|
<< Click to Display Table of Contents >> Raynet One > 2026.1 > Installation and Operations Guide > Raynet One On-Premises Installation and Operations Guide Architecture Overview |
Raynet One on-premises is deployed as a set of containerized services on a single host using Docker Engine and Docker Compose. All services run as Docker containers within a dedicated internal Docker network.
A central Nginx reverse proxy container serves as the single external entry point.
It terminates all external TLS connections and forwards requests to internal service containers based on hostname and path routing. Backend services are not exposed directly and do not terminate TLS themselves.
•Port 443/tcp (HTTPS): Mandatory. Primary entry point for all client traffic (TLS).
•Port 80/tcp (HTTP): Restricted to ACME HTTP-01 challenges during TLS certificate issuance and renewal. No application traffic is served over this port.
All containers communicate over a dedicated Docker bridge network (e.g., internal_net). Service-to-service communication relies on Docker's embedded DNS, using Docker service names as resolvable hostnames. No internal services are published to the host network.