Version: 1.1 Effective date: 2026-05-12 Applies to: Rackvio Community Edition (self-hosted Docker deployment)
Rackvio Community Edition makes zero outbound network connections by default. The Docker containers communicate only with each other on the Docker bridge network. There is no telemetry, no analytics, no phone-home, and no license verification.
The Rackvio stack consists of four containers that communicate exclusively over the Docker bridge network:
frontend (Next.js) ---HTTP---> backend (FastAPI)
backend (FastAPI) ---TCP----> postgres (PostgreSQL 16)
backend (FastAPI) ---TCP----> redis (Redis 7)No container initiates connections outside the Docker bridge network unless explicitly configured by the administrator (see Optional Outbound Connections below).
| Source | Destination | Protocol | Port | Purpose |
|---|---|---|---|---|
| frontend | backend | HTTP | 8000 | API requests (server-side) |
| backend | postgres | TCP | 5432 | Database queries |
| backend | redis | TCP | 6379 | Sessions, cache, task queue |
The following ports are exposed to the host network and are configurable in docker-compose.yml:
| Port | Service | Purpose | Configurable |
|---|---|---|---|
| 3000 | frontend | Web UI (Next.js) | Yes |
| 8000 | backend | REST API (FastAPI/Uvicorn) | Yes |
No other ports are exposed by default. PostgreSQL (5432) and Redis (6379) are accessible only within the Docker bridge network.
Out of the box, Rackvio makes zero outbound network connections. Specifically:
The following outbound connections occur only if the administrator explicitly configures them:
| Feature | Destination | When Active | Env Variable |
|---|---|---|---|
| SMTP email delivery | Your SMTP relay | When SMTP is configured for invitations | SMTP_HOST |
| Device library online sync | Rackvio library endpoint | When sync mode set to online or both | RACKVIO_SYNC_MODE |
Note on OIDC/SSO. SSO is an Enterprise-tier feature and is not in the community build. The community Dockerfile strips the entire
backend/app/enterprise/source tree, and the frontend webpack config replaces every@/enterprise/*import with a 404 component. The/admin/sso/*routes return HTTP 404 in community. If you self-host with SSO and need a local password-based admin, the bootstrap admin flow (auto-provisioned on first startup) is the supported path.
If you configure SMTP (SMTP_HOST, SMTP_PORT, SMTP_USERNAME, SMTP_PASSWORD), the backend will connect to your mail relay to send user invitation emails.
No SMTP traffic occurs unless you set these variables. Without SMTP configured, invitation emails are logged to stdout instead.
The device equipment library sync mode is controlled by RACKVIO_SYNC_MODE:
| Value | Outbound Traffic | Description |
|---|---|---|
airgapped | None | Default. Only accepts signed ZIP bundle uploads via the UI. |
online | Yes | Fetches device type catalog from RACKVIO_LIBRARY_URL. |
both | Yes | Both channels active. |
The default is airgapped. No outbound traffic for library sync unless you change this setting.
Rackvio Community Edition uses the following base images:
| Image | Source | Purpose |
|---|---|---|
pgvector/pgvector:pg16 | Docker Hub | PostgreSQL database |
redis:7-alpine | Docker Hub | Cache and queue |
| Custom (Dockerfile) | Built from source | Backend and frontend |
All images are pulled only during initial build. In air-gapped deployments, images can be pre-loaded via docker load (see the Installation Guide).
To verify zero outbound traffic in your environment:
# Monitor all outbound connections from the Rackvio containers
# (should show only inter-container traffic on the Docker bridge)
docker compose -f docker-compose.yml exec backend \
ss -tunp 2>/dev/null || netstat -tunp
# Or use tcpdump on the host to monitor the Docker bridge
sudo tcpdump -i docker0 -n 'not (src net 172.16.0.0/12 and dst net 172.16.0.0/12)'If the above captures show no packets, Rackvio is making no outbound connections.
This policy applies to Rackvio Community Edition as distributed. Any future features that introduce outbound connections will: