Applications Azure

Fider on Ubuntu 24.04 on Azure User Guide

| Product: Fider on Ubuntu 24.04 LTS on Azure

Overview

Fider is the popular open source customer feedback platform — a self-hosted place where your users post suggestions, vote on the ideas that matter to them, comment, and follow a public roadmap, so product teams can capture and prioritise feedback from their own infrastructure. The cloudimg image runs the Fider server (a single Go binary that serves both the public board and the administration console) behind nginx as a reverse proxy, with PostgreSQL as the datastore on the same VM. The Fider server listens on port 3000 and is reached through nginx on port 80; PostgreSQL is bound to the loopback interface.

On the first boot of every deployed VM, a one-shot service rotates the PostgreSQL password, generates a fresh JWT_SECRET, resolves the VM's public IP and writes it into Fider's BASE_URL, applies the database migrations, and starts the stack. The per-VM database password and signing secret are written to /root/fider-credentials.txt with mode 0600. No default administrator ships in the image — Fider's first administrator account and your feedback site are created by you, through Fider's web setup, the first time you open the site in a browser. Backed by 24/7 cloudimg support.

What is included:

  • Fider 0.36 server (the official upstream binary) at /opt/fider, serving the public board and the admin console
  • nginx reverse proxy on :80 in front of the Fider server on :3000
  • PostgreSQL datastore (posts, votes, comments, users), bound to loopback
  • Per-VM PostgreSQL password and JWT_SECRET generated at first boot, in a root-only file; BASE_URL resolved to the VM's public IP
  • No seeded administrator — the first admin and your site are created through Fider's web setup
  • fider.service, postgresql.service and nginx.service as systemd units, enabled and active
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet + subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a good starting point; scale up for larger communities. NSG inbound: allow 22/tcp from your management network and 80/tcp (plus 443/tcp once you enable HTTPS) from the networks your users will reach Fider on.

Step 1 — Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Fider by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Then Review + createCreate.

Step 2 — Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name fider \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --ssh-key-values ~/.ssh/id_ed25519.pub \
  --vnet-name <your-vnet> --subnet <your-subnet> \
  --public-ip-sku Standard

az vm open-port --resource-group <your-rg> --name fider --port 80 --priority 1010

Step 3 — Connect to your VM

ssh azureuser@<vm-public-ip>

First-boot initialisation completes in under a minute; the credentials file is in place and the site is serving by the time SSH is ready.

Step 4 — Confirm the services are running

systemctl is-active fider.service postgresql.service nginx.service
curl -fsS http://127.0.0.1/_health

All three services report active and Fider's health endpoint returns {"status":"Healthy"} — proof the full stack (nginx, the Fider server and PostgreSQL) is serving. nginx on :80 is the single public entry point in front of Fider on :3000, with PostgreSQL on loopback :5432:

Fider services, listeners and health endpoint

The three systemd units active, the loopback/nginx listeners, and Fider's /_health endpoint served through nginx.

Step 5 — Review the per-VM secrets

Fider's database password and signing secret are generated uniquely on the first boot of your VM and written to a root-only file:

sudo cat /root/fider-credentials.txt

The file records the resolved site URL, the local PostgreSQL login, and the per-VM JWT_SECRET. BASE_URL is set to this VM's public IP on first boot, never localhost or an empty host:

Per-VM credentials file and resolved BASE_URL

The root-only credentials file with the per-VM database password and JWT secret, and BASE_URL resolved to the VM's public IP.

You can confirm the secure-by-default posture end to end from the same session — the rotated database password authenticates, and the image ships zero seeded administrator accounts:

DBPASS=$(sudo grep '^fider.db.pass=' /root/fider-credentials.txt | cut -d= -f2-)
PGPASSWORD="$DBPASS" psql -h 127.0.0.1 -U fider -d fider -tAc 'SELECT 1'
sudo -u postgres psql -tAc 'SELECT count(*) AS admin_accounts FROM users' fider

Secure-by-default: rotated DB credential works, no seeded admin

The per-VM database password authenticates, there are zero seeded users, and the site opens on its web setup — no default login ships in the image.

Step 6 — Complete the web setup and create your administrator

Open a web browser and navigate to http://<vm-public-ip>/. On a brand-new instance Fider presents its web setup — enter your site name (for example your product or company name) and your name and email address to create the first administrator account. Fider is passwordless: it signs users in with a one-time link sent to their email address, so returning users see the sign-in dialog below.

Fider sign-in

Fider's email sign-in — a one-time link is sent to the address entered; single sign-on providers can be added later.

