Install Kageos
Run Kageos locally, deploy it directly on Linux, or put it behind an existing edge proxy. The installer prints your system login on first install.
Prerequisites
- macOS or Windows: install Podman Desktop and complete the Podman machine onboarding
- Linux production server: sudo access, public IP or domain, and enough disk for images and data
- Desktop Podman machine: 6 GB RAM and 20 GB disk recommended; Linux production: 4 GB minimum, 8 GB recommended
- Local desktop installs use port 8080 by default; production installs either own 80/443 directly or run behind an edge proxy such as Caddy or Nginx
Choose Platform
macOS and Windows are for local trials. Linux is the production deployment path.
Run Kageos locally on macOS
Use this when you want to try Kageos on your Mac before setting up a Linux server.
Install and run
Install Podman Desktop, finish Podman machine onboarding, then run Kageos.
- Open Podman Desktop and complete Podman machine onboarding before running the Kageos installer.
- Creates a persistent kageos-data volume and runs the qiayanai/kageos image.
- The installer prints the system login after the first successful install.
Run Kageos locally on Windows
Use this when you want to try Kageos from PowerShell on a Windows workstation.
Install and run
Install Podman Desktop, finish Podman machine onboarding, then run Kageos.
- Podman Desktop runs Linux containers through a Podman machine on Windows.
- Creates a persistent kageos-data volume and runs the qiayanai/kageos image.
- The installer prints the system login after the first successful install.
Deploy Kageos on Linux production
Use this when Kageos should run on a remote server for a team or persistent environment.
Build the exact Linux command
Choose one production path and copy the single command it generates.
Mainland China mode uses Alibaba Cloud Container Registry for Kageos image distribution, public mirrors such as DaoCloud , and Goproxy.cn supported by Qiniu Cloud for Go module downloads when needed.
Default install
Use this for servers outside mainland China, or any server that can pull DockerHub images normally.
Behind an existing reverse proxy
Use this when Caddy, Nginx, or a load balancer already owns ports 80/443 and forwards traffic to Kageos.
Mainland China install
Adds --cn so the installer automatically chooses the mainland China download or pull path and falls back when needed.
Review the installer before running
Use this path when you need to inspect the script before execution.
Clean uninstall
Use this before reinstalling a failed test server. --purge deletes /opt/kageos data.
- Pulls from the China registry first, or falls back to the upstream image, then runs one rootful all-in-one container.
- Stores persistent data under /opt/kageos/data by default; the source repository is not cloned.
- Use --cn only for mainland China servers; other regions should keep the default command.
- --cn also configures Go module downloads through mainland China friendly proxy settings for workspace app builds.
- The server IP URL is only for initial validation; use a domain with HTTPS before inviting real users.
- Use --tls-mode external when TLS is terminated by Caddy, Nginx, a cloud load balancer, or another edge proxy.
- If the host FORWARD policy blocks container traffic, the installer adds scoped allow rules for the Kageos public ports.
- If localhost works but the public URL still times out, run sudo kageos doctor and check cloud firewall rules.
- Clean uninstall is available through uninstall-prod.sh; add --remove-images only when you also want to repull images.
- Advanced flags such as custom ports, image pinning, and container engine fallback are documented inside install-prod.sh.
Choose the Production Shape
Pick the shape that matches the host before running the installer. The public URL passed through --base-url should always be the URL users open in the browser.
Kageos owns 80/443
Use the default command when nothing else is listening on the public web ports. Kageos handles HTTP, HTTPS, and redirects inside the all-in-one container.
Caddy or Nginx owns TLS
Use --tls-mode external when a reverse proxy already listens on 80/443 and forwards to Kageos on a private HTTP port.
IP and HTTP trial
Use an HTTP IP URL only to confirm the server and image path. Switch to a domain and HTTPS before inviting real users.
Reverse Proxy Deployment
This is the recommended path when a host already runs Caddy, Nginx, a cloud load balancer, or a platform ingress. Keep the proxy on 80/443 and let Kageos serve local HTTP on 10001.
Install Kageos behind the proxy
The canonical URL remains HTTPS because that is what users open. external means TLS terminates before traffic reaches Kageos.
Caddy example
Caddy automatically obtains certificates when the DNS A record points to this server and public TCP 80/443 are open.
Nginx example
Use this when another certificate workflow already manages Nginx TLS.
Port policy
In proxy mode, expose 80/443 to the internet for the edge proxy. Do not add the Kageos upstream port to a public cloud security group unless you intentionally want direct access.
Access Troubleshooting Checklist
Split the problem into server, proxy, DNS, and client cache. A successful server-side HTTPS probe means Kageos and the reverse proxy are already serving correctly.
Run on the server
Run from the client
What Gets Deployed
Common Commands
Need help?
Check the full documentation or open an issue on GitHub.