Skip to Content
DocsDeploymentOverview

Deployment

TL;DR

The default path is a free cmdop.com account — signing up provisions your own isolated relay domain, and you install the signed CMDOP binary on your machines. You can also self-host the relay plane on your own infrastructure via Docker, Kubernetes, or a manual install; your account still provisions identity and account state.

CMDOP follows a two-plane model: a cloud account that provisions a relay for you (the default), and a self-hosted relay plane you run yourself (a scoped option). See Pricing & editions for the full breakdown.

The default is a free cmdop.com account : sign up and your own isolated relay is provisioned on a per-customer domain (on the cmdop.dev domain). Self-hosting the relay is for teams that want to run the relay plane themselves; the account still handles identity and provisioning.

What deployment options are available?

OptionStatusBest For
Cloud accountShipping todayZero-setup — relay provisioned for you
Self-hosted relayScoped optionFull control, on-premise
DockerScoped optionThe recommended self-host path
KubernetesAdvancedScale, high availability

How do I get started with a cloud account?

Creating a free cmdop.com account  provisions your own isolated relay — you don’t run anything beyond installing the signed binary on your machines. This is the default, shipping path.

How do I self-host the relay?

Prefer to run the relay plane yourself? Your cmdop.com account still handles identity and provisioning; you take over operating the relay on your own infrastructure:

What you get:

  • The relay plane runs on your infrastructure
  • Custom network configuration
  • Full control over the data plane

What are the system requirements?

What does a single-node deployment need?

A single box (≤ ~50 agents) runs the whole stack comfortably on:

ResourceMinimumRecommended
CPU2 cores4+ cores
Memory4 GB8+ GB
Disk20 GB50+ GB
Network100 Mbps1 Gbps

What database is required?

PostgreSQL 16 (the OSS Compose ships postgres:16-alpine). At scale, move to managed Postgres (RDS / Cloud SQL / Aiven) with connection pooling.

What Redis version is needed?

Redis 7 (the OSS Compose ships redis:7-alpine) for the token cache, brute-force counters, the arq queue, the tunnel registry, and PTY output buffers.

What is the deployment architecture?

The self-hosted server is a multi-process Python stack sharing one Postgres and one Redis, not a single binary:

  • grpc_server (:50051) — the live relay: the bidi agent stream that routes terminal I/O.
  • api_server (:8000) — the REST control plane: auth, fleets, members, schedules, tunnels, API keys, session metadata.
  • worker — the async queue for cleanup crons and the schedule executor.
  • Postgres + Redis — shared state. The agent stream never blocks on Redis.

(A tunnel_server, a ws_gateway for browser realtime push, and an optional jarvis_server round out the full product.)

What ports does CMDOP use?

PortProtocolPurpose
8000HTTPREST control plane (api_server) — front with a TLS proxy in production
50051gRPC (h2c)Agent connections (grpc_server) — front with a TLS proxy in production

How is the deployment secured?

How is TLS configured?

The self-host Compose ships plain HTTP / h2c by design. You terminate TLS at a reverse proxy in front of the stack (Caddy, Traefik, or Nginx) — gRPC reaches grpc_server over h2c:// on the upstream while the proxy handles the public TLS. mutual-TLS relay↔agent is not built in. See the self-hosted guide for the Traefik file-provider example.

How does authentication work?

  • OAuth / CLI-token login for users (cmdop_<...> tokens)
  • Long-lived API keys for SDK/agents (cmdop_apikey_<...>)
  • Postgres row-level security (RLS) enforces multi-tenant isolation, CI-gated via audit-rls

What are the network requirements?

  • Agents initiate outbound connections only
  • No inbound ports on agents
  • The server needs reachable public (or VPN-internal) access for api_server and grpc_server

What should I do next?