Security Azure

Dradis Community Edition on Ubuntu 24.04 on Azure User Guide

| Product: Dradis Community Edition on Ubuntu 24.04 LTS on Azure

Overview

Dradis Community Edition is an open-source collaboration and reporting framework for security assessments and penetration tests. It gives a team one place to import scanner output (Nmap, Nessus, Burp Suite, OpenVAS, Qualys and more), organise findings on a shared project tree, and generate consistent reports. The cloudimg image installs Dradis CE v5.2.0 from the official dradis/dradis-ce repository (GPL-2.0) on a hardened, fully patched Ubuntu 24.04 base and runs it as a Ruby on Rails 8 application under Puma, fronted by nginx.

There is no default login: Dradis CE uses a single shared password, and both that password and the Rails SECRET_KEY_BASE are generated uniquely on every VM at first boot — nothing is baked into the image.

What is included:

  • Dradis Community Edition v5.2.0 at /home/dradis/dradis-ce
  • Ruby 3.4.6 built with rbenv/ruby-build (the tag's pinned .ruby-version)
  • Rails 8.0 on Puma 7, bound to 127.0.0.1:3000, reverse-proxied by nginx on :80
  • SQLite production database + Redis and a Resque background worker
  • Precompiled assets (sprockets + importmap + mini_racer; no Node.js needed)
  • dradis-firstboot.service generating the per-VM shared password + SECRET_KEY_BASE and completing the CE setup wizard non-interactively
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key, and a VNet + subnet. Standard_B2s (2 vCPU, 4 GB RAM) is the recommended size for evaluation and small teams; move to D2s_v5 or larger for bigger teams or heavy scanner imports.

Step 1: Deploy from Marketplace

Search for "Dradis Community Edition on Ubuntu 24.04 LTS" in the Azure Marketplace, click Get It Now, then Create. Choose your resource group, region, VM size (Standard_B2s recommended), and SSH public key. Allow inbound port 80 (HTTP) and 22 (SSH) in the network security group.

Step 2: SSH into the VM

ssh azureuser@<vm-ip>

The first boot takes 30-60 seconds (per-VM secret generation, database preparation, setup seeding, service start). Wait for the sentinel before browsing:

while [ ! -f /var/lib/cloudimg/dradis-firstboot.done ]; do echo "waiting..."; sleep 5; done; echo "READY"

Step 3: Verify Services

sudo systemctl is-active redis-server dradis dradis-resque nginx
sudo ss -tlnp | grep -E ':80 |:3000 '

All four services report active; nginx listens on :80 and Puma on 127.0.0.1:3000.

Dradis services active — Redis, Puma app server, Resque worker and nginx, with the rbenv-built Ruby 3.4.6 runtime and the nginx to Puma listener chain

Step 4: Read the Per-VM Shared Password

sudo cat /root/dradis-credentials.txt

Pick up DRADIS_SHARED_PASSWORD and DRADIS_URL from the file. Treat these as secrets — the file is mode 0600 root:root.

The per-VM Dradis credentials file — shared login password (masked) and the resolved public URL, mode 0600 root:root

Step 5: Confirm the Version

head -1 /home/dradis/dradis-ce/CHANGELOG

This prints the Dradis release line, for example v5.2.0 (July 2026).

Step 6: Secure by Default

Dradis ships with no usable default credentials. The unauthenticated site is gated behind the login, and the per-VM shared password is the only way in. You can prove the reject-versus-accept behaviour with the bundled check:

sudo /usr/local/sbin/dradis-authcheck.sh

A correct password lands on the authenticated project view (HTTP 200); a wrong password is bounced back to /login.

Dradis credential round-trip — the correct per-VM shared password authenticates to the project view while a wrong password is rejected to the login page

Every application page requires the shared password — there is no open UI:

curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/          # 302 -> /login
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/login     # 200 (public login form)

Unauthenticated requests to Dradis application pages are redirected to the login form; only /login is served publicly

Step 7: Log In

Browse to http://<vm-ip>/login. Enter any user name to identify yourself, plus the DRADIS_SHARED_PASSWORD from Step 4.

Dradis Community Edition login page — enter any user name plus the per-VM shared password

Step 8: The Project Overview

After login you land on the project overview, with the node tree on the left and the Overview, Issues, Methodologies, Upload, Export and QA tabs across the top.

Dradis project overview dashboard — node tree sidebar and the Overview, Issues, Methodologies, Upload, Export and QA tabs

Step 9: Issues

The Issues view is where findings live. Create issues by hand or generate them from imported scanner output, tag and prioritise them, and reuse them across nodes.

Dradis Issues view — the list of findings for the project, ready to be created, tagged and prioritised

Step 10: Import Scanner Output

The Upload manager ingests output from the supported tools (Nmap, Nessus, Burp, OpenVAS, Qualys and others) and turns it into nodes, issues and evidence on the project tree.

Dradis Upload Manager — import output from Nmap, Nessus, Burp Suite, OpenVAS and other tools into the project

Step 11: Components

Component Path
Dradis install /home/dradis/dradis-ce/
SQLite database /home/dradis/dradis-ce/storage/production.sqlite3
Environment file /etc/dradis/dradis.env (holds SECRET_KEY_BASE)
Puma service dradis.service (127.0.0.1:3000)
Resque worker dradis-resque.service
nginx site /etc/nginx/sites-available/dradis
Firstboot script /usr/local/sbin/dradis-firstboot.sh
Credential round-trip check /usr/local/sbin/dradis-authcheck.sh
Credentials /root/dradis-credentials.txt (mode 0600 root:root)
Ruby (rbenv) /home/dradis/.rbenv/shims/ruby (3.4.6)

Step 12: Change the Shared Password

Once signed in, open Configuration → Manage (top-right gear) to change the shared password, enable per-user accounts, and adjust session timeout. Rotate the initial per-VM password before adding your team.

Step 13: Backup

The two things to back up are the SQLite database and any uploaded attachments.

sudo systemctl stop dradis dradis-resque
sudo cp /home/dradis/dradis-ce/storage/production.sqlite3 /root/dradis-db-$(date +%Y%m%d).sqlite3
sudo systemctl start dradis dradis-resque

Support

cloudimg provides 24/7 support for this image. For Dradis usage and integrations, see the upstream documentation at https://dradis.com/ce/.