtp_hostname - Hostname of the SMTP server to use.

smtp_port - Port number of the SMTP server to use.

smtp_username (optional) - Username of the account to authenticate with the SMTP server.

smtp_password (optional) - Password of the account to authenticate with the SMTP server.

smtp_send_from (optional) - Sets the email address Flix uses for notifications.

Example of Email Notifications config:

smtp:
 smtp_hostname: smtp.mystudio.com
 smtp_port: 465
 smtp_username: example@mystudio.com
 smtp_password: MyP@ssword
 smtp_send_from: flix_publishes@mystudio.com

Note:  If the smtp_username and smtp_password config options are not set, Flix Server attempts to connect to the smtp server without authenticating when sending notification emails.

Note:  If the option for smtp_send_from is not set, Flix sends email notifications from the email address of the user publishing to and from editorial. If the user doesn't have an email address, no email notifications are sent.

Setting Up HTTPS

By default, Flix’s security relies on every request between Client and Server being signed. For added security, you have the option to run Flix over HTTPS, so that all communication between Flix Client and Flix Server is encrypted. This would be preferable if, for example, running Flix on a publicly available server.

To set up HTTPS, you will need to set the following options in your server’s config.yml file:

ca_file - Add this option and the path to a CA certificate file if using self-signed certificates.

cert - Add this option and the path to a TLS certificate file (public key).

key - Add this option and the path to the TLS key file (private key).

Example of HTTPS config:

tls:
 ca_file: /Foundry/cert/ca.crt
 cert: /Foundry/cert/cert.crt
 key: /Foundry/cert/server.key

Note:   The ca_file option should only be set if using self-signed certificates, otherwise only the cert (public key) and the key (private key) need to be set.

Note:  When using self-signed certificates, make sure these have been installed on your end users' machines to enable communication with Flix Server.

Warning:  OAuth is not supported when using HTTPS. Due to the design of OAuth, it requires making a HTTP callback to the Flix Server. With HTTPS enabled, this callback would also need to be via HTTPS, however without external access to your certificate authority, this request would fail. Currently this limitation prevents OAuth and HTTPS from being used at the same time.

Running Flix Server

Your operating system may not give run permission to the flix_server binary by default. To ensure you can run it, enter the following command:

chmod +x flix_server

If your server config file is located in the same directory as your Flix Server binary, you can run the server as follows:

./flix_server --verbose

Note:  The --verbose flag is optional, but is useful as it displays a more detailed log output in the console.

You should see a readout like the screen shot below once Flix Server is successfully running. Using the --verbose flag would display more information than shown here.

As mentioned above, we strongly recommend storing the server config file outside the Flix Server directory. To point Flix Server to the location of the server config file, use the --config-file CLI flag. For example:

./flix_server --verbose --config-file /mnt/flix/flix_config_prod.yml

Warning:  If Arial font is not installed or cannot be located on the operating system running Flix Server, publishes will fail with the following error: “cannot find font ‘arial.ttf’ in user or system directories”. We recommend that you install the Arial font into your system's default font directory, or specify a custom font directory using the font_directory option. For example: font_directory: /mnt/flix-fonts.

Note:  The first time the Flix Server is run, it automatically creates an admin user with the username and password both set to admin, which you can use to log in to Flix for the first time. It is recommended that you change the default password after the first log in.

Tip:  You can set up Flix Server as a service, so that it starts automatically along with the server on which it's installed. Instructions on how to do so can be found in this Knowledge Base Article.

Testing the Connection to Flix Server

Now that Flix Server is running, it's a good idea to ensure it's accessible by other computers, as end users only access it from another computer at the studio (on the same network), or remotely (over VPN).

To test the connection:

1.   Log in to another computer that can communicate with Flix Server, either on the same network or over VPN.
2.   Open a Web Browser.
3.   In the URL field, type in the Server Endpoint followed by "/info". Using the example from Running Flix Server, the URL would be:

http://flix002.thefoundry.co.uk:8080/info

You should see something like this:

If you receive a connection error in the web browser, try the following:

Ensure Flix Server is running on the server

Ensure the computer you're on can resolve the hostname/IP of the server (flix002.thefoundry.co.uk in this example)

Ensure the port is open through any firewall that might be running on the server

4.   Once Flix Server is running and accessible by other computers on the network, you can install the Flix Client app and connect it to Flix Server. See Installing and Launching Flix Client for more information.

Tip:  Depending on the size of your Flix user base, a single server may not be enough to provide satisfactory performance and speed. Having multiple servers in your Flix Deployment helps ensure better performance across all users, with HTTP(S) requests being spread across all the available resources. For more information on adding another server to your Flix Deployment, see Adding Servers.