Prerequisites
Before installing AquilaX on-premises, ensure the following are in place.
| Component | Requirement |
|---|---|
| Docker & Docker Compose | v24+ |
| MongoDB | 8.0.0 |
| HAProxy | lts-alpine3.21 |
| OS | Ubuntu 22.04 LTS or RHEL 9 |
| Network | Static internal IPs, outbound HTTPS |
Contact admin[@]aquilax.ai for your RUNNING_KEY, HEARTBEAT_CODE, GENAI_AX_KEY, and licence key before proceeding.
Four-Component Architecture
AquilaX on-premises deploys across three dedicated VMs.
| Component | CPU | RAM | Storage | Role |
|---|---|---|---|---|
| AquilaX Server | 8 vCPU | 16 GB | 80 GB SSD | API, UI, management |
| AquilaX Worker | 12 vCPU | 32 GB | 50 GB SSD | Scan execution (6 replicas) |
| AquilaX AI | 32 vCPU or 4× GPU | 32 GB | 120 GB SSD | Securitron AI (8 replicas) |
HAProxy routes traffic: /app/ → UI (port 3000), /api/v2 → Go API (port 4000), /api/v3/ → AI service (port 10000), default → server (port 8000).
AquilaX Server Setup
The server VM hosts the API, UI, and management plane via Docker Compose.
Key Environment Variables
MONGODB_URI=mongodb://...
JWT_SIGNING_TOKEN=<64-char-secret>
RUNNING_KEY=<provided-by-aquilax>
HEARTBEAT_CODE=<provided-by-aquilax>
DEPLOY=ONPREM
KL_SERVER=https://your-keycloak/
KL_CLIENT_ID=aquilax
KL_REALM=aquilaxImages are pulled from registry.gitlab.com/aquila-x/ — registry credentials are provided by the AquilaX team along with your licence key.
HTTPS with HAProxy
AquilaX uses HAProxy for TLS termination and reverse proxying across all services.
Place your SSL certificate at /etc/ssl/certs/aquilax.pem (cert + key concatenated). HAProxy reads this file on startup.
AquilaX Workers
Workers execute all security scans. Deploy 6 worker replicas on the Worker VM for optimal throughput.
Workers require access to the AquilaX Server API endpoint and the RUNNING_KEY environment variable.
AI Model Configuration
The AI VM runs llama.cpp with 8 replicas of the Securitron AI model (Qwen3-4B-GGUF format). GPU deployment is strongly recommended for production workloads.
AI Environment Variables
MODEL=Qwen/Qwen3-4B-GGUF
AI_ENDPOINTS=http://ai-vm:8080,http://ai-vm:8081,http://ai-vm:8082,http://ai-vm:8083,http://ai-vm:8084,http://ai-vm:8085,http://ai-vm:8086,http://ai-vm:8087Post-Installation Steps
Once all VMs are running and HAProxy is configured, complete the following setup steps.
- Access the platform via HTTPS at your configured domain.
- Log in via magic-link authentication (email-based, no password).
- Create your first organisation and group.
- Generate a Personal Access Token from Settings.
- Apply your AquilaX licence key from the admin panel.
- Connect your first repository via GitHub, GitLab, or API.
Licence & Support
Licence details and support contacts for on-premises deployments.
Your on-premises licence key, RUNNING_KEY, and HEARTBEAT_CODE are provisioned by the AquilaX team following contract signature. Contact admin[@]aquilax.ai for on-premises pricing and SLA options.