Deployment
Deploy AegisAI to your infrastructure using Docker Compose for development and staging, or a VPS with Docker for production.
Deployment Methods
| Method |
Complexity |
Best For |
| Docker Compose |
Low |
Development, staging, small teams |
| VPS |
Medium |
Production, single-server deployments |
Architecture Overview
flowchart TB
subgraph Production
RP[Reverse Proxy<br/>Nginx / Caddy]
FE[Frontend<br/>static files]
API[FastAPI :8000]
PG[(PostgreSQL 15)]
RD[(Redis 7)]
OPA[OPA :8181]
end
RP --> FE
RP --> API
API --> PG & RD & OPA
System Requirements
Minimum (Development)
| Resource |
Specification |
| CPU |
2 cores |
| RAM |
4 GB |
| Disk |
20 GB SSD |
| OS |
Linux (Ubuntu 22.04+, Debian 12+) |
Recommended (Production)
| Resource |
Specification |
| CPU |
4+ cores |
| RAM |
8+ GB |
| Disk |
100+ GB SSD |
| OS |
Linux with Docker 24+ |
| Network |
Static IP, DNS, TLS certificate |
Services
| Service |
Image |
Port |
Purpose |
postgres |
postgres:15-alpine |
5432 |
Primary database |
redis |
redis:7-alpine |
6379 |
Pub/sub, caching |
opa |
openpolicyagent/opa:0.68.0 |
8181 |
Policy engine |
app |
Built from Dockerfile |
8000 |
FastAPI backend |
frontend |
Built from frontend/Dockerfile |
5173 |
Vite dashboard |
Deployment Steps
- Prepare server — install Docker, configure firewall
- Clone repository —
git clone and configure .env
- Set secrets — change all default passwords and keys
- Start services —
docker compose up -d --build
- Verify health — check
/api/v1/health/ready
- Create tenants — provision organizations
- Configure TLS — set up reverse proxy with HTTPS
- Set up monitoring — health checks and alerting
- Configure backups — automated PostgreSQL backups
Environment Configuration
Critical environment variables for production:
DATABASE_URL=postgresql+asyncpg://aegisai:STRONG_PASS@postgres:5432/aegisai
REDIS_URL=redis://redis:6379/0
SECRET_KEY=<256-bit-random-string>
ADMIN_API_KEY=<strong-random-key>
OPA_ENABLED=true
OPA_URL=http://opa:8181
ENVIRONMENT=production
AUDIT_SIGNING_ENABLED=true
WEBHOOK_SECRET=<strong-random-key>
SUPER_ADMIN_EMAIL=admin@yourcompany.com
SUPER_ADMIN_PASSWORD=<strong-password>
LOG_LEVEL=INFO
ENABLE_GUARD=true
Post-Deployment Checklist
- [ ] All services healthy (
docker compose ps)
- [ ] Readiness check passes (
/api/v1/health/ready)
- [ ] Guard health OK (
/api/v1/guard/health) when ENABLE_GUARD=true
- [ ] Super-admin can log in at frontend URL
- [ ] OPA policies loaded (check app startup logs; includes
guard)
- [ ] TLS certificate valid
- [ ] Default credentials changed
- [ ] Backup cron job configured
- [ ] Monitoring alerts configured
- [ ] Firewall allows only 80/443
Guides