Docker Installation¶

Section: Installation | Article 06
Audience: IT Administrators
Last Updated: 2026-04-07

Overview¶

This article covers running RP-PAM as a Docker container. This is the fastest way to get RP-PAM running for evaluation, development, or production deployments on any platform that supports Docker.

Prerequisites¶

Requirement	Details
Docker Engine	24.0 or later
Docker Compose	v2.20 or later (included with Docker Desktop)
CPU	2 cores minimum (4 recommended)
RAM	4 GB minimum (8 GB recommended)
Disk	40 GB SSD minimum for host + volumes
Network	Outbound HTTPS (443) to `registry.ravenphyre.net`
Credentials	Registry username and token from your Ravenphyre welcome email

Step 1 — Log In to the Container Registry¶

RP-PAM images are hosted on the private Ravenphyre container registry.

Bash:

docker login registry.ravenphyre.net

Enter your registry username and token when prompted.

PowerShell:

docker login registry.ravenphyre.net

Tip: To avoid interactive prompts in CI/CD pipelines, use:
echo "$RPPAM_REGISTRY_TOKEN" | docker login registry.ravenphyre.net -u "$RPPAM_REGISTRY_USER" --password-stdin

Step 2 — Pull the Image¶

Bash:

docker pull registry.ravenphyre.net/rppam/rppam:latest

PowerShell:

docker pull registry.ravenphyre.net/rppam/rppam:latest

To pin to a specific version (recommended for production):

docker pull registry.ravenphyre.net/rppam/rppam:1.0.0

Step 3 — Run with Docker (Single Container)¶

For a quick start, run RP-PAM as a single container with host-mounted volumes for persistent data.

Bash:

docker run -d \
    --name rppam \
    --restart unless-stopped \
    -p 7101:7101 \
    -v rppam-config:/etc/rppam \
    -v rppam-data:/var/lib/rppam \
    -v rppam-logs:/var/log/rppam \
    -v rppam-keys:/etc/rppam/keys \
    registry.ravenphyre.net/rppam/rppam:1.0.0

PowerShell:

docker run -d `
    --name rppam `
    --restart unless-stopped `
    -p 7101:7101 `
    -v rppam-config:/etc/rppam `
    -v rppam-data:/var/lib/rppam `
    -v rppam-logs:/var/log/rppam `
    -v rppam-keys:/etc/rppam/keys `
    registry.ravenphyre.net/rppam/rppam:1.0.0

Volume Reference¶

Volume	Container Path	Purpose
`rppam-config`	`/etc/rppam`	Configuration files and certificates
`rppam-data`	`/var/lib/rppam`	Local database files (embedded mode)
`rppam-logs`	`/var/log/rppam`	Application and audit logs
`rppam-keys`	`/etc/rppam/keys`	Encrypted key material (KEK, DEK wrappers)

Important: Always use named volumes or bind mounts. If you run the container without volumes, all data is lost when the container is removed.

Step 4 — Run with Docker Compose (Recommended)¶

For production or evaluation with an external database, use Docker Compose to run RP-PAM alongside MSSQL and Redis.

Create a file named docker-compose.yml:

version: "3.8"

services:
  rppam:
    image: registry.ravenphyre.net/rppam/rppam:1.0.0
    container_name: rppam
    restart: unless-stopped
    ports:
      - "7101:7101"
    volumes:
      - rppam-config:/etc/rppam
      - rppam-data:/var/lib/rppam
      - rppam-logs:/var/log/rppam
      - rppam-keys:/etc/rppam/keys
    environment:
      - RPPAM_DB_HOST=mssql
      - RPPAM_DB_PORT=1433
      - RPPAM_DB_NAME=rppam
      - RPPAM_DB_USER=rppam_write
      - RPPAM_DB_PASSWORD_FILE=/run/secrets/db_password
      - RPPAM_REDIS_HOST=redis
      - RPPAM_REDIS_PORT=6379
    secrets:
      - db_password
    depends_on:
      mssql:
        condition: service_healthy
      redis:
        condition: service_started

