-
Notifications
You must be signed in to change notification settings - Fork 0
Reference Full Specification
- Introduction
- Goals
- System Overview
- Architecture
- Components
- Configuration Model
- Setup Wizard
- Deployment Pipeline
- Release Management
- Feature Flags
- Security
- Roadmap
ReadyStackGo is a self-hosted deployment and administration system for containerized software stacks. The goal is to enable on-premise customers, partners, and internal teams to easily install, maintain, and update complex microservice systems without having to interact directly with Docker Compose, Kubernetes, or manual deployment scripts.
The core of ReadyStackGo is a single Admin container that:
- provides a web UI,
- contains a setup wizard,
- automatically bootstraps TLS,
- processes release manifests,
- installs and updates container stacks,
- manages configuration in a versioned manner,
- and can later support multi-node deployments.
ReadyStackGo is fully offline-capable and only requires:
- Docker on the host,
- access to the Docker Socket.
This makes the system ideal for:
- On-premise operation
- Isolated customer networks
- Edge installations
- Internal development stacks
ReadyStackGo is intended to be a fully integrated, easy-to-use, and robust management platform. The main goals are:
- A single Admin container manages the entire stack.
- Setup Wizard that makes installations extremely simple for customers.
- TLS Automation (Self-Signed + later Custom Certificates).
- Manifest-based Installation & Updates for entire stacks.
- Central Configuration via rsgo-config (Volume).
- Feature Flags for customer- or organization-specific activations.
- Offline Operation: No cloud connection required.
- Extensibility: BFFs, APIs, Business Contexts, Gateways.
- No Kubernetes.
- No focus on Multi-Tenancy SaaS (Organization instead).
- No setup of external databases.
- No automatic clustering.
- No dynamic container orchestration like Swarm/K8s.
ReadyStackGo consists of three layers:
-
Admin Container (ReadyStackGo itself)
- UI
- Wizard
- TLS Management
- Manifest Loader
- Deployment Engine
- Config Store
-
Gateway / BFF Layer
- BFF Desktop
- BFF Web
- Public API Gateway
-
Business Contexts (AMS Microservices)
- Project
- Memo
- Discussion
- Identity
- etc.
All systems are defined as Docker containers and specified through manifests.
-
API Layer
- Endpoints (FastEndpoints)
- Authentication / Roles
- Input/Output DTOs
-
Application
- Dispatcher
- Commands & Queries
- Orchestration / Policies
-
Domain
- Pure Business Objects
- Value Objects
- Policies
-
Infrastructure
- Docker Service
- TLS Service
- ConfigStore
- ManifestProvider
-
Frontend
- React + Tailwind + TailAdmin
- Wizard
- Admin UI
ReadyStackGo consists of several clearly separated components that work together to manage the entire stack. Each component is replaceable, testable, and extensible.
The Admin container provides:
- Web UI (React + TailAdmin)
- API (FastEndpoints)
- Setup Wizard
- TLS Handling (Bootstrap & Management)
- Manifest Management
- Deployment Engine
- Config Store
- Logs & Status Queries
The Admin container is the only container that a customer needs to start manually.
The manifest stack can contain any number of gateways, typically:
- Edge Gateway (TLS Termination, Reverse Proxy)
- Public API Gateway
- BFF Desktop
- BFF Web
These gateways are always deployed last to ensure that the underlying services are already running.
Examples:
- Project
- Memo
- Discussion
- Identity
- Notification
- Search
- Files
- etc.
Each context:
- is a container,
- uses the same stack lifecycle,
- has its own versions,
- can have connections (DB/Eventstore/Transport),
- is defined in the manifests.
Contains all persistent data:
rsgo.system.json
rsgo.security.json
rsgo.tls.json
rsgo.contexts.json
rsgo.features.json
rsgo.release.json
rsgo.nodes.json
tls/<certs>
- Loads release manifests from the filesystem or later from a registry.
- Validates versions and schema.
- Creates the deployment plan per manifest
- Start/Stop/Remove/Update containers
- Health checks
- Maintains rsgo.release.json
- Generates Self-Signed certificate during bootstrap
- Allows later uploading of custom certificates
The entire configuration is clearly structured.
