Deploying an Insight Point using the install script
Generic instructions for running an Insight Point as a Docker container on Debian / Ubuntu / Amazon Linux / RedHat Linux.
Veza maintains a script you can use to quickly install and run an Insight Point with Docker. Follow these steps to set up your environment, run the latest install script, and manage the deployment.
Prerequisites
Systemd
Docker (or Podman with Docker compatibility)
Install Docker
Install
Generate an Insight Point key from the Veza Integrations > Insight Point page. Store it as an environment variable before downloading and executing the script:
or
Remove
Uninstall
Uninstall will remove all components of the Insight Point but will not remove the configuration in /etc/veza-insight-point.
Remove
Remove will remove all components of the Insight Point and the configuration in /etc/veza-insight-point. The Insight Point Key will be lost (if not backed up).
Tips & Tricks
Pull from a different registry
The Insight Point image must be pulled from a pull-through cache or private registry (where the image is mirrored). You can override the image repository with the IMAGE_REPOSITORY config setting.
Create or edit the configuration in /etc/veza-insight-point/service.env to set the IMAGE_REPOSITORY configuration:
If pulling some other image version than the default image tag (latest), you need to configure the override using the IMAGE_TAG option:
After the changes have been made and saved, restart the Insight Point service:
Check that the service has started successfully by running the following command:
Using a proxy server
If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY lines to the Insight Point service configuration.
Create or edit the configuration file /etc/veza-insight-point/config.env to include the proxy server details:
After the changes have been made and saved, restart the Insight Point service:
Check that the service has started successfully by running the following command:
Configuring Insight Point to forward connections to Veza (early access)
An Insight Point can proxy connections to Veza, allowing you to send Open Authorization API (OAA) payloads to a locally accessible server within a VPC instead of directly over the internet.
When a proxy port is enabled in the configuration, applications can push to the Insight Point's internal network address (e.g., http://localhost:8080/api/v1/providers/custom/...), instead of making API calls directly to Veza's cloud service (https://$VEZA_URL/api/v1/providers/custom/...).
Create or edit the configuration file /etc/veza-insight-point/service.env to set the proxy port:
Save the changes. Then, restart the Insight Point service:
Proxy server is supported since Veza release 2025.5.x. For older Insight Points, you will need to reinstall before you can enable a proxy port:
Using custom certificates
Create or edit the configuration file /etc/veza-insight-point/service.env to mount the custom certificates to the Insight Point container:
After the changes have been made and saved, restart the Insight Point service:
Check that the service has started successfully by running the following command:
Troubleshooting
Status
Retrieve the status of the Insight Point systemd service:
Logs
Retrieve last 500 log lines for the Insight Point service:
Follow logs for the Insight Point service:
Reinstall
Reinstall will remove the currently installed Insight Point service and install it again. All configuration in /etc/veza-insight-point will be preserved.
Last updated
Was this helpful?