RIDING BYTES
← All insights

December 30, 2024 · 12 min read

Install SENAITE LIMS on a fresh Ubuntu 24.04 server

A production-leaning install of SENAITE on Ubuntu 24.04. System dependencies, buildout, a Plone admin account, and a systemd service that survives reboots.

Install SENAITE LIMS on a fresh Ubuntu 24.04 server

Docker is the right answer for evaluation. For production, most labs run SENAITE directly on a Linux server. The reasons are backup procedures, predictable performance, easy integration with instrument interfaces on the same network, and the operational familiarity of a normal Linux service.

This guide walks through a fresh Ubuntu 24.04 LTS server and ends with a SENAITE process under systemd, fronted by nginx, with the ZODB sitting on a disk you can snapshot. It is not the only correct way to install SENAITE. It is the way we deploy it.

What you need

  • A server with Ubuntu 24.04 LTS, 4 GB RAM minimum, 8 GB recommended.
  • Root SSH access.
  • A DNS name pointing at the server if you want HTTPS (you do).
  • 30 to 45 minutes.

Update the base system

sudo apt update && sudo apt upgrade -y
sudo apt install -y build-essential git curl

Install Python and the build dependencies

SENAITE 2.x runs on Python 3.10+. Ubuntu 24.04 ships Python 3.12, which works.

sudo apt install -y \
  python3 python3-venv python3-dev \
  libxml2-dev libxslt1-dev libjpeg-dev zlib1g-dev \
  libssl-dev libffi-dev \
  libopenjp2-7-dev libtiff-dev libfreetype6-dev \
  libpq-dev

The image libraries are needed for PDF report generation. The PostgreSQL client header is optional but harmless.

Create a dedicated system user

Running anything as root that does not need to be is bad practice.

sudo adduser --system --group --home /opt/senaite senaite
sudo -u senaite -H mkdir -p /opt/senaite/instance

Clone and bootstrap the buildout

SENAITE deploys via zc.buildout. The canonical entry point is the senaite/senaite.docker repo, which ships the same buildout configuration the Docker image uses.

sudo -u senaite -H bash -c '
  cd /opt/senaite/instance
  git clone https://github.com/senaite/senaite.docker.git .
  python3 -m venv venv
  source venv/bin/activate
  pip install --upgrade pip setuptools wheel
  pip install -r requirements.txt
  buildout
'

The buildout step pulls SENAITE and its dependencies, compiles extensions, and produces a bin/instance executable. On a fresh server this takes ten to twenty minutes the first time. Coffee break.

Create the Plone admin user

sudo -u senaite -H /opt/senaite/instance/bin/instance \
  adduser admin <a-strong-password>

This writes an admin entry into /opt/senaite/instance/var/inituser which Plone reads on first start. Pick a strong password and store it in the password manager you will actually find it in later.

Run it once in the foreground

sudo -u senaite -H /opt/senaite/instance/bin/instance fg

You will see Zope and Plone startup logging end in something like INFO Zope Ready to handle requests. Hit Ctrl+C to stop.

If you saw an error before that, the most common cause is a missing system library from the apt step above. Read the trace, install the lib, run again.

Put it under systemd

Create /etc/systemd/system/senaite.service:

[Unit]
Description=SENAITE LIMS Zope instance
After=network.target

[Service]
Type=simple
User=senaite
Group=senaite
WorkingDirectory=/opt/senaite/instance
ExecStart=/opt/senaite/instance/bin/instance fg
Restart=on-failure
RestartSec=10

[Install]
WantedBy=multi-user.target

Reload, enable, start, and check:

sudo systemctl daemon-reload
sudo systemctl enable senaite
sudo systemctl start senaite
sudo systemctl status senaite

status should show active (running) and SENAITE listening on port 8080.

Front it with nginx and HTTPS

Install nginx and certbot:

sudo apt install -y nginx certbot python3-certbot-nginx

Drop /etc/nginx/sites-available/senaite:

server {
    server_name senaite.your-lab.example;

    location / {
        proxy_pass http://127.0.0.1:8080/VirtualHostBase/https/$host:443/senaite/VirtualHostRoot/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_read_timeout 300s;
        client_max_body_size 50M;
    }

    listen 80;
}

The VirtualHostBase/.../VirtualHostRoot block is Zope’s virtual hosting trick: it rewrites generated URLs so visitors see clean paths without /senaite/ in them.

Enable and get a certificate:

sudo ln -s /etc/nginx/sites-available/senaite \
  /etc/nginx/sites-enabled/senaite
sudo nginx -t && sudo systemctl reload nginx
sudo certbot --nginx -d senaite.your-lab.example

Certbot reads the nginx config, requests a Let’s Encrypt certificate, and rewrites the server block to listen on 443 with HSTS.

First login

Open https://senaite.your-lab.example and log in as the admin user you created above. Navigate to the SENAITE site at /senaite. From here you can install the demo profile (see Provision SENAITE with demo data), or start configuring real clients, sample types, and analysis services.