Stores:
- Organization
- Ports
- Base URL
- Docker network name
- Wizard status
- Deployment mode
- Node configuration (Single Node for now)
{
"organization": {
"id": "customer-a",
"name": "Customer A"
},
"baseUrl": "https://ams.customer-a.com",
"httpPort": 8080,
"httpsPort": 8443,
"dockerNetwork": "rsgo-net",
"mode": "SingleNode",
"wizardState": "Installed"
}Stores:
- Local Admin (Password hashed, salted)
- Role model (Admin/Operator)
- Optional external Identity Provider configuration (OIDC)
- Local Admin fallback toggle
Defines:
- tlsMode: SelfSigned or Custom
- Certificate path
- Port
- httpEnabled
- terminatingContext
For Simple and Advanced Mode:
{
"mode": "Simple",
"globalConnections": {
"transport": "TransportCS",
"persistence": "Server=.;Database=ams",
"eventStore": "esdb://..."
},
"contexts": {
"project": {},
"memo": {},
"discussion": {},
"identity": {},
"bffDesktop": {},
"bffWeb": {},
"publicApi": {}
}
}{
"mode": "Advanced",
"contexts": {
"project": {
"connections": {
"transport": "...",
"persistence": "...",
"eventStore": "..."
}
}
}
}Global Feature Flags:
- Cross-context
- True/False Values
- Passed to containers as
RSGO_FEATURE_*
Stores the state after deployment:
{
"installedStackVersion": "4.3.0",
"installedContexts": {
"project": "6.4.0",
"memo": "4.1.3"
},
"installDate": "2025-03-01T10:12:00Z"
}The Setup Wizard is intentionally kept compact and guides a new user through the minimally necessary setup steps. All advanced features can be adjusted later in the Admin UI.
The Wizard is only active when:
rsgo.system.json.wizardState != "Installed"
- Create Admin
- Create Organization
- Set Connections (Simple Mode)
- Summary
- Install Stack
- Wizard locks itself → Login becomes active
User enters:
- Username
- Password
The API stores:
- Password hashed
- Salt generated
- Role: admin
- wizardState = "AdminCreated"
Storage in rsgo.security.json.
Data:
- ID (technical)
- Name (display)
Stores in rsgo.system.json:
{
"organization": { "id": "customer-a", "name": "Customer A GmbH" }
}wizardState = "OrganizationSet".
User enters:
- Transport Connection String
- Persistence Connection String
- EventStore Connection String (optional)
rsgo creates:
"mode": "Simple",
"globalConnections": { ... }wizardState = "ConnectionsSet".
The Wizard shows:
- Organization
- Connections
- Suggested Manifest (e.g., latest version)
- All Contexts
The API:
- reads the manifest
- creates the deployment plan
- stops old containers (if present)
- creates/starts containers
- writes
rsgo.release.json - sets wizardState = "Installed"
After this step, the Wizard is deactivated.
The deployment process is the heart of ReadyStackGo.
- Load Manifest
- Load Configs (
rsgo.system.json,rsgo.contexts.json,rsgo.features.json) - Generate EnvVars
- Ensure Docker Network (
rsgo-net) - Execute Context-wise Deployment
- Deploy Gateway last
- Save Release Status
The following EnvVars are generated:
RSGO_ORG_IDRSGO_ORG_NAMERSGO_STACK_VERSION
RSGO_FEATURE_<name>=true/false
Depending on Simple/Advanced Mode:
RSGO_CONNECTION_transportRSGO_CONNECTION_persistenceRSGO_CONNECTION_eventStore
e.g.:
ROUTE_DESKTOP=http://ams-bff-desktopROUTE_PUBLIC_API=http://ams-public-api
For each manifest definition:
- Stop & Remove (if container exists)
-
Create & Start with:
- Image
- EnvVars
- Ports
- Network
- Name
- Health check (optional)
- Deploy Gateway last
- Error is logged
- Further deployment process stops
- User receives:
- Error code
- Error description
- rsgo.release.json is NOT updated
Rollback V1 (simple):
- Previous containers remain untouched
- User can via the UI:
- Retry deployment
- Install older release version
Example after deployment:
{
"installedStackVersion": "4.3.0",
"installedContexts": {
"project": "6.4.0",
"memo": "4.1.3",
...