Once your site is set up, the feedback board is live. Visitors post suggestions in the box at the top, and the community votes and sorts ideas by trending, most voted or newest.

The Fider feedback board

The feedback board — suggestions with vote counts, filtering and sorting, and the "Enter your suggestion here" box.

Step 7 — Collect suggestions, votes and comments

Every suggestion has its own page showing the description, the list of voters, a running vote count, a status (Open, Planned, Started, Completed, Declined) and a threaded discussion. Administrators can respond, change status, tag and merge duplicate posts.

A Fider suggestion with votes and discussion

A single suggestion — its description, voters, vote count, status and comment thread.

The site's setup page redirects there automatically until your administrator account is created:

curl -s -o /dev/null -w 'home page -> HTTP %{http_code}\n' http://127.0.0.1/

Step 8 — Administer your site

Sign in as the administrator and open Settings to reach the administration console — general settings and your board title, privacy (public or private board), users and roles, tags, invitations, authentication (email and SSO providers such as Microsoft Entra ID, Google and GitHub), webhooks, and a full data export.

Fider administration console

The administration console — general settings, privacy, users, tags, invitations, authentication, webhooks and export.

Step 9 — Configure your SMTP server (bring your own)

Fider uses email for one-time sign-in links and notifications, so configure a real SMTP server before inviting users. The image ships EMAIL_NOREPLY set and a placeholder SMTP host so the app boots, but no mail is deliverable until you provide real settings. Edit /etc/fider.env and set your provider's host, port and credentials — Azure Communication Services, Amazon SES, SendGrid, Mailgun, a corporate relay, or any SMTP endpoint:

sudo sed -i \
  -e 's|^EMAIL_SMTP_HOST=.*|EMAIL_SMTP_HOST=smtp.your-provider.example|' \
  -e 's|^EMAIL_SMTP_PORT=.*|EMAIL_SMTP_PORT=587|' \
  /etc/fider.env
echo 'EMAIL_SMTP_USERNAME=<smtp-username>' | sudo tee -a /etc/fider.env
echo 'EMAIL_SMTP_PASSWORD=<smtp-password>' | sudo tee -a /etc/fider.env
sudo systemctl restart fider.service

Security baseline

The image ships fully patched at capture time and keeps patching itself: Ubuntu's unattended-upgrades service is enabled, so security updates are installed automatically on your running VM. The Fider server and PostgreSQL sit behind nginx, which is the single network-facing entry point. Verify the state at any time:

systemctl is-enabled unattended-upgrades
grep -h . /etc/apt/apt.conf.d/20auto-upgrades
sudo ss -tlnp | grep -E ':(3000|5432) '

Security baseline — automatic updates and service listeners

Automatic security updates enabled, and the image fully patched at capture time — no held packages, zero pending updates.

Enabling HTTPS

For any production deployment serve Fider over HTTPS so sign-in links and feedback cannot be intercepted. The image ships with nginx, which certbot can configure automatically. The following assumes a DNS record pointing your fully qualified domain name at the VM's public IP address (and 443/tcp open in the NSG):

sudo apt-get update && sudo apt-get install -y certbot python3-certbot-nginx
sudo certbot --nginx -d feedback.your-domain.example \
  --non-interactive --agree-tos -m you@your-domain.example \
  --redirect

After certbot finishes, set Fider's BASE_URL to the HTTPS address so sign-in links and asset URLs use it, then restart the service:

sudo sed -i 's|^BASE_URL=.*|BASE_URL=https://feedback.your-domain.example|' /etc/fider.env
sudo systemctl restart fider.service

Backup and maintenance

Fider keeps all of its state — posts, votes, comments, users and settings — in PostgreSQL. Back it up regularly:

sudo -u postgres pg_dump fider > <backup-dir>/fider-db-$(date +%F).sql

Keep the OS patched with sudo apt update && sudo apt upgrade. To upgrade Fider, replace the contents of /opt/fider with a newer official release (binary plus the migrations, views, locale, static, dist directories and ssr.js), run cd /opt/fider && sudo -u fider ./fider migrate, and restart the service. See https://docs.fider.io/.

Support

This image is backed by 24/7 cloudimg support. Guaranteed response within 24 hours, one hour average for critical issues. Contact support@cloudimg.co.uk for help with deployment, SMTP and deliverability configuration, SSO, upgrades, TLS termination and database administration.

For general Fider questions consult the documentation at https://docs.fider.io/. Fider is licensed under the GNU AGPL-3.0 and is a trademark of its respective owner; use here is nominative and does not imply affiliation or endorsement. All product and company names are trademarks or registered trademarks of their respective holders.