Un
Applications Azure

Unleash on Ubuntu 24.04 on Azure User Guide

| Product: Unleash on Ubuntu 24.04 LTS on Azure

Overview

Unleash is a leading open source feature flag and feature management platform. From an ordinary browser your team can create feature flags, run gradual rollouts and A/B tests, target and segment users, flip kill switches, manage flags across environments, and wire up SDKs for every language. The cloudimg image ships the open source Unleash server 8.0.3 (the AGPL 3.0 edition, not Unleash Enterprise) running on Node.js 22 LTS behind an nginx reverse proxy on port 80, on a hardened, fully patched Ubuntu 24.04 LTS base, together with a bundled local PostgreSQL 16 backend so the appliance is complete and useful on its own. The Unleash server listens only on the loopback interface (127.0.0.1:4242) and PostgreSQL only on 127.0.0.1:5432, with the entire datastore kept on a dedicated Azure data disk. A unique administrator password is generated on the first boot of every VM, and the well known default password is rotated away. Backed by 24/7 cloudimg support.

What is included:

  • Unleash open source server 8.0.3 (AGPL 3.0) on Node.js 22 LTS, managed by systemd
  • A bundled PostgreSQL 16 backend holding the Unleash datastore, already installed and ready
  • The Unleash React web console on :80 behind an nginx reverse proxy
  • A per VM administrator password generated on first boot and recorded in a root only file
  • The well known default credential (admin / unleash4all) rotated away and rejected on every VM
  • Unleash bound to 127.0.0.1:4242 and PostgreSQL to 127.0.0.1:5432, never exposed to the network
  • A dedicated Azure data disk holding the PostgreSQL datastore at /var/lib/postgresql
  • A ready to use default project with example feature flags to explore
  • postgresql@16-main.service, unleash.service and nginx.service as enabled systemd units
  • An unauthenticated /healthz endpoint for Azure Load Balancer health probes
  • 24/7 cloudimg support

Prerequisites

An active Azure subscription, an SSH key pair, and a VNet plus subnet in the target region. Standard_B2s (2 vCPU / 4 GiB RAM) is a sensible starting point; size up for more environments, more SDK clients or heavier evaluation traffic. NSG inbound: allow 22/tcp from your management network and 80/tcp for the web console. Unleash serves plain HTTP on port 80; for production, terminate TLS in front of it with your own domain. The bundled PostgreSQL is never exposed: it listens on 127.0.0.1 only, so port 5432 stays off the network, as does the Unleash server port 4242.

Step 1 - Deploy from the Azure Marketplace

Sign in to the Azure Portal, choose Create a resource, search the Marketplace for Unleash by cloudimg, and select Create. On Basics pick your subscription, resource group, region and size; under Administrator account choose SSH public key and paste your key; under Inbound port rules allow SSH (22) and HTTP (80). Review the dedicated data disk on the Disks tab, then Review + create then Create.

Step 2 - Deploy from the Azure CLI

az vm create \
  --resource-group <your-rg> \
  --name unleash \
  --image <marketplace-image-urn> \
  --size Standard_B2s \
  --admin-username azureuser \
  --generate-ssh-keys \
  --public-ip-sku Standard

Then open port 80 to the web console:

az vm open-port --resource-group <your-rg> --name unleash --port 80

Step 3 - Confirm the services are running

SSH in as azureuser and confirm PostgreSQL, the Unleash server and nginx are all active. Note that PostgreSQL listens only on 127.0.0.1:5432 and the Unleash Node server only on 127.0.0.1:4242, while nginx serves the web console on port 80.

systemctl is-active postgresql@16-main unleash nginx
ss -tlnp | grep -E ':80 |:4242 |:5432 ' | sed 's/  */ /g'

The postgresql, unleash and nginx services active, with nginx on port 80 and both the Unleash server and PostgreSQL bound to loopback

Step 4 - Retrieve the per VM administrator password

Every VM generates its own Unleash administrator password on first boot and writes it, along with the login user and URL, to a root only credentials file. Read it with sudo:

sudo cat /root/unleash-credentials.txt

The per VM Unleash credentials file, showing the admin user, the generated password and the Unleash URL

You sign in to the Unleash web console as user admin with the UNLEASH_ADMIN_PASSWORD from this file. The well known default password unleash4all has been rotated away and is rejected. On the box itself you can also run sudo -u postgres psql -d unleash to reach the database directly over the local socket without a password.

