High Availability Deployment

Enterprise

Deploy the CodeRaft platform with redundancy, streaming replication and centralized monitoring using docker-compose-ha.yml.

Overview

The HA deployment extends the standard single-node docker-compose.yml with redundancy at every layer. It is designed for production environments where downtime and data loss are unacceptable.

Current status: HA is Docker Compose-based. Kubernetes deployment is planned for a future release.

Architecture

Nginx (reverse proxy, port 3000)
    |
    +--- API instance 1 (EntraGuard / Ravenscan / RedFox)
    +--- API instance 2 (EntraGuard / Ravenscan / RedFox)
    |
PostgreSQL primary  ---streaming replication---  PostgreSQL replica
    |
Redis Sentinel (3 nodes)
    |  master election + failover
Redis primary  ---replication---  Redis replica
    |
Neo4j (single instance)
    |
Loki  <---  Promtail (log collection from all containers)
    |
Grafana (dashboards, port 3001)

Components

PostgreSQL streaming replication

Primary + read replica with streaming replication. The replica receives WAL records in real-time. If the primary fails, the replica can be promoted manually. All products share the same PostgreSQL cluster.

Redis Sentinel

3 Sentinel nodes monitor the Redis primary. Automatic failover if the primary becomes unreachable (quorum of 2). Application clients use Sentinel-aware connections for transparent failover.

Multi-instance APIs

2 instances of each product API behind the Nginx load balancer (round-robin). Stateless request handling — session state is in PostgreSQL and Redis, not in memory.

Loki + Promtail + Grafana

Centralized logging and monitoring stack. Promtail collects logs from all containers and forwards them to Loki. Grafana provides dashboards for audit logs, scan results, session activity and system health.

Deployment

HA requires two servers (physical or virtual). The Setup Wizard guides you through choosing the role of each node, similar to Azure AD Connect's primary/secondary model.

Node 1 — Primary

  1. Install on the primary server
    Install (primary) 
    # Linux / macOS
curl -fsSL https://install.coderaft.io | bash

# Windows (PowerShell as Administrator)
irm https://install.coderaft.io/win | iex
  2. Activate and choose role
    Open http://localhost:3000 — in the Setup Wizard:
    • Activate your Enterprise licence
    • In the "High Availability" step, select "Primary node"
    • The wizard generates a join token — copy it for the secondary node
    • Configure database passwords and network settings
  3. Start the HA stack
    Start HA (primary) 
    docker compose -f docker-compose-ha.yml up -d --build

Node 2 — Secondary

  1. Install on the secondary server
    Install (secondary) 
    # Linux / macOS
curl -fsSL https://install.coderaft.io | bash

# Windows (PowerShell as Administrator)
irm https://install.coderaft.io/win | iex
  2. Join the primary
    Open http://localhost:3000 — in the Setup Wizard:
    • Select "Secondary node"
    • Enter the primary node IP/hostname (e.g., 192.168.1.10)
    • Paste the join token from the primary
    • The wizard validates connectivity and starts replication
  3. Verify replication
    Verify replication 
    # On the secondary node — check replication status
docker compose -f docker-compose-ha.yml ps
docker compose -f docker-compose-ha.yml logs postgres-replica --tail 20
docker compose -f docker-compose-ha.yml exec redis-sentinel redis-cli -p 26379 SENTINEL master mymaster
Connectivity requirements: The secondary must be able to reach the primary on these ports:
  • 5432 — PostgreSQL streaming replication
  • 6379 — Redis replication
  • 26379 — Redis Sentinel
  • 3001 — Dashboard API (health check + sync)
Ensure these ports are open between the two nodes (but not to the public internet).

Monitoring (Grafana)

Grafana is available at http://localhost:3001 (default credentials are set in the environment file). Pre-configured dashboards include:

  • System overview — container health, resource usage, uptime
  • Audit log stream — real-time view of WORM audit entries across all products
  • Scan activity — EntraGuard and Ravenscan scan durations, success/failure rates
  • Session monitoring — RedFox active sessions, connection counts, latency
  • Database replication — PostgreSQL replication lag, Redis Sentinel status

SIEM integration

The Loki log pipeline can forward events to external SIEM systems. Configure log forwarding in Settings → Integrations or export from Grafana to:

Splunk
Microsoft Sentinel
Elastic / ELK
Syslog (RFC 5424)
Generic webhook

Supported platforms

Linux

Ubuntu 20.04+, Debian 11+, RHEL 8+, CentOS Stream 8+

Windows

Windows Server 2019+ or Windows 10/11 with Docker Desktop (WSL2 backend)

macOS

macOS 12+ with Docker Desktop (Apple Silicon or Intel)

Both primary and secondary nodes can run on different operating systems. Docker is the only runtime dependency.

Limitations

  • Neo4j is single-instance in the current HA setup (Neo4j clustering requires Enterprise Edition)
  • PostgreSQL failover is manual — automatic promotion with Patroni is planned
  • Kubernetes deployment (Helm charts) is planned but not yet available

Hardware requirements (HA)

Each node (primary and secondary) requires:

  • 8 GB RAM minimum (16 GB recommended)
  • 4 vCPU
  • 50 GB disk (SSD recommended for database performance)
  • Network latency between nodes < 10 ms recommended

Need help with HA deployment? Contact [email protected]. For Enterprise licensing, reach out to [email protected].