Air-Gapped Deployment

QANATIX runs fully offline. No telemetry, no external API calls, no internet required. Designed for classified environments, defence, and regulated industries.

Requirements

• Docker and Docker Compose v2
• 4 GB RAM minimum (8 GB recommended)
• CPU only — no GPU required
• All Docker images pre-pulled to an internal registry

Setup

1. Pre-pull images

On a machine with internet access, pull and save all images:

# Pull images
docker pull ghcr.io/softure/qanatix:latest
docker pull postgres:17
docker pull redis:7-alpine

# Save to tarball
docker save ghcr.io/softure/qanatix:latest postgres:17 redis:7-alpine \
  | gzip > qanatix-images.tar.gz

2. Transfer to air-gapped network

Move qanatix-images.tar.gz and the docker-compose.yml via approved media (USB, secure transfer).

3. Load images

docker load < qanatix-images.tar.gz

4. Configure for offline operation

# .env
DEPLOYMENT_MODE=self_hosted
API_KEY_SALT=your-random-32-char-string
CONNECTOR_ENCRYPTION_KEY=your-fernet-key
CORS_ORIGINS=https://internal.mil.gov

5. Start

docker compose up -d

What works offline

Everything:

• Data upload (all formats)
• Full-text search with structured filters
• MCP server
• API authentication and rate limiting
• Admin and export endpoints
• Schema validation

What doesn't work offline

• Stripe billing (disabled in self-hosted mode)
• EU Cloud features

Security considerations

• Set CORS_ORIGINS to your specific internal domains
• Change API_KEY_SALT from the default
• Set CONNECTOR_ENCRYPTION_KEY for database credential encryption
• All data stays on your network — no external calls whatsoever
• Rate limiting still works (Redis is local)