Self-Hosting OpenCLM

OpenCLM is fully open source (AGPL v3) and designed to be self-hosted. Your contracts, users, and data stay on your own infrastructure.

Architecture Overview

                    ┌─────────────────────────────────┐
                    │         Your Users               │
                    └────────────┬────────────────────┘
                                 │ HTTPS
                    ┌────────────▼────────────────────┐
                    │      Reverse Proxy               │
                    │   (Nginx / Caddy / Traefik)      │
                    └────┬───────────┬────────────────┘
                         │           │
               ┌─────────▼──┐   ┌───▼──────────┐
               │  Frontend   │   │  Keycloak    │
               │  React SPA  │   │  (port 8080) │
               │  (port 3000)│   └──────────────┘
               └─────────────┘
                    │
               ┌────▼────────┐
               │  API Server  │
               │ Node.js/Hono │
               │ (port 4000)  │
               └──────┬──────┘
                      │
               ┌──────▼──────┐
               │  PostgreSQL  │
               │   (port 5432)│
               └─────────────┘

Stack Components

Component	Technology	Purpose
Frontend	React 18 + Vite + TypeScript	Contract management UI
API Server	Node.js + Hono framework	REST API and business logic
Database	PostgreSQL 15+	All application data
ORM & Migrations	Prisma	Schema management
Identity	Keycloak 22+	SSO, LDAP/AD federation, MFA
E-Signature	OpenSign	Contract signing workflow
Container	Docker + Docker Compose	Deployment packaging

Deployment Options

Option 1: Docker Compose (Recommended for most)

All components run as Docker containers on a single server.
→ Docker Compose Setup

Option 2: Kubernetes

For high-availability production deployments. Helm chart available in the GitHub repository (/deploy/helm).

Option 3: Manual / Bare Metal

Run each service natively on your server. Suitable for environments where Docker is not available.
→ See server/DEPLOYMENT.md in the repository for bare-metal instructions.

Minimum Server Requirements

Tier	vCPUs	RAM	Disk	Users
Small (dev/testing)	2	4 GB	20 GB	< 20
Medium (production)	4	8 GB	50 GB	20 – 200
Large (enterprise)	8	16 GB	100 GB	200 +

Ports Used

Port	Service
3000	React frontend (proxied via Nginx in production)
4000	API server
5432	PostgreSQL
8080	Keycloak admin & auth

In production, expose only 443 (HTTPS) via your reverse proxy. All other ports should be firewalled.

TLS / HTTPS

Always run OpenCLM behind a TLS-terminating reverse proxy in production:

• Caddy — automatic certificate provisioning via Let's Encrypt (Caddyfile example in /deploy/caddy/).
• Nginx — manual or Certbot (nginx.conf example in /deploy/nginx/).
• Traefik — recommended for Kubernetes / Docker Swarm.

Next Steps

• Docker Compose Setup →
• Keycloak Configuration →
• Environment Variables →