Documentation

Deployment Guide

Deploy Infraveil on a server you own. You install the launcher on your host and your app loads from a config file. The proxy, TLS, networking, and data all stay under your control.

How It Works

Five steps: log in to the dashboard, install the launcher on your server, register it as a service, verify your app package, then publish it behind a proxy with TLS.

Overview

The installer is not your application. It opens an authenticated connection to Infraveil, downloads your approved app files, verifies their integrity, and starts the services your config file defines — all on your own server.

The setup uses standard components: your own server, a system service, a reverse proxy, TLS, and local logs. The installer sets up the launcher. Your app is driven by config and can run Node, Python, Go, Rust, Java, or anything else your host supports.

Application scope

Config-driven services

Data location

Your own server

Recovery

Replace, restart, or redeploy

Requirements

Linux or Windows host

A server that can run the launcher and whatever runtimes your application needs: Node, Python, Go, Rust, or Java.

Administrative access

Admin access to create users, register the service, and set up the reverse proxy.

DNS and network

A domain name, inbound HTTPS access, and outbound HTTPS to Infraveil.

Launcher install command

A one-time install command from the dashboard after logging in and selecting your workspace.

Deployment

Do the first install on a private server and confirm everything works locally before you make the service public.

1. Create the service user and app directory

Run the launcher under its own account so it has only the access it needs. This creates the user and a directory it owns.

sudo adduser infraveil-agent
sudo mkdir -p /home/infraveil-agent/app
sudo chown -R infraveil-agent:infraveil-agent /home/infraveil-agent/app

2. Copy the installer to your server and run it

Move the launcher onto the host, switch to the service user, and start it. On first run it connects to Infraveil and downloads your approved app files.

scp /path/to/launcher.py infraveil-agent@your_server_ip:/home/infraveil-agent/app/
sudo su - infraveil-agent
cd app
chmod +x launcher.py
python3 launcher.py

3. Review the configuration file

Open the config to confirm the port your app listens on, its endpoint, and its rate limit. Adjust these values to match your service.

nano Customization/config.json

{
  "port": 5050,
  "endpoint": "/",
  "message": "Service ready",
  "rate_limit": "5 per minute"
}

Proxy and TLS

Now make the service permanent and reachable. Register it so it starts on boot and restarts on failure, put NGINX in front as a reverse proxy, and add TLS before you open it to traffic.

Register the service

Define a systemd unit so the launcher runs as a managed service under its own user and restarts automatically if it crashes.

sudo nano /etc/systemd/system/infraveil.service

[Unit]
Description=Infraveil Agent Service
After=network.target

[Service]
Type=simple
User=infraveil-agent
Group=infraveil-agent
WorkingDirectory=/home/infraveil-agent/app
ExecStart=/usr/bin/python3 /home/infraveil-agent/app/launcher.py
Restart=on-failure
RestartSec=5s

[Install]
WantedBy=multi-user.target

Start the service and install Certbot

Load the unit, enable it to start on boot, start it now, then install Certbot so NGINX can get a TLS certificate.

sudo systemctl daemon-reload
sudo systemctl enable infraveil.service
sudo systemctl start infraveil.service
sudo apt update
sudo apt install certbot python3-certbot-nginx -y

Add the reverse proxy

Point NGINX at your local service so requests to your domain reach the app on its port. Use your real domain in place of api.yourdomain.com, then run Certbot against that domain to add HTTPS.

server {
    server_name api.yourdomain.com;

    location / {
        proxy_pass http://127.0.0.1:5050;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Operations

Check the service locally before you go live. Use the commands below to confirm the app responds, the system service is running, and your NGINX config is valid.

Once it's live, the dashboard shows what each server is doing, so you don't have to SSH in to find out. The launcher reports host health, which agents are running, crashes, restart loops, and resource pressure. Each agent reports its app version, service state, dropped events, and runtime metrics. Infraveil turns that record into incidents, a public status page, and your service catalog.

curl http://127.0.0.1:5050/
sudo systemctl status infraveil.service
sudo nginx -t

Recovery and redeployment

If your server is compromised, the service goes unhealthy, or the install command is revoked, redeploy from a fresh package rather than patching what's there. Old sessions are meant to be replaced, not repaired.

The recovery path is the same every time: restore the server to a trusted state, deploy a fresh package, test it locally, then open it to traffic again.