What comes next

A running SENAITE under systemd behind nginx is the beginning. For production you still need:

  • Backups. ZODB packs and offsite snapshots. SENAITE Care Essential covers this from EUR 300 per month.
  • Monitoring. Database consistency, response times, scheduled task execution. See Why your SENAITE LIMS needs proactive monitoring.
  • Security updates. OS and SENAITE itself.
  • Instrument integration. Your analysers, your protocols.
  • Configuration of the actual workflow.

We do all of this as our day job under SENAITE Care and custom development. If installing the server was the easy part and the rest looks like work, talk to us.

Keep reading

More from the team

Article 01
SENAITE speaks HL7: senaite.astm 2.0

senaite.astm 2.0 ships an HL7 v2 over MLLP server alongside ASTM, feeds both into SENAITE through a single push consumer, and adds capture-only mode, PHI scrubbing, /stats, and production hardening.
Article 02
Why your SENAITE LIMS needs proactive monitoring

A real case: a single corrupted ZODB record blocked nightly garbage collection for months. The lab never knew. This is what HealthWatch is for.
Article 03
Introducing SENAITY: anomaly QA for SENAITE LIMS

SENAITY catches bad lab results before they leave your lab. ML-based anomaly detection, on-premise Docker, free OSS tier or Lab plan from EUR 490 per month.

Bring this to your lab

Whether you are evaluating SENAITE, scaling it across sites, or wiring up instruments and monitoring, the team that wrote the platform is the team you talk to.

Start a conversation

Imprint

Responsible for the content

RIDING BYTES GmbH
Würzburger Straße 81
90766 Fürth
Germany

Tel.: +49 911 974 930 90
Email: rb@ridingbytes.com
Web: https://www.ridingbytes.com

Management

Ramon Bartl, Dipl.-Inform. (FH), MBA
Geschäftsleitung | Managing Director

Commercial register

RegistergerichtAmtsgericht Fürth
RegisternummerHRB 17318
USt-IdDE301668607

EU dispute resolution

The European Commission provides an online dispute-resolution platform at https://ec.europa.eu/consumers/odr. We are not obliged and not willing to participate in dispute-resolution proceedings before a consumer-arbitration body.

Privacy Policy

Last updated: 2026-06-04.

This is a plain static website. It runs no analytics, no advertising, no tracking pixels, no third-party tracking, no session cookies, and no remarketing. The only personal data we ever receive from this site is what you voluntarily type into our contact form.

Data controller

RIDING BYTES GmbH, Würzburger Straße 81, 90766 Fürth, Germany. Managing Director: Ramon Bartl. Contact: rb@ridingbytes.com, +49 911 974 930 90. Full details in the imprint.

What we collect

When you submit the contact form on /contact/, we receive:

That is the entire set. We do not collect your IP address, browser type, referrer, location, or any other metadata about your visit.

We process the data you submit to answer your enquiry. The legal basis is Art. 6(1)(b) GDPR (steps prior to entering a contract at your request) and, where the message is unrelated to a contract, Art. 6(1)(f) GDPR (legitimate interest in answering business correspondence).

How long we keep it

Contact-form messages live in our business inbox like any other business email. We retain them as long as the conversation may plausibly require a follow-up, and at most for the German tax / commercial-law retention periods for business correspondence (typically 6 to 10 years under §§ 257 HGB, 147 AO when the message forms part of a contractual relationship). When neither applies, we delete on request.

Processors

The contact form is delivered via Formspree (Formspree Inc., 2261 Market Street #4067, San Francisco, CA 94114, USA), which receives the form contents from your browser and forwards them to our inbox. A Data Processing Agreement is in place. Formspree’s privacy policy: https://formspree.io/legal/privacy-policy/

The website is hosted in the EU on infrastructure operated by Hostinger (Hostinger International Ltd.). Hostinger only sees the traffic required to serve the static files; we do not keep logs that identify individual visitors.

What we do not do

Webfont

We load the Nunito Sans webfont from Google Fonts. Google receives your IP address when the font is loaded. If you’d rather avoid that, any browser extension that blocks third-party requests (uBlock Origin, NoScript, etc.) prevents it; the site renders fine with a system fallback font.

Map on the contact page

The contact page embeds a map tile served by OpenStreetMap Foundation (St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom). When the page loads, your browser fetches the map tiles directly from openstreetmap.org. The foundation receives your IP address in the standard web-server log. No cookies are set, no tracking pixels are loaded.

Embedded YouTube videos

A few blog posts include a YouTube video. We do not load the video automatically. You see a static preview image hosted on our own server, and the YouTube player only loads after you click the play button.

When you click play, your browser connects to YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google receives your IP address, the URL you came from, and may set cookies. We use the privacy-enhanced youtube-nocookie.com domain, which suppresses tracking cookies until you interact with the player, but the IP transfer cannot be avoided.

