The easiest way to install the main component of Shadow Daemon - the background server - is to use the packet manager of your distribution or Docker.

Debian / Ubuntu

The package is still awaiting sponsorship, so it is not possible to install it with apt-get from the official repositories yet. Please download and install the deb package manually instead.

dpkg -i shadowd_2.*.deb
apt-get -f install

On Ubuntu you can also use PPA to install the package:

add-apt-repository ppa:zit-hb/shadowd
apt-get update
apt-get install shadowd

Red Hat / CentOS

The package is still awaiting sponsorship, so it is not possible to install it with yum from the official repositories yet. Please download and install the rpm package manually instead. For some of the dependencies you will need the EPEL repository (extra packages for enterprise linux).

yum install epel-release
yum localinstall shadowd-2.*.rpm
systemctl enable shadowd


You can also use Docker to download and install shadowd. This is a good solution for distributions with outdated packets.

Option 1: Docker for everything

This is the easiest and fastest way to completely install Shadow Daemon (except connectors). So if you are using Docker anyway why not use it for everything?

docker pull zecure/shadowd_database
docker run -d --name shadowd_database zecure/shadowd_database
docker pull zecure/shadowd_ui
docker run -d -p 1337:80 --link shadowd_database:db zecure/shadowd_ui
docker pull zecure/shadowd
docker run -d -p 9115:9115 --link shadowd_database:db zecure/shadowd

Docker specifics

You will not have to add a new user, because the database container ships with a default user account: the username and password are admin. Make sure to change it as soon as possible.

If you choose this method you can directly jump to the usage of the interface. You can access the web interface on port 1337.

Option 2: Docker for shadowd

If you only want to use Docker for shadowd you simply have to run:

wget -r -nd --no-parent
vim shadowd.ini
docker build -t shadowd_custom .
docker run -d -p 9115:9115 shadowd_custom

This creates a new image based on zecure/shadowd with a customized configuration file and starts it.


If you do not can or do not want to use a package you can also install shadowd manually by compiling it from source. If you are using a package you can skip this section and directly jump to the setup of the database.


The server is written in C++. To compile it on a Unix-like system you need the following tools.

  • g++
  • make
  • cmake

Several libraries are also required.

  • libssl
  • libboost
    • asio
    • thread
    • regex
    • program options
  • libjsoncpp
  • libcrypto++
  • libdbi
  • libdbd-mysql / libdbd-pgsql


Stable releases of the source code can be found at the download page or at Github.

git clone


Use cmake to configure and prepare the project. It is a good idea to create a separate directory for this. A typical installation might look like this.

mkdir build
cd build


If cmake is successful it creates a makefile. Use it to compile and install the project.

make shadowd
make install


If you compile shadowd from source it will not start automatically on boot, so you will have to set up the autostart manually as well. How exactly this is done depends on your operating system. You can find init scripts for the most common Linux distributions in the packaging repository.

It is recommended to not run shadowd with root privileges, so you should add a new user and group.

useradd shadowd

This user needs access to the configuration file.

chown root:shadowd /etc/shadowd/shadowd.ini
chmod 640 /etc/shadowd/shadowd.ini


Install and configure a database server. At the moment shadowd officially supports PostgreSQL and MySQL. Afterwards create a new user and database for shadowd and import the correct layout.

If you are using PostgreSQL you can use psql to import the layout.

psql -Ushadowd shadowd < /usr/share/shadowd/pgsql_layout.sql

If you are using MySQL you can use mysql to import the layout. The user requires the CREATE ROUTINE privilege.

mysql -ushadowd -p shadowd < /usr/share/shadowd/mysql_layout.sql


The installer creates a configuration file at /etc/shadowd/shadowd.ini that has to be edited. The file is annotated and should be self-explanatory.

Verify the file permissions!

The configuration file contains your database password, so make sure that it is only readable by the shadowd user.

What’s next?

You have to install the user interface to add profiles and rules for web applications.