HomeGuidesSDK ExamplesAnnouncementsCommunity
Guides
Start typing to search…

MaxAI Self-Hosting Requirements

Server (VM) Requirements

Minimum Requirements (applies to all cloud providers)

  • Operating System: Any Linux distribution that supports Docker
  • vCPUs: 4
  • RAM: 16GB
  • Disk Space: 30GB

Cloud-Specific Instance Sizes & Disk Types

Cloud ProviderInstance SizeDisk Type
AWSm5.xlargeGeneral Purpose SSD (gp3)
AzureStandard_D4s_v5 or equivalentStandard SSD (E10)
GCPn2-standard-4 or equivalentBalanced Persistent Disk (pd-balanced)

Server Access Requirements

  • AnswerRocket DevOps SSH (or other terminal user) access
  • Inbound access for AnswerRocket DevOps over SSH (Port 22)
    • This inbound access may be provided via VPN, VDI, or other private tunnel provided by the client

Software Requirements

  • Latest Docker and Docker Compose
  • AWS CLI (Required for pulling images & build artifacts during initial installation)
  • LLM Key and endpoint
  • Valid SSL certificate files (privkey.pem, fullchain.pem)

Networking Requirements

  • Outbound access to:
    • S3 (for pulling resources)
    • AnswerRocket ACR (container registry for pulling images)
    • The LLM endpoint of choice (for AI functionality)
    • These domains must be whitelisted:
*.ecr.us-east-1.amazonaws.com
*.sts.us-east-1.amazonaws.com
*.s3.amazonaws.com
*.s3.dualstack.us-east-1.amazonaws.com
*.s3.us-east-1.amazonaws.com
*.docker.io
production.cloudflare.docker.com
*.cloudflare.com
*.cloudflaressl.com
  • Inbound access from:
    • HTTPS/443 for web application usage by AnswerRocket developers and client users
    • SSH/22 (for pulling resources) for use by AnswerRocket DevOps

Optional: Load Balancer Configuration

If using a load balancer (e.g., Azure Application Gateway/WAF or AWS ALB etc..) with SSL termination set it up as follows:

  • HTTPS listener on port 443 with the certificate (SNI enabled).
  • TLS policy allowing TLS 1.2+.
  • Backend pool target: the application VM on port 80.
  • Health probe: HTTP 80 path / or /apps/login.
  • HTTP settings:
    • Preserve Host header.
    • Send X-Forwarded-Proto: https and X-Forwarded-For.
  • Network/security:
    • Allow the LB (security group/subnet) to reach the VM on port 80.
    • No requirement to expose 443 on the VM when the LB terminates SSL.

WebSocket Support

MaxAI requires WebSocket connectivity for proper operation.

Please note that Palo Alto Networks firewalls may block WebSocket traffic by default. You may need to configure specific policies or adjust security settings to allow this traffic.

Ensure that all layers of your network infrastructure — including firewalls, proxies, and load balancers — are configured to permit WebSocket connections.

Other Requirements

  • SAML setup to allow client users to login via SSO

  • SMTP server to allow for password resets for non-SSO users

  • Max requires a database connection and supports a variety of databases.

  • Commonly used databases include:

    • PostgreSQL

    • Snowflake

    • Databricks

    • BigQuery

    • Redshift

      Please reach out to your AnswerRocket account executive for further details on database compatibility.

Updated 20 days ago