You can revoke consent at any time by reloading the page; no YouTube connection will be made again until you click play.

Your rights

Under the GDPR you have the right to:

To exercise any of these rights, email rb@ridingbytes.com. We respond within one month, free of charge.

Changes to this policy

If we change this policy materially, we update the “Last updated” date at the top. Past versions are not archived publicly; ask if you need one.

Terms of Use

Last updated: 2026-06-04.

These Terms of Use (“Terms”) apply to your access of, and use of, the ridingbytes.com website. Services purchased separately (consulting, development, training, hosting, SENAITE Care, SENAITY) are governed by individual written contracts, not by these Terms.

1. Operator

RIDING BYTES GmbH, Würzburger Straße 81, 90766 Fürth, Germany. Managing Director: Ramon Bartl. Contact: rb@ridingbytes.com, +49 911 974 930 90. Registergericht Amtsgericht Fürth, HRB 17318. USt-Id DE301668607.

2. Scope

This website is informational. It describes our services, our work on the open-source SENAITE LIMS project, and provides a contact form. No sales, contracts, or payment transactions occur through this website. Engagements are entered into via separate written agreement.

3. Use of the website

You agree to use this website only for lawful purposes. You must not:

4. SENAITE LIMS

References to SENAITE LIMS on this site point to the upstream open-source project at https://github.com/senaite, which is licensed under the GNU General Public License v2 (GPLv2). Nothing on this site grants you a licence beyond what GPLv2 already provides. Our own contributions to SENAITE are released under the same licence.

5. Intellectual property

The text and visual design of this website, the brand mark, and the logo are property of RIDING BYTES GmbH. The four lab background clips used in the hero are property of their respective owners and used under our licence. Do not reproduce or redistribute the contents of this site without prior written permission.

The Nunito Sans webfont (loaded from Google Fonts) is licensed under the SIL Open Font License.

The site may link to third-party websites (GitHub, SENAITE, senaity.com, partner pages). We are not responsible for the content, privacy practices, or availability of any third-party site.

7. No warranty

The website is provided “as is” without warranty of any kind, express or implied. We do not warrant that the site will be uninterrupted, error-free, or free of viruses or other harmful components. To the maximum extent permitted by law, we disclaim all implied warranties, including merchantability and fitness for a particular purpose.

8. Limitation of liability

We are liable for intent and gross negligence without limitation. For slight negligence, we are liable only for the breach of a material contractual obligation (Kardinalpflicht), and only for foreseeable, typical contractual damages. The limitations above do not apply to claims arising from death, personal injury, or mandatory provisions of the German Product Liability Act.

9. Data protection

How we handle data submitted through the contact form is described in the Privacy Policy. We do not set cookies — see the Cookie Policy for details.

10. Governing law and jurisdiction

These Terms are governed by the laws of the Federal Republic of Germany, excluding the conflict-of-laws rules and the UN Convention on the International Sale of Goods (CISG). Place of jurisdiction for disputes arising from or in connection with these Terms is Fürth, Germany, unless mandatory consumer-protection law provides otherwise.

11. Severability

If any provision of these Terms is held to be unenforceable, the remaining provisions remain in full effect.

12. Changes to these Terms

We may update these Terms from time to time. Material changes will be reflected in the “Last updated” date at the top. Continued use of the website after a change constitutes acceptance.

Contact

Questions about these Terms: rb@ridingbytes.com.

Cookie Policy

Last updated: 2026-06-04.

We do not set cookies

This website does not set any cookies. No session cookies, no analytics cookies, no preference cookies, no third-party cookies, no consent banner required.

We do use one localStorage entry

We store a single value in your browser’s local storage:

KeyValuePurpose
rb-theme"light" or "dark"Remembers your light/dark theme choice between visits.
rb-lang-pref"auto" or "user"Remembers whether we already auto-detected your language preference, or whether you picked a language yourself. Prevents us from overriding your choice.

localStorage is not a cookie. It is per-origin, not transmitted in HTTP requests, and we cannot read it server-side. You can clear it at any time in your browser’s developer tools or site-data settings.

We do not use these things either

Third-party requests

Three third-party requests can happen, only one of them automatically:

  1. Google Fonts delivers the Nunito Sans webfont. Google receives your IP address as part of the HTTP request. We do not send Google any additional information. No cookie set.
  2. Formspree receives the contact form contents only after you explicitly submit the form. No cookie set.
  3. OpenStreetMap delivers the map tile on the contact page. OpenStreetMap receives your IP address as part of the HTTP request. No cookie is set. See the privacy policy for the full details.
  4. YouTube is not loaded automatically. Blog posts that include a video show a locally hosted preview image. The YouTube player and any YouTube cookies are only loaded after you click the play button. See the privacy policy for the full details.

Questions

Email rb@ridingbytes.com. We respond within one month.