System Requirements
This page covers the requirements for both local development and production deployment.
Development Requirements
Section titled “Development Requirements”Required Software
Section titled “Required Software”| Software | Minimum Version | Purpose |
|---|---|---|
| Go | 1.22+ | Gateway server and CLI |
| Docker | 20.10+ | PostgreSQL and build containers |
| Docker Compose | 2.0+ | Container orchestration |
| Bun | 1.3+ | Web frontend build tool |
| mise | Latest | Environment variable management |
Optional Software
Section titled “Optional Software”| Software | Purpose |
|---|---|
| libfido2 | WebAuthn/FIDO2 support in CLI |
| Task | Task runner (recommended) |
Installation
Section titled “Installation”# Install Homebrew if not present/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
# Install required softwarebrew install gobrew install --cask dockerbrew install oven-sh/bun/bunbrew install mise
# Install optional softwarebrew install go-task/tap/go-taskbrew install libfido2# Gowget https://go.dev/dl/go1.22.0.linux-amd64.tar.gzsudo tar -C /usr/local -xzf go1.22.0.linux-amd64.tar.gzecho 'export PATH=$PATH:/usr/local/go/bin' >> ~/.bashrc
# Dockercurl -fsSL https://get.docker.com | shsudo usermod -aG docker $USER
# Buncurl -fsSL https://bun.sh/install | bash
# misecurl https://mise.jdx.dev/install.sh | sh
# Task runnersh -c "$(curl --location https://taskfile.dev/install.sh)" -- -d -b /usr/local/bin
# libfido2 (for WebAuthn CLI support)sudo apt-add-repository ppa:yubico/stablesudo apt-get updatesudo apt-get install libfido2-devIf you have the Task runner installed:
# Install all development dependencies automaticallytask dev-setupOr install Task first:
# macOSbrew install go-task/tap/go-task && task dev-setup
# Linuxcurl -sL https://taskfile.dev/install.sh | sh -s -- -b /usr/local/bin && task dev-setupProduction Requirements
Section titled “Production Requirements”Gateway Server
Section titled “Gateway Server”| Component | Requirement |
|---|---|
| CPU | 1+ vCPU |
| Memory | 512MB+ RAM |
| Disk | 100MB for application |
| OS | Linux (x86_64) |
The gateway is lightweight and can run on small instances. A single instance handles hundreds of requests per second.
Database
Section titled “Database”| Component | Requirement |
|---|---|
| PostgreSQL | 14+ |
| Storage | 1GB+ (grows with audit logs) |
| Connections | 10+ per gateway instance |
Network
Section titled “Network”| Port | Service | Access |
|---|---|---|
| 8080 (default) | Gateway API | Internal or VPN |
| 443 | HTTPS (via load balancer) | Users/CI/CD |
| 5432 | PostgreSQL | Gateway only |
Environment Configuration
Section titled “Environment Configuration”Rack Gateway uses mise for environment variable management. Configuration is stored in:
mise.toml- Project defaults (committed to git)mise.local.toml- Local overrides (gitignored)
Required Environment Variables
Section titled “Required Environment Variables”For development, the defaults in mise.toml work with mock services. For production:
# mise.local.toml (production example)
[env]# OAuthGOOGLE_CLIENT_ID = "your-client-id.apps.googleusercontent.com"GOOGLE_CLIENT_SECRET = "your-client-secret"GOOGLE_ALLOWED_DOMAIN = "your-company.com"
# DatabaseDATABASE_URL = "postgres://user:pass@host:5432/rack_gateway?sslmode=require"
# SecurityAPP_SECRET_KEY = "your-32-byte-random-key"COOKIE_SECURE = "true"
# Convox RackRACK_HOST = "https://api.rack.convox.cloud"RACK_TOKEN = "your-rack-token"RACK_ALIAS = "production"See Configuration Reference for all options.
Convox Rack Requirements
Section titled “Convox Rack Requirements”To use Rack Gateway, you need:
- Self-hosted Convox rack - The rack API endpoint
- Rack API token - Found in Terraform state or Convox Console
- Network access - Gateway must reach the rack API
Supported Convox Versions
Section titled “Supported Convox Versions”- Convox v3 (Kubernetes-based) - Fully supported
- Convox v2 (ECS-based) - Not tested, may work
Google Workspace Requirements
Section titled “Google Workspace Requirements”For OAuth authentication:
- Google Cloud Project with OAuth 2.0 credentials
- Google Workspace domain for user restriction
- Authorized redirect URI configured in GCP Console
See OAuth Setup for detailed instructions.
Hardware Security Keys (Optional)
Section titled “Hardware Security Keys (Optional)”For WebAuthn/FIDO2 MFA support:
Supported Devices
Section titled “Supported Devices”- YubiKey 5 series (USB-A, USB-C, NFC)
- YubiKey Security Key series
- Platform authenticators (Touch ID, Windows Hello)
- Any FIDO2-compatible authenticator
CLI Requirements
Section titled “CLI Requirements”The rack-gateway CLI requires libfido2 for WebAuthn support:
brew install libfido2# Ubuntu/Debiansudo apt-add-repository ppa:yubico/stablesudo apt-get updatesudo apt-get install libfido2-dev
# Fedorasudo dnf install libfido2-develVerifying Installation
Section titled “Verifying Installation”After installing dependencies:
# Check Go versiongo version # Should show 1.22+
# Check Dockerdocker --versiondocker compose version
# Check Bunbun --version # Should show 1.3+
# Check misemise --version
# Optional: Check libfido2pkg-config --modversion libfido2 # macOS/LinuxThen follow the Quick Start to verify everything works.
Next Steps
Section titled “Next Steps”- Quick Start - Get running locally
- OAuth Setup - Configure Google OAuth for production
- Deployment Guide - Production deployment options