Skip to content

Deployment

Deploy AegisAI to your infrastructure using Docker Compose for development and staging, or a VPS with Docker for production.

Deployment Methods

Method Complexity Best For
Docker Compose Low Development, staging, small teams
VPS Medium Production, single-server deployments

Architecture Overview

flowchart TB
    subgraph Production
        RP[Reverse Proxy<br/>Nginx / Caddy]
        FE[Frontend<br/>static files]
        API[FastAPI :8000]
        PG[(PostgreSQL 15)]
        RD[(Redis 7)]
        OPA[OPA :8181]
    end

    RP --> FE
    RP --> API
    API --> PG & RD & OPA

System Requirements

Minimum (Development)

Resource Specification
CPU 2 cores
RAM 4 GB
Disk 20 GB SSD
OS Linux (Ubuntu 22.04+, Debian 12+)
Resource Specification
CPU 4+ cores
RAM 8+ GB
Disk 100+ GB SSD
OS Linux with Docker 24+
Network Static IP, DNS, TLS certificate

Services

Service Image Port Purpose
postgres postgres:15-alpine 5432 Primary database
redis redis:7-alpine 6379 Pub/sub, caching
opa openpolicyagent/opa:0.68.0 8181 Policy engine
app Built from Dockerfile 8000 FastAPI backend
frontend Built from frontend/Dockerfile 5173 Vite dashboard

Deployment Steps

  1. Prepare server — install Docker, configure firewall
  2. Clone repositorygit clone and configure .env
  3. Set secrets — change all default passwords and keys
  4. Start servicesdocker compose up -d --build
  5. Verify health — check /api/v1/health/ready
  6. Create tenants — provision organizations
  7. Configure TLS — set up reverse proxy with HTTPS
  8. Set up monitoring — health checks and alerting
  9. Configure backups — automated PostgreSQL backups

Environment Configuration

Critical environment variables for production:

DATABASE_URL=postgresql+asyncpg://aegisai:STRONG_PASS@postgres:5432/aegisai
REDIS_URL=redis://redis:6379/0
SECRET_KEY=<256-bit-random-string>
ADMIN_API_KEY=<strong-random-key>
OPA_ENABLED=true
OPA_URL=http://opa:8181
ENVIRONMENT=production
AUDIT_SIGNING_ENABLED=true
WEBHOOK_SECRET=<strong-random-key>
SUPER_ADMIN_EMAIL=admin@yourcompany.com
SUPER_ADMIN_PASSWORD=<strong-password>
LOG_LEVEL=INFO
ENABLE_GUARD=true

Post-Deployment Checklist

  • [ ] All services healthy (docker compose ps)
  • [ ] Readiness check passes (/api/v1/health/ready)
  • [ ] Guard health OK (/api/v1/guard/health) when ENABLE_GUARD=true
  • [ ] Super-admin can log in at frontend URL
  • [ ] OPA policies loaded (check app startup logs; includes guard)
  • [ ] TLS certificate valid
  • [ ] Default credentials changed
  • [ ] Backup cron job configured
  • [ ] Monitoring alerts configured
  • [ ] Firewall allows only 80/443

Guides