Updating DFIRe

Keep your DFIRe installation up to date with the latest features and security fixes.

Overview

DFIRe is distributed as Docker images tagged with :latest. The recommended update method uses the installation script, which handles pulling new images, regenerating configuration files (to pick up new services or changes), and restarting all containers.

Data Safety: Your database and file storage are stored in Docker volumes, which are preserved during updates. The update process does not affect your investigation data.

Before You Update

1. Back Up Your Data

Before any update, ensure you have recent backups of:

  • Your PostgreSQL database
  • Your file storage (local volumes, S3, or SMB)
  • Your .env configuration file

See Backup & Recovery for detailed backup procedures.

2. Check for Breaking Changes

Review the release notes for any breaking changes or migration steps that may be required. Release notes are published on the DFIRe website and in the application's changelog.

3. Plan for Downtime

The update process requires stopping DFIRe briefly. Plan updates during maintenance windows when users are not actively working on cases.

Recommended: Update Using the Installation Script

The recommended way to update DFIRe is to download the latest installation script and run the upgrade option. This ensures your Docker Compose configuration is regenerated to include any new services or configuration changes introduced in the update.

  1. Download the latest installation script 
    cd /opt/dfire
curl -fsSL https://dfire.fi/install.sh -o install.sh
chmod +x install.sh
  2. Run the script 
    sudo ./install.sh

    The script will detect your existing installation and present upgrade options.

  3. Select option 1: Upgrade in place

    This option:

    • Reads your existing .env configuration
    • Stops and removes existing containers (volumes are preserved)
    • Regenerates the Docker Compose files to pick up any new services or changes
    • Pulls the latest Docker images
    • Starts all services and waits for the health check to pass
  4. Verify the update

    The script will show the container status after startup. You can also check manually:

    docker compose -f docker-compose.prod.yml ps

Why use the script? Manual updates (just pulling images) can miss important changes such as new containers, updated Docker Compose configuration, or modified nginx settings. The installation script regenerates these files automatically.

Air-Gapped / Offline Updates

For environments without internet access, updates must be applied manually by transferring new Docker images.

  1. On a connected system, pull and save the latest images 
    docker pull dfireadmin/dfire-backend:latest
docker pull dfireadmin/dfire-frontend:latest

docker save dfireadmin/dfire-backend:latest -o dfire-backend.tar
docker save dfireadmin/dfire-frontend:latest -o dfire-frontend.tar
  2. Transfer the tar files to the air-gapped system

    Use approved media to transfer the image files to the isolated environment.

  3. Load the new images 
    docker load -i dfire-backend.tar
docker load -i dfire-frontend.tar
  4. Restart services 
    cd /opt/dfire
docker compose -f docker-compose.prod.yml down
docker compose -f docker-compose.prod.yml up -d
  5. Verify the update 
    docker compose -f docker-compose.prod.yml ps
docker compose -f docker-compose.prod.yml logs -f backend

Compose file changes: If the release notes mention new services or Docker Compose changes, you will also need to transfer the latest install.sh to the air-gapped system, run it, and select the upgrade option to regenerate the Compose files before restarting.

Database Migrations

DFIRe automatically runs database migrations when the application starts. After updating, the first startup may take slightly longer as migrations are applied.

You can monitor the migration progress in the logs:

docker compose -f docker-compose.prod.yml logs -f backend

Look for messages indicating migrations have completed successfully before accessing the application.

Checking Your Version

After updating, you can verify which version is running:

  • The version number is displayed in the application footer
  • Administrators can see version details in Settings > Tenant > Identity

Rolling Back

If you encounter issues after updating, you can roll back to a previous version:

1. Stop the Current Containers

docker compose -f docker-compose.prod.yml down

2. Restore Your Database Backup

Restore your database from the backup you made before updating. Follow your database provider's restore procedure.

3. Pull a Specific Version

If you need a specific version, you can modify your .env to use a tagged version instead of :latest:

DFIRE_BACKEND_IMAGE=dfireadmin/dfire-backend:1.2.0
DFIRE_FRONTEND_IMAGE=dfireadmin/dfire-frontend:1.2.0

Contact support for available version tags.

4. Start the Previous Version

docker compose -f docker-compose.prod.yml up -d

Important: Rolling back after database migrations may require restoring from backup. Do not attempt to run an older version of DFIRe against a database that has been migrated to a newer schema.

Troubleshooting

Containers Won't Start

Check the logs for error messages:

docker compose -f docker-compose.prod.yml logs

Common issues include:

  • Database connection errors — Ensure your PostgreSQL server is running and accessible
  • Port conflicts — Check if another service is using the same ports
  • Missing environment variables — Verify your .env file is complete

Application Errors After Update

If the application starts but shows errors:

  1. Clear your browser cache and cookies for the DFIRe domain
  2. Check that migrations completed successfully in the logs
  3. Verify your license is still valid

Getting Help

If you encounter issues during updates, contact contact@dfire.fi with:

  • The version you were updating from
  • Any error messages from the logs
  • Your deployment environment details