On-Premises Editions

Pro Custodibus is available in three editions: a cloud-hosted Software as a Service Edition (Pro Custodibus SaaS), an on-premises Enterprise Edition (Pro Custodibus EE), and an on-premises Community Edition (Pro Custodibus CE).

Software as a Service Edition

We host and operate the Pro Custodibus Software-as-a-Service Edition on our cloud servers. With this edition, you only have to run the agent on each WireGuard host you want to monitor. You use the app UI hosted at https://pro.custodib.us/ to manage your WireGuard hosts; and agents connect to our servers at api.custodib.us.

Pro Custodibus SaaS is not an on-premises edition of Pro Custodibus.

Enterprise Edition

You host and operate the Pro Custodibus Enterprise Edition entirely on your own internal servers. You must purchase a license before using Pro Custodibus EE (see our Plans & Pricing).

Pro Custodibus EE and Pro Custodibus CE are the on-premises editions of Pro Custodibus.

Community Edition

You host and operate the Pro Custodibus Community Edition entirely on your own internal servers. It is available for free under the GPL 3.0 license. Support for this edition is not available from the Pro Custodibus support team.

Pro Custodibus CE is installed and run the same way as the Enterprise Edition. It is built from the same core source code, and contains the same core components.

Components

The on-premises editions of Pro Custodibus consist of 3 core components:

You can host the API server, database, and app web UI all on the same server, or each on different servers. You can run each natively, or as Docker containers.

In addition, like the SaaS Edition, you run a lightweight daemon (the Agent Client) on each WireGuard host that you want to monitor. The agent can be run natively, or as a Docker container.

Data-flow diagram with Pro Custodibus components
Figure 1. Pro Custodibus components

API Server

The API server is an Elixir Phoenix application. It handles HTTPS requests from the app UI and agents, and reads and writes to the database.

The API server’s HTTPS port must be directly accessible (or accessible through an HTTP reverse proxy) to all WireGuard hosts that you want to monitor, as well as to any hosts from which you want to use the app UI; and it must be able to access the database on the database’s listen port.

The API server requires about 250 MB of free memory, and around 150 MB of free disk space to install.

Database

The database is a PostgreSQL database, version 13 or newer. No special extensions are required. You must set up a database and user to which the API server can connect.

For a test configuration, you only need about 100 MB of free memory and 100 MB of free disk space for the database. For production, we recommend at least 1 GB of free memory and at least 3 GB of free disk space.

App Web UI

The app UI is a Vue.js web application. It is compiled as a set of static files that can be served from any webserver, such as NGINX. The webserver itself doesn’t need to access the API server or the database; but the webserver needs to be accessible to any hosts from which you want to use the app UI.

The app UI can be run in any modern web browser. In the browser it connects to the API server to access and manipulate data.

Agent Client

The agent is a Python application that you run on each WireGuard host you want to monitor. It is the same agent used by Pro Custodibus SaaS, but configured to connect to your own API server.

Agents initiate HTTPS connections to the API server; the API server doesn’t ever initiate connections to agents. The agent requires a negligible amount of free memory to run, and about 50 MB of free disk space to install.

Getting Started

To get started with an on-premises edition of Pro Custodibus:

  1. Provision one or more servers for the core components.

  2. Install the API server, database, and app UI.

  3. Run the API server, database, and app UI.

  4. Use the app UI to add a host for the first WireGuard host you want to monitor.