On-Premises Deployment

You can deploy the AISIX control plane on your own infrastructure instead of using the managed service.

An on-premises deployment gives you the same resource management, gateway certificate issuance, and usage reporting as AISIX Cloud. Control-plane data stays inside your environment, including fully air-gapped networks.

This on-premises deployment is an API7 commercial offering built around the open-source AISIX gateway.

Choose one of these deployment methods:

Online deployment: install with Docker Compose on a host or with Helm on Kubernetes. Container images are pulled from Docker Hub when the stack starts.
Offline air-gapped deployment: install from a package that includes every required container image.

Control Plane Stack

The default deployment includes these components:

Service	Role
`cp-api`	Manages organizations, environments, resources, and billing
`dp-manager`	Issues mTLS certificates and delivers configuration to data planes
`dashboard`	Web console
PostgreSQL database	Shared datastore, bundled by default or configured as an external database

The Docker Compose and offline packages currently include PostgreSQL 16.

AISIX gateways run separately as data planes. They connect outbound to dp-manager over mTLS, so the control plane does not need inbound network access to gateway hosts.

After the control plane is running, follow Managed Gateway to issue a gateway certificate and attach an AISIX gateway.

Online Deployment

Use online deployment when the host or Kubernetes cluster can pull container images from Docker Hub.

Docker Compose

Use Docker Compose for an online host with Docker and Docker Compose. The quickstart URL resolves to the current release.

curl -sL "https://run.api7.ai/aisix-ee/quickstart" | bash

The script downloads the package into ./aisix-ee, generates a .env file with fresh secrets, pulls images from Docker Hub, and starts the stack.

When startup finishes, the script prints the dashboard URL. The default URL is http://localhost:8080. Open the dashboard and create the first admin account.

Manage the stack from ./aisix-ee:

./aisix-ee/run.sh logs    # tail logs
./aisix-ee/run.sh stop    # stop containers
./aisix-ee/run.sh down    # remove containers (keeps the data volume)

Kubernetes with Helm

For Kubernetes, install the chart from the API7 Helm repository:

helm repo add api7 https://charts.api7.ai
helm repo update

helm install aisix-cp api7/aisix-cp \
  --set secrets.masterKey="$(openssl rand -base64 32)" \
  --set secrets.betterAuthSecret="$(openssl rand -base64 48)" \
  --set postgresql.auth.password="$(openssl rand -hex 24)" \
  --set postgresql.auth.postgresPassword="$(openssl rand -hex 24)"

The chart deploys the core API, data-plane manager, dashboard, and a bundled PostgreSQL instance by default.

To use an existing database, first provision the external database and role. Then disable the bundled PostgreSQL chart with postgresql.builtin=false and configure the top-level externalDatabase.* values.

To inspect the default chart values locally, run:

helm show values api7/aisix-cp

The chart source and values are published in the api7/api7-helm-chart repository.

warning

Use URL-safe database passwords, such as values generated with openssl rand -hex 24. The database password is embedded in a postgres:// connection URL, so characters such as +, /, and = from openssl rand -base64 can break the URL.

Offline Air-Gapped Deployment

For a host with no registry access, use the offline package. It includes every required container image.

The offline package URL resolves to the current release.

On a machine with internet access, download the package:

curl -fSL "https://run.api7.ai/aisix-ee/aisix-ee-offline-latest.tar.gz" \
  -o aisix-ee-offline-latest.tar.gz

Transfer the package to the air-gapped host, then start the stack:

tar -xzf aisix-ee-offline-latest.tar.gz
cd aisix-ee
./run.sh

The startup script:

loads the bundled container images
generates a .env file with fresh secrets
starts the stack without internet access
prints the dashboard URL when startup finishes

The default dashboard URL is http://localhost:8080.

The offline package also includes a model-pricing snapshot so usage and budget calculations can initialize without reaching models.dev. On first boot, the control plane seeds the model-pricing catalog from that snapshot. To use online pricing instead, remove AISIX_CLOUD_PRICESYNC_SNAPSHOT_PATH from the api service and recreate the stack. See On-Premises Configuration for the pricing catalog settings.

Configure External Access

Before exposing the control plane outside the local host or cluster, configure the public dashboard origin and the data-plane manager endpoint.

For Docker Compose, edit .env. For Kubernetes, update your Helm values:

Docker Compose setting	Helm value	Purpose
`AISIX_CLOUD_PUBLIC_BASE_URL`	`api.publicBaseURL`	Browser-facing origin, such as `https://aisix.example.com`. Login validates the session issuer against this value.
`AISIX_CLOUD_DPMGR_BASE_URL`	`api.dpmgrBaseURL`	`dp-manager` mTLS endpoint that data-plane hosts connect to.

After updating these settings, recreate the affected services with docker compose up -d or apply the changes with helm upgrade.

For more Docker Compose environment variables and Helm values, see On-Premises Configuration.

Next Steps

Continue with Managed Gateway to issue a gateway certificate and attach an AISIX gateway.

For environment modeling and operating modes, see Organizations and Environments and Deployment Modes.

Control Plane Stack​

Online Deployment​

Docker Compose​

Kubernetes with Helm​

Offline Air-Gapped Deployment​

Configure External Access​

Next Steps​