},
"installDate": "2025-04-12T10:22:00Z"
}A manifest defines:
- Stack version
- Context versions
- Context-specific EnvVars
- Gateway configuration
- Feature defaults
- Dependencies
{
"manifestVersion": "1.0.0",
"stackVersion": "4.3.0",
"schemaVersion": 12,
"gateway": {
"context": "edge-gateway",
"protocol": "https",
"publicPort": 8443,
"internalHttpPort": 8080
},
"contexts": {
"project": {
"image": "registry/ams.project-api",
"version": "6.4.0",
"containerName": "ams-project",
"internal": true
},
"bffDesktop": {
"image": "registry/ams.bff-desktop",
"version": "1.3.0",
"containerName": "ams-bff-desktop",
"internal": false,
"env": {
"ROUTE_PROJECT": "http://ams-project"
}
}
},
"features": {
"newColorTheme": { "default": true },
"discussionV2": { "default": false }
}
}- CI creates new Manifest
- ReadyStackGo loads Manifest
- Admin selects Manifest
- Deployment Engine executes installation
- Release saved
Feature Flags allow dynamically enabling or disabling business functionality – cross-context and centrally controlled.
- Globally valid (not limited to one context).
- Passed as Environment Variables to every container.
- Can be extended per organization later.
- Stored in
rsgo.features.json. - Can later have default values in the manifest.
{
"newColorTheme": true,
"discussionV2": false,
"memoRichEditor": true
}-> Containers receive:
RSGO_FEATURE_newColorTheme=true
RSGO_FEATURE_discussionV2=false
RSGO_FEATURE_memoRichEditor=true
Contexts can define default values in the manifest:
"features": {
"newColorTheme": { "default": true },
"discussionV2": { "default": false }
}These values can be overridden by the admin later.
The administration sees a list of all features:
| Feature Name | Active | Description |
|---|---|---|
| newColorTheme | ✔️ | New UI Theme |
| discussionV2 | ❌ | New Discussion API |
| memoRichEditor | ✔️ | Rich Text Editor |
Each change is saved in rsgo.features.json.
ReadyStackGo must be robust and secure for both on-premise and production environments.
-
Local Authentication
- Default
- Username + Password
- Stores password as Hash + Salt
-
External Identity Provider (OIDC)
- Keycloak
- ams.identity
- Azure AD (later)
- Roles via Claims
-
Local Admin Fallback
- Active or deactivatable
- Guarantees login even if IdP fails
-
admin
- Can perform deployments
- Can change configuration
- Can manage TLS
- Can adjust Feature Flags
-
operator
- Can only start/stop containers
- Can view logs
-
With Local Auth:
- Roles in
rsgo.security.json
- Roles in
-
With OIDC:
- From Claim (e.g.,
"role" : "rsgo-admin")
- From Claim (e.g.,
- Password hashing via PBKDF2 or Argon2
- Password salt generated per user
- No plaintext password storage
- First start generates Self-Signed Certificate
- Certificate stored under
/app/config/tls/
- Admin UI allows PFX upload
- Storage in
rsgo.tls.json
- Occurs in the Gateway, not in the Admin container itself
- Advantage: HTTP can be used internally between containers
- JWT or Cookie Token
- Anti-CSRF (with Cookies)
- Rate Limiting (optional later)
- Secure Headers, HSTS
This roadmap covers only the main lines; modules can be developed in parallel.
- API: List, Start, Stop
- DockerService Base
- UI: Container Overview
- No Login
- No Wizard
- Login/Logout
- Local Authentication
- Rights Management
- Dashboard
- Hardcoded Stack Deployment
- Self-Signed TLS
- Wizard with 4 steps
- First Manifest Loading
- Basic Deployment Engine
- Manifest Management
- Versioning
- Update/Upgrade Flow
- Release Status Display
- TLS Upload
- Feature Flags UI
- Advanced Connections
- Node Configuration (Single Node)
- Actively use rsgo.nodes.json
- Per Node: Roles (Gateway Node, Compute Node)
- Node Discovery
- Remote Docker Hosts
Getting Started
Architecture
Configuration
Security
Setup Wizard
Development
Operations
CI/CD
Reference
- Roadmap
- API Reference
- Configuration Reference
- Manifest Schema
- Multi-Environment
- Stack Sources
- Plugin System
- Technical Specification
- Full Specification
Specifications
Release Notes