Deployment

The community edition engine runs as a single process named rstream-engine-ce. It reads configuration from a YAML file specified by --config (or -c) or by the RSTREAM_ENGINE_CONFIG environment variable.

The engine requires TLS and a certificate provider. In the community edition build, certificate management is static: a certificate file and key file must be provided. Automatic certificate management is not available in this build.

Authentication also requires configuration. The community edition build supports the JWT backend and requires a shared secret for token verification.

Minimal community edition configuration

The minimal configuration for a community edition deployment includes an engine host, TLS listener address, static certificate files, and JWT authentication:

engine:
  host: "engine.example.com"
  log_level: "info"
tls:
  enabled: true
  listen_addr: ":443"
certs:
  static:
    enabled: true
    cert_file: "/etc/rstream/tls.crt"
    key_file: "/etc/rstream/tls.key"
auth:
  jwt:
    enabled: true
    token_jwt_secret: "<secret>"

Enterprise deployment notes

Enterprise builds extend the engine with additional configuration sections, including QUIC and DTLS listeners, identity provider integration, event storage, GeoIP support, and package distribution.