Requirements
What you need to run Rediflow: system requirements, optional components, and deployment options.
Container runtime
- Podman (rootless or root) with Compose:
podman-composeor Podman 4.1+ with built-inpodman compose. - Docker is supported: use
docker composewithDOCKER=1in the Makefile.
Most organisations already run Podman or Docker. Rediflow works with both.
Database
- PostgreSQL 18+ — The app uses containerised PostgreSQL only. It will not start with SQLite or other backends.
- The database runs in a container (via compose) or can be external if you provide
DATABASE_URL.
Operating system
- Bare metal or VM: Any Linux with Podman/Docker (e.g. Ubuntu 24.04, Rocky Linux 10, Debian).
- Nested containers (LXD/LXC): The outer container must have
security.nesting=trueandsecurity.privileged=true. See Deploy on containerized Ubuntu or Deploy on containerized Rocky Linux.
Required configuration
| Item | Description |
|---|---|
DATABASE_URL |
PostgreSQL connection URL (e.g. postgresql://user:pass@host:5432/dbname). |
SECRET_KEY |
Flask secret; required in QA and production. Use a strong value. |
See Configuration for the full list of environment variables.
Optional: authentication (OIDC / OpenID Connect)
If you want login and project visibility by group:
- OIDC (OpenID Connect) provider — Authentik or Keycloak (or any OIDC-compliant provider).
- Environment variables:
OIDC_ISSUER,OIDC_CLIENT_ID,OIDC_CLIENT_SECRET. - Groups in token: The app expects a
groupsclaim as a list of strings (e.g.["rediflow-admins", "rediflow-org-ACR"]). Configure your IdP to include groups in the token.
See Authentik setup for Authentik, or configure Keycloak to send groups as a JSON array.
Deployment options
Customers host the service themselves. All deployment options require you to operate the infrastructure.
| Option | Description |
|---|---|
| Deployment overview | Podman/Docker, build vs pre-built, which path to choose. |
| Run with Podman or Docker | Build image locally, run with compose. |
| Deploy QA and production | Use pre-built image from registry; no local build. |
| Deploy on Ubuntu | Nested containers on Ubuntu 24.04. |
| Deploy on Rocky Linux | Nested containers on Rocky Linux 10.1. |
Network and ports
- App: HTTP on port 5000 (dev) or 5001 (QA) by default.
- Database: PostgreSQL on port 5432 (or
POSTGRES_PORT). - Registry: If using the private GitLab image, ensure access to
registry.gitlab.com.