Step 5 - Sign in to the Unleash web console

Browse to http://<your-vm-public-ip>/ and sign in with the user and password from Step 4. The Unleash console opens the sign in page shown below.

The Unleash sign in page served on port 80

Step 6 - Explore feature flags in the default project

The image ships with a ready to use Default project containing a few example feature flags so you can explore straight away. Open Projects then Default to see the feature flags list, create new flags with New feature flag, and manage each flag across your environments.

The Default project overview in the Unleash console listing the example feature flags

Step 7 - Configure a rollout strategy

Open a feature flag to manage how it is enabled per environment. Unleash supports gradual rollouts, targeting and segmentation, variants for A/B testing, and kill switches. The example new-checkout-flow flag below has a gradual rollout strategy applied in the development environment.

A feature flag detail view showing the environment toggles and a gradual rollout strategy

Step 8 - Manage projects

Projects group your feature flags and control access. The Projects overview lists every project with its flag count and activity. Create additional projects to separate teams or applications.

The Projects overview page listing the Default project with its flag count

Step 9 - The rotated default credential

Unleash normally seeds a well known default administrator, admin / unleash4all. On the cloudimg image that default is secured: the administrator password is rotated to a unique per VM secret on first boot, and the well known default is rejected. You can prove both facts on the box with the bundled round trip check, which signs in with the per VM password and confirms the default is refused.

sudo bash /usr/local/sbin/unleash-cred-roundtrip.sh

The credential round trip proving the per VM admin authenticates and the default admin/unleash4all is rejected with HTTP 401

Step 10 - Versions, health and storage

Confirm the Node.js and Unleash versions, the health endpoints and the dedicated data disk. The unauthenticated /healthz endpoint returns ok for Azure Load Balancer probes, while Unleash's own /health reports the server status. The entire datastore lives on the dedicated PostgreSQL data disk mounted at /var/lib/postgresql.

curl -s http://127.0.0.1/healthz
findmnt -no SOURCE,TARGET,FSTYPE,SIZE /var/lib/postgresql

The Node and Unleash versions, the healthz and health endpoints, and the dedicated PostgreSQL data disk

Connect an SDK

Once you have a flag, create an API token from Admin settings then API access, and point one of the Unleash SDKs at http://<your-vm-public-ip>/api/ with that token. Unleash provides SDKs for Node.js, Java, Go, Python, Ruby, .NET, PHP, Rust and more, plus front end proxy options. See the SDK documentation at docs.getunleash.io for language specific setup.

Where your data lives

The Unleash application code and Node modules live on the OS disk under /opt/unleash. The complete Unleash datastore, the PostgreSQL cluster holding your projects, feature flags, strategies, users and events, lives on a dedicated Azure data disk mounted at /var/lib/postgresql. Because the data disk is captured into the image and re provisioned with every VM, and is independently resizable, your feature flag data is kept separate from the operating system disk. PostgreSQL is bound to 127.0.0.1:5432 and is never exposed to the network; for on box maintenance use sudo -u postgres psql -d unleash.

Production notes

For production, put your own domain and a TLS certificate in front of Unleash by terminating HTTPS at nginx or an Azure Application Gateway, and restrict the NSG so only the ports you need are open. Take regular backups of the PostgreSQL database. Keep the VM patched; the image ships with unattended security upgrades enabled.

Licensing and trademark

This image ships the open source Unleash server (AGPL 3.0), not Unleash Enterprise. cloudimg is not affiliated with or endorsed by the Unleash project or Bricks Software AS. Unleash is a trademark of its respective owner.

Support

cloudimg provides 24/7 support for this image. Contact support@cloudimg.co.uk for help with deployment, configuration or scaling.