System Requirements
Software
| Software | Minimum Version | Notes |
|---|---|---|
| Docker | 24.0+ | Required for all deployment modes |
| Docker Compose | 2.20+ | V2 plugin (docker compose) recommended |
OrbisID is distributed as Docker images.
Hardware
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4+ cores |
| RAM | 4 GB | 8+ GB |
| Disk | 10 GB | 40+ GB |
Disk usage grows with the number of systems scanned and how long you retain audit logs and scan history.
Network
Inbound Ports
| Port | Protocol | Purpose |
|---|---|---|
| 80 | TCP | HTTP (redirect to HTTPS in production) |
| 443 | TCP | HTTPS (recommended for production) |
Outbound Ports (from OrbisID to target systems)
| Target System Type | Protocol | Port(s) | Notes |
|---|---|---|---|
| Active Directory | LDAP | 389 TCP | Unencrypted (not recommended for production) |
| Active Directory | LDAPS | 636 TCP | Recommended — encrypted |
| Linux | SSH | 22 TCP | Configurable |
| Windows | WinRM HTTP | 5985 TCP | Unencrypted |
| Windows | WinRM HTTPS | 5986 TCP | Recommended — encrypted |
| SQL Server | JDBC | 1433 TCP | Configurable |
| On-Premise Agent | HTTPS | 443 TCP | OrbisID polls agents for job completion |
See Target Systems for full per-system connection requirements.
If target systems are in segmented networks not directly reachable from OrbisID, deploy an On-Premise Agent in those network segments instead.
TLS Certificates
Production deployments should use HTTPS. OrbisID uses Nginx as a reverse proxy, so certificates are configured at the Nginx layer. See Deployment — Enabling HTTPS for how to configure Nginx with your certificate files.
Option A: Let's Encrypt (Certbot)
Use this when the OrbisID host has a public DNS name and internet access:
# Install Certbot
sudo apt install certbot # Debian/Ubuntu
# or
sudo yum install certbot # RHEL/CentOS
# Obtain a certificate (standalone mode — stop Nginx first if running on port 80)
sudo certbot certonly --standalone -d your.orbisid.domain.com
# Certificate files are written to:
# /etc/letsencrypt/live/your.orbisid.domain.com/fullchain.pem
# /etc/letsencrypt/live/your.orbisid.domain.com/privkey.pem
Copy the certificate files to the OrbisID ssl/ directory, then configure Nginx as described in the deployment guide.
Option B: Self-Signed Certificate
Use this for internal deployments without a public domain:
# Generate a self-signed certificate valid for 10 years
mkdir -p ssl
openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \
-keyout ssl/privkey.pem \
-out ssl/fullchain.pem \
-subj "/CN=orbisid.internal" \
-addext "subjectAltName=DNS:orbisid.internal,IP:192.168.1.100"
Replace orbisid.internal and the IP address with your actual hostname and IP. Users will need to trust the certificate in their browser or via a corporate CA.
Option C: Corporate CA Certificate
If your organisation issues certificates internally, request a certificate for the OrbisID hostname and place the resulting fullchain.pem and privkey.pem files in the ssl/ directory before starting the stack.
Browser Support
| Browser | Minimum Version |
|---|---|
| Chrome / Chromium | 100+ |
| Firefox | 100+ |
| Safari | 15+ |
| Microsoft Edge | 100+ |
Database
OrbisID uses PostgreSQL 16. Two deployment options are available:
- All-in-One - PostgreSQL runs as a container alongside OrbisID (simplest setup)
- External Database - connect to your own managed PostgreSQL instance (on-premise, AWS RDS, Azure Database, etc.)
For external databases, the minimum supported version is PostgreSQL 15.