  mssql:
    image: mcr.microsoft.com/mssql/server:2022-latest
    container_name: rppam-mssql
    restart: unless-stopped
    ports:
      - "1433:1433"
    environment:
      - ACCEPT_EULA=Y
      - MSSQL_SA_PASSWORD_FILE=/run/secrets/sa_password
      - MSSQL_PID=Developer
    volumes:
      - mssql-data:/var/opt/mssql
    secrets:
      - sa_password
    healthcheck:
      test: /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -C -Q "SELECT 1" || exit 1
      interval: 10s
      timeout: 5s
      retries: 10

  redis:
    image: redis:7-alpine
    container_name: rppam-redis
    restart: unless-stopped
    ports:
      - "6379:6379"
    volumes:
      - redis-data:/data

volumes:
  rppam-config:
  rppam-data:
  rppam-logs:
  rppam-keys:
  mssql-data:
  redis-data:

secrets:
  db_password:
    file: ./secrets/db_password.txt
  sa_password:
    file: ./secrets/sa_password.txt

Create Secrets Files¶

Bash:

mkdir -p ./secrets
# Use a strong password — at least 16 characters with mixed case, numbers, and symbols
echo -n 'YourStr0ng!SaPassword#2026' > ./secrets/sa_password.txt
echo -n 'YourStr0ng!DbPassword#2026' > ./secrets/db_password.txt
chmod 600 ./secrets/*.txt

PowerShell:

New-Item -ItemType Directory -Path "./secrets" -Force
Set-Content -Path "./secrets/sa_password.txt" -Value "YourStr0ng!SaPassword#2026" -NoNewline
Set-Content -Path "./secrets/db_password.txt" -Value "YourStr0ng!DbPassword#2026" -NoNewline

Security: Never commit secrets files to version control. Add secrets/ to your .gitignore.

Start the Stack¶

Bash:

docker compose up -d

PowerShell:

docker compose up -d

View Logs¶

# All services
docker compose logs -f

# RP-PAM only
docker compose logs -f rppam

Step 5 — Verify the Installation¶

Bash:

# Check container status
docker ps --filter "name=rppam"

# Check the health endpoint
curl -sk https://localhost:7101/health | python3 -m json.tool

PowerShell:

docker ps --filter "name=rppam"
Invoke-RestMethod -Uri "https://localhost:7101/health" -SkipCertificateCheck

Expected health response:

{
    "status": "healthy",
    "version": "1.0.0",
    "uptime": "00:00:30"
}

Container Management¶

# Stop RP-PAM
docker compose stop

# Start RP-PAM
docker compose start

# Restart RP-PAM
docker compose restart rppam

# Stop and remove containers (volumes are preserved)
docker compose down

# Stop and remove containers AND volumes (destroys all data)
docker compose down -v

Running the Setup Wizard in Docker¶

After the container is running, execute the setup wizard inside the container:

Bash:

docker exec -it rppam /opt/rppam/rppam setup-wizard

PowerShell:

docker exec -it rppam /opt/rppam/rppam setup-wizard

See Setup Wizard for detailed instructions on each step.

Troubleshooting¶

Symptom	Cause	Resolution
`docker login` fails	Incorrect credentials or network issue	Verify your registry username and token; check HTTPS connectivity to `registry.ravenphyre.net`
`docker pull` fails with "not found"	Wrong image tag	Verify the image name: `registry.ravenphyre.net/rppam/rppam:<version>`
Container exits immediately	Configuration error	Run `docker logs rppam` to see the startup error
MSSQL container not healthy	Weak SA password	MSSQL requires a strong password (8+ chars, mixed case, numbers, symbols)
Cannot connect to health endpoint	Port not mapped or firewall blocking	Verify port mapping with `docker ps`; check host firewall allows 7101
Data lost after `docker compose down`	Used `-v` flag which removes volumes	Always omit `-v` unless you intentionally want to destroy data
Permission denied on secrets files	File permissions too open	Run `chmod 600 ./secrets/*.txt`

Next Steps¶

Setup Wizard — Configure your database, encryption keys, and admin account
MSSQL Database Setup — Advanced MSSQL configuration and sizing
PostgreSQL Database Setup — Use PostgreSQL instead of MSSQL
Online License Activation — Activate your license after setup
LVS Relay Setup — Deploy an on-premises license validation proxy (recommended for environments without direct internet access or for resilience against upstream outages)