Notakey appliance is primary built for RancherOS and support for Ubuntu is added only in the latest few versions. 

1. Install Ubuntu VM with open SSH server

2. Install Docker:

3. Add user to the docker group

sudo usermod -aG docker $USER

4. Disable cloud-init

sudo touch /etc/cloud/cloud-init.disabled
sudo init 6

5. Launch Notakey appliance installer

docker run -it \
    --privileged \
    --net=host \
    -e NTK_USER=root \
    -v /var/run/docker.sock:/var/run/docker.sock:rw \
    -v /:/appliancehost \
notakey/cfg:latest install

     _______          __          __
     \      \   _____/  |______  |  | __ ____ ___.__.
     /   |   \ /  _ \   __\__  \ |  |/ // __ <   |  |
    /    |    (  <_> )  |  / __ \|    <\  ___/\___  |
    \____|__  /\____/|__| (____  /__|_ \\___  > ____|
            \/                 \/     \/    \/\/

    Welcome to the Notakey Authentication Appliance
    installation wizard.

    This wizard will install required utilities for appliance

    Do you wish to continue? (y/n): y
==> Detecting OS
    Detected Ubuntu 20.04
==> Determining user
    Running as root
==> Creating directories
==> Installing management utilities
==> Config already exists, skipping
==> Storing version information
==> Checking required cli version
    install: notakey/cfg:5.0.55
    running: notakey/cfg:latest
    tagging: notakey/cfg:5.0.55
==> Storing configuration
==> Installing ntk cli wrapper
==> Symlinking ntk cli
==> Updating $PATH
==> Configuring assets directory
    Assets stored in /opt/notakey/shared
    Edit /opt/notakey/cfg/.env to adjust
==> The following package versions will be downloaded
    downloading all latest packages
    cli: naa/cfg:5.0.55 (exclusive update)
    dashboard: naa/auth-server:4.0.32
    auth-proxy: naa/auth-proxy:1.0.8
    consul: naa/consul:1.9.9
    traefik: naa/traefik:1.7.33
    vrrp: keepalived:2.1.5-1
    sso: naa/sso-server:3.4.7
    redis: naa/redis:6.2.5
    cron: naa/deck-chores:1.2.0

==> Downloading from
    downloading naa/cfg:5.0.55
    downloading naa/auth-server:4.0.32
    downloading naa/auth-proxy:1.0.8
    downloading naa/consul:1.9.9
    downloading naa/traefik:1.7.33
    downloading keepalived:2.1.5-1
    downloading naa/sso-server:3.4.7
    downloading naa/redis:6.2.5
    downloading naa/deck-chores:1.2.0

==> Configuration update
    update complete
    Do you wish to run configuration wizard? (y/n): y
==> Gathering information

6. Follow documentation:

    NOTE: Node hostname must be unique within cluster and 
          must contain only alphanumeric characters and - 
          with no other punctuation or spaces.            

    Enter the node hostname [ntknode]: 

    NOTE: Datacenter / domain must be the same if assembling   
          local multi node cluster. Local cluster resides in   
          single LAN segment with unrestricted communication.  
          This value must contain only alphanumeric characters 
          and - with no other punctuation or spaces.           

    Enter the cluster datacenter name/local domain [dc]: 

    NOTE: You can specify below to join automatically an existing   
          cluster. Specifying y will start cluster locally and      
          attempt to join existing cluster by connecting to         
          specified IP address. Cluster service must be started on  
          remote host and must be in healthy state.   
          If unsure, say n, you will have a chance to do this later.

    Are you joining existing cluster? (y/n) [n]: 

    NOTE: FQDN below is used for SSL termination and will be
          used for all mobile clients to connect to this service.   
          This is not the hostname of this node in cluster.         
          Usually looks like '' where ''  
          would be your organizations domain name                   

    Enter the desired main FQDN for NAS API []:
    Enter internal cluster advertise IPv4 address []: 
    Use builtin reverse proxy for TLS termination? (y/n) [y]: 
    Use automated TLS certificate setup (Let's Encrypt?) (y/n) [n]: y
    Enter e-mail address to use for requesting TLS certificate []:
==> Please review the entered information
    Node name: ntknode
    Datacenter: dc
    External domain:
    Cluster node address:
    Use Let's Encrypt (automatic SSL): y
    E-mail for Let's Encrypt:
    Are these values OK? (y/n): y
==> Applying configuration
    acme... ok
    default configuration... ok
    starting cluster service... done (restart)
    waiting for cluster startup... ok
    host... ok
    cluster config... ok

    Next steps: 
        1. Reboot the appliance with 'ntk sys reboot' command
        2. Call 'ntk as start' to launch core authentication service

        - Use 'ntk vrrp ...' commands to configure IP failover
        - Use 'ntk sys ntp' to configure NTP service
        - Use 'ntk sys timezone Europe/Rome' to configure timezone
        - Use 'ntk backup ...' commands to backup/restore configuration
        - Use 'ntk sys update' command to update to latest version

    Please visit for detailed instructions