Skip to content

System Requirements

This page summarizes the technical system requirements for running the Identity Operations Platform with Docker Compose.

The requirements are derived from the containerized production installation model described in the Installation Guide and from the service topology in compose.yaml.

Scope

This guidance is intended for customer-managed production deployments using Docker Compose. It covers host sizing, Docker runtime prerequisites, network requirements, and persistent storage requirements.

For small to medium environments, use the following baseline sizing:

  • web: at least 4 GB RAM
  • worker: at least 4 GB RAM
  • leadworker: at least 4 GB RAM
  • database (PostgreSQL): at least 4 GB RAM

Additional guidance:

  • The platform has been tested with lower resource limits, but lower limits are not the recommended production baseline.
  • Each additional worker container should be planned with an additional ~4 GB RAM.
  • Capacity planning must include all additional infrastructure containers (for example Redis, RabbitMQ, EchoHub, scheduler, and backup services).

Docker Runtime Requirements

Before installation, ensure the Docker runtime environment is available and operational:

  • Docker Engine is installed and running.
  • Docker Compose is available.
  • A writable installation directory is available.
  • The host can run Compose memory and CPU limits as configured in compose.yaml.

The production stack relies on container-level resource controls (mem_limit, memswap_limit, cpus, cpu_shares).

Required Container Topology

The production topology includes application and infrastructure services.

Core application services:

  • web
  • worker
  • leadworker
  • scheduler

Core infrastructure services:

  • database (PostgreSQL)
  • rabbitmq
  • redis
  • echohub

Backup and restore infrastructure:

  • pgbackrest
  • pgbackrest_backup
  • pgbackrest_check
  • pgbackrest_restore (restore workflow)

Persistent Storage Requirements

The Docker host must provide reliable persistent volume storage for:

  • pg_data
  • pg_backrest_repo
  • pg_backrest_spool
  • redis

The host must also persist and protect the generated ./secrets directory. Losing this directory can make encrypted data permanently unrecoverable.

Required Secret Material

compose.yaml requires secret files under ./secrets, including:

  • application and token secrets
  • database credentials and encryption/integrity keys
  • Redis and RabbitMQ credentials
  • TLS key/certificate/DH parameter files for the web service
  • audit signing key pair

All required secret files are generated by the installation flow and must be backed up securely.

Network and Port Requirements

Published inbound ports (by default):

  • ${HTTP_PORT:-9080} -> container port 8080 (web)
  • ${HTTPS_PORT:-9443} -> container port 8443 (web)

Infrastructure services communicate internally on the Docker network. Direct external publishing of database, Redis, and RabbitMQ is not required for normal operation.

If the platform is deployed behind a reverse proxy or load balancer, configure TRUSTED_PROXIES to the actual proxy source addresses.

Operational Readiness Checklist

Before go-live, validate:

  1. Host sizing reflects the 4-GB baseline for web, worker, leadworker, and database.
  2. Additional worker scaling capacity is planned (about 4 GB RAM per additional worker).
  3. Persistent volumes for database and backup data are available and monitored.
  4. The ./secrets directory is backed up and access-protected.
  5. Required ingress ports and proxy forwarding settings are correctly configured.