Platform Setup
Architecture overview, resource requirements, DNS configuration, and operational procedures for the EZKeel platform.
Architecture
The EZKeel platform runs as a Docker Compose stack with six services. Caddy handles TLS termination and reverse proxying, while Forgejo and Infisical share a PostgreSQL database.
| Service | Image | Port | Role |
|---|---|---|---|
| Caddy | caddy:2-alpine |
80, 443 | Reverse proxy, automatic HTTPS via Let's Encrypt |
| Forgejo | codeberg.org/forgejo/forgejo:9 |
3000 (internal) | Git hosting, CI/CD, code review |
| Infisical | infisical/infisical:latest |
8080 (internal) | Secrets management dashboard and API |
| PostgreSQL | postgres:16-alpine |
5432 (internal) | Shared database for Forgejo and Infisical |
| Redis | redis:7-alpine |
6379 (internal) | Cache and session store for Infisical |
| Runner | code.forgejo.org/forgejo/runner:3.5.1 |
-- | Forgejo Actions CI/CD runner |
Resource Requirements
The full platform runs comfortably on a small VPS. Recommended minimum:
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 2 vCPUs | 4 vCPUs |
| RAM | 4 GB | 8 GB |
| Disk | 40 GB SSD | 80 GB SSD |
| Example | Hetzner CX22 | Hetzner CX32 |
| Cost | ~$5/mo | ~$9/mo |
Note: These are estimates for a small team (1-5 developers). Larger teams or heavy CI usage may need more resources.
Domain Setup
You need two DNS A records pointing to your server's public IP address:
Caddy automatically provisions TLS certificates from Let's Encrypt when it starts, so there is no manual certificate configuration needed. Just make sure ports 80 and 443 are open on your firewall.
Caddyfile
The generated Caddyfile is minimal — it simply reverse-proxies each domain to the correct internal service:
Post-Install Setup
After ezkeel platform install completes, you need to create admin accounts for both Forgejo and Infisical. The setup guide is printed automatically after install, or you can view it again with:
Forgejo Admin Account
Open your Forgejo instance (e.g. https://git.example.com) and complete the initial setup form. Use the admin password from the .env file. After logging in:
- Go to Site Administration > User Accounts to invite team members
- Go to Site Administration > Runners to verify the CI runner registered
Infisical Admin Account
Open your Infisical instance (e.g. https://secrets.example.com/signup) and create an admin account. Then:
- Create an organization
- Create a project for each EZKeel project you will manage
- Add secrets (e.g.
ANTHROPIC_API_KEY) to the dev environment - Run
infisical loginon your development machine to authenticate the CLI
Tip: Use ezkeel init --infisical-url ... --infisical-token ... --infisical-org ... to automatically create the Infisical project during project initialization.
Customization
After installation, you can customize the platform by editing files in the install directory (default /opt/ezkeel):
.env— contains generated passwords and domain configuration. Stored with0600permissions.docker-compose.yml— the full Compose stack. Add services, change images, or adjust resource limits.Caddyfile— reverse proxy rules. Add rate limiting, IP allowlists, or additional subdomains.
After making changes, restart the stack:
Backups
All persistent data is stored in Docker volumes. To back up the platform, stop the services and create volume snapshots:
Volumes to back up:
postgres_data— database for both Forgejo and Infisicalforgejo_data— Git repositories, SSH keys, LFS objectsredis_data— session data (optional, can be regenerated)caddy_data— TLS certificates (optional, will be re-provisioned automatically)