For production deployment, we recommend to deploy all components in containers, including dependencies, using native cloud services or orchestration systems such as Kubernetes.
To have more details about deploying OpenCTI and its dependencies in cluster mode, please read the dedicated section.
OpenCTI can be deployed using the docker-compose command.
Windows and MacOS
Just download the appropriate Docker for Desktop version for your operating system.
Clone the repository
Docker helpers are available in the Docker GitHub repository.
Configure the environment
Before running the
docker-compose command, the
docker-compose.yml file should be configured. By default, the
docker-compose.yml file is using environment variables available in the file
You can either rename the file
.env and put the expected values or just fill directly the
docker-compose.yml with the values corresponding to your environment.
Configuration static parameters
The complete list of available static parameters is available in the configuration section.
Here is an example to quickly generate the
.env file under Linux, especially all the default UUIDv4:
$ sudo apt install -y jq $ cd ~/docker $ (cat << EOF OPENCTI_ADMIN_EMAILemail@example.com OPENCTI_ADMIN_PASSWORD=ChangeMePlease OPENCTI_ADMIN_TOKEN=$(cat /proc/sys/kernel/random/uuid) MINIO_ROOT_USER=$(cat /proc/sys/kernel/random/uuid) MINIO_ROOT_PASSWORD=$(cat /proc/sys/kernel/random/uuid) RABBITMQ_DEFAULT_USER=guest RABBITMQ_DEFAULT_PASS=guest ELASTIC_MEMORY_SIZE=4G CONNECTOR_HISTORY_ID=$(cat /proc/sys/kernel/random/uuid) CONNECTOR_EXPORT_FILE_STIX_ID=$(cat /proc/sys/kernel/random/uuid) CONNECTOR_EXPORT_FILE_CSV_ID=$(cat /proc/sys/kernel/random/uuid) CONNECTOR_IMPORT_FILE_STIX_ID=$(cat /proc/sys/kernel/random/uuid) CONNECTOR_IMPORT_REPORT_ID=$(cat /proc/sys/kernel/random/uuid) EOF ) > .env
docker-compose deployment does not support
.env files, just export all environment variables before launching the platform:
Memory management settings
As OpenCTI has a dependency on ElasticSearch, you have to set the
vm.max_map_count before running the containers, as mentioned in the ElasticSearch documentation.
To make this parameter persistent, add the following to the end of your
The default for OpenCTI data is to be persistent.
docker-compose.yml, you will find at the end the list of necessary persitent volumes for the dependencies:
Using single node Docker
After changing your
.env file run
docker-compose in detached (-d) mode:
Using Docker swarm
In order to have the best experience with Docker, we recommend using the Docker stack feature. In this mode you will have the capacity to easily scale your deployment.
Put your environment variables in
You can now go to http://localhost:8080 and log in with the credentials configured in your environment variables.
Prepare the installation
Installation of dependencies
You have to install all the needed dependencies for the main application and the workers. The example below is for Debian-based systems:
Download the application files
First, you have to download and extract the latest release file. Then select the version to install depending of your operating system:
- If your OS supports libc (Ubuntu, Debian, ...) you have to install the
- If your OS uses musl (Alpine, ...) you have to install the
We don't provide any Windows release for now. However it is still possible to check the code out, manually install the dependencies and build the software.
Install the main platform
Configure the application
The main application has just one JSON configuration file to change and a few Python modules to install
Change the config/production.json file according to your configuration of ElasticSearch, Redis, RabbitMQ and S3 bucket as well as default credentials (the
ADMIN_TOKEN must be a valid UUID).
Install the Python modules
Start the application
The application is just a NodeJS process, the creation of the database schema and the migration will be done at starting.
The default username and password are those you have put in the
Install the worker
The OpenCTI worker is used to write the data coming from the RabbitMQ messages broker.
Configure the worker
Change the config.yml file according to your OpenCTI token.
Start as many workers as you need
You can now go to http://localhost:4000 and log in with the credentials configured in your
Multi-clouds Terraform scripts
This repository is here to provide you with a quick and easy way to deploy an OpenCTI instance in the cloud (AWS, Azure, or GCP).
AWS Advanced Terraform scripts
A Terraform deployment of OpenCTI designed to make use of native AWS Resources (where feasible). This includes AWS ECS Fargate, AWS OpenSearch, etc.
Kubernetes Helm Charts
OpenCTI Helm Charts (may be out of date) for Kubernetes with a global configuration file.
Deploy behind a reverse proxy
If you want to use OpenCTI behind a reverse proxy with a context path, like
https://domain.com/opencti, please change the
base_path static parameter.
By default OpenCTI use websockets so don't forget to configure your proxy for this usage, an example with
Additional memory information
OpenCTI platform is based on a NodeJS runtime, with a memory limit of 8GB by default. If you encounter
OutOfMemory exceptions, this limit could be changed:
Workers and connectors
OpenCTI workers and connectors are Python processes. If you want to limit the memory of the process, we recommend to directly use Docker to do that. You can find more information in the official Docker documentation.
ElasticSearch is also a JAVA process. In order to setup the JAVA memory allocation, you can use the environment variable
ES_JAVA_OPTS. You can find more information in the official ElasticSearch documentation.
Redis has a very small footprint on keys but will consume memory for the stream. By default the size of the stream is limited to 2 millions which represents a memory footprint around
8 GB. You can find more information in the Redis docker hub.
MinIO / S3 Bucket
MinIO is a small process and does not require a high amount of memory. More information are available for Linux here on the Kernel tuning guide.
The RabbitMQ memory configuration can be find in the RabbitMQ official documentation. RabbitMQ will consumed memory until a specific threshold, therefore it should be configure along with the Docker memory limitation.