EntraGuard Installation

Deploy the CodeRaft platform via Docker Compose. All products run from a single repository.

Prerequisites

Docker 24+ and Docker Compose v2
A Microsoft Entra ID tenant
An App Registration with the required Graph permissions
Port 8000 available (default)
Outbound access to graph.microsoft.com and license.coderaft.io

Minimum requirements

4 GB RAM (8 GB recommended for large tenants)
2 vCPU
10 GB disk space

Install

One command installs the CodeRaft Dashboard. The dashboard handles licence activation and product deployment.

Linux / macOS

Install

$ curl -fsSL https://install.coderaft.io | bash

Windows (PowerShell)

Install

$ irm https://install.coderaft.io/win | iex

The installer:

Checks Docker and Docker Compose are installed
Generates unique encryption keys
Pulls and starts the dashboard container
Opens http://localhost:3000

In the dashboard, the Setup Wizard guides you through:

Licence key activation
Product deployment (EntraGuard, Ravenscan, RedFox — based on your licence)
Azure AD configuration (Tenant ID, Client ID, Client Secret)
First audit

Your licence determines which products are deployed. The dashboard deploys only the containers you need. No unused services running.

Verification

Health check

docker compose ps              # All services "Up (healthy)"
curl http://localhost:8000/api/v1/health
# {"status":"ok","database":"ok","neo4j":"ok","redis":"ok"}

curl http://localhost:8000/api/v1/version
# {"version":"1.0.0","api":"v1"}

Updating

Re-run the installer to update to the latest version. All data persists through updates.

Linux / macOS

Update

$ curl -fsSL https://install.coderaft.io | bash

Windows (PowerShell as Administrator)

Update

$ irm https://install.coderaft.io/win | iex

Update behaviour

Hotfix (patch version, e.g., 1.2.3 → 1.2.4) — containers updated in-place. Redirected to the dashboard immediately. No re-login required.
Minor update (e.g., 1.2.x → 1.3.0) — may include database migrations. Re-login to verify licence. Data persists.
Major update (e.g., 1.x → 2.0) — re-login required. Read the release notes for breaking changes.

Data persistence guarantee: All customer data is stored in named Docker volumes (postgres_data, neo4j_data, dashboard_data). These volumes are never deleted by the installer or update process. Licences are valid for a minimum of 1 year.

Production deployment

CodeRaft Platform handles TLS automatically. When deployed via the CodeRaft Platform installer, HTTPS is configured in the Setup Wizard (Let's Encrypt or custom certificate). See the Platform Deployment Guide for details. The nginx configuration below is only needed for standalone deployments outside the platform.

Standalone reverse proxy (nginx)

If running EntraGuard outside the CodeRaft Platform (e.g., custom Docker Compose), place an external reverse proxy in front:

nginx.conf

server {
    listen 443 ssl http2;
    server_name security.company.com;

    ssl_certificate     /etc/letsencrypt/live/security.company.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/security.company.com/privkey.pem;
    ssl_protocols       TLSv1.2 TLSv1.3;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300s;
    }
}

server {
    listen 80;
    server_name security.company.com;
    return 301 https://$host$request_uri;
}

Uninstall

cd coderaft
docker compose down -v   # -v removes volumes (deletes all data)
cd .. && rm -rf coderaft

Supported platforms

Linux amd64

Native Docker

Linux arm64

Docker (build)

macOS

Docker Desktop

Windows

Docker Desktop / WSL2

Next steps

→ Configure Entra ID (App Registration & permissions)
→ Explore features
→ FAQ