1 of 1

Deploying an Insight Point using the install script

Generic instructions for running an Insight Point as a Docker container on Debian / Ubuntu / Amazon Linux / RedHat Linux.

Veza maintains a script you can use to quickly install and run an Insight Point with Docker. Follow these steps to set up your environment, run the latest install script, and manage the deployment.

Prerequisites

Systemd
Docker (or Podman with Docker compatibility)

Install Docker

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker

sudo apt-get update
sudo apt-get install -y docker.io

sudo dnf install -y podman-docker

Install

Generate an Insight Point key from the Veza Integrations > Insight Point page. Store it as an environment variable before downloading and executing the script:

INSIGHT_POINT_KEY="<key>" bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

export INSIGHT_POINT_KEY="<key>"
bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

Remove

Uninstall

Uninstall will remove all components of the Insight Point but will not remove the configuration in /etc/veza-insight-point.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- uninstall

Remove

Remove will remove all components of the Insight Point and the configuration in /etc/veza-insight-point. The Insight Point Key will be lost (if not backed up).

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- remove

Tips & Tricks

Pull from a different registry

The Insight Point image must be pulled from a pull-through cache or private registry (where the image is mirrored). You can override the image repository with the IMAGE_REPOSITORY config setting.

Create or edit the configuration in /etc/veza-insight-point/service.env to set the IMAGE_REPOSITORY configuration:

IMAGE_REPOSITORY="registry.example.com/veza/insight-point"

If pulling some other image version than the default image tag (latest), you need to configure the override using the IMAGE_TAG option:

IMAGE_TAG="myversion1"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Using a proxy server

If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY lines to the Insight Point service configuration.

Create or edit the configuration file /etc/veza-insight-point/config.env to include the proxy server details:

HTTP_PROXY=http://proxy.local:8080
HTTPS_PROXY=http://proxy.local:8080
NO_PROXY=*.domain.local,*.domain2.local

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Configuring Insight Point to forward connections to Veza (early access)

An Insight Point can proxy connections to Veza, allowing you to send Open Authorization API (OAA) payloads to a locally accessible server within a VPC instead of directly over the internet.

When a proxy port is enabled in the configuration, applications can push to the Insight Point's internal network address (e.g., http://localhost:8080/api/v1/providers/custom/...), instead of making API calls directly to Veza's cloud service (https://$VEZA_URL/api/v1/providers/custom/...).

Create or edit the configuration file /etc/veza-insight-point/service.env to set the proxy port:

PROXY_PORT=8080

Save the changes. Then, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Proxy server is supported since Veza release 2025.5.x. For older Insight Points, you will need to reinstall before you can enable a proxy port:

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- reinstall

Using custom certificates

Create or edit the configuration file /etc/veza-insight-point/service.env to mount the custom certificates to the Insight Point container:

CONTAINER_FLAGS="-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Troubleshooting

Status

Retrieve the status of the Insight Point systemd service:

systemctl status veza-insight-point.service

Logs

Retrieve last 500 log lines for the Insight Point service:

journalctl -n 500 -u veza-insight-point.service

Follow logs for the Insight Point service:

journalctl -u veza-insight-point.service -f

Reinstall

Reinstall will remove the currently installed Insight Point service and install it again. All configuration in /etc/veza-insight-point will be preserved.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- reinstall

Deploying an Insight Point using the install script

Generic instructions for running an Insight Point as a Docker container on Debian / Ubuntu / Amazon Linux / RedHat Linux.

Veza maintains a script you can use to quickly install and run an Insight Point with Docker. Follow these steps to set up your environment, run the latest install script, and manage the deployment.

Prerequisites

Systemd
Docker (or Podman with Docker compatibility)

Install Docker

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker

sudo apt-get update
sudo apt-get install -y docker.io

sudo dnf install -y podman-docker

Install

Generate an Insight Point key from the Veza Integrations > Insight Point page. Store it as an environment variable before downloading and executing the script:

INSIGHT_POINT_KEY="<key>" bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

export INSIGHT_POINT_KEY="<key>"
bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)"

Remove

Uninstall

Uninstall will remove all components of the Insight Point but will not remove the configuration in /etc/veza-insight-point.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- uninstall

Remove

Remove will remove all components of the Insight Point and the configuration in /etc/veza-insight-point. The Insight Point Key will be lost (if not backed up).

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- remove

Tips & Tricks

Pull from a different registry

The Insight Point image must be pulled from a pull-through cache or private registry (where the image is mirrored). You can override the image repository with the IMAGE_REPOSITORY config setting.

Create or edit the configuration in /etc/veza-insight-point/service.env to set the IMAGE_REPOSITORY configuration:

IMAGE_REPOSITORY="registry.example.com/veza/insight-point"

If pulling some other image version than the default image tag (latest), you need to configure the override using the IMAGE_TAG option:

IMAGE_TAG="myversion1"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Using a proxy server

If you need to use a proxy server, add the HTTP_PROXY, HTTPS_PROXY, and NO_PROXY lines to the Insight Point service configuration.

Create or edit the configuration file /etc/veza-insight-point/config.env to include the proxy server details:

HTTP_PROXY=http://proxy.local:8080
HTTPS_PROXY=http://proxy.local:8080
NO_PROXY=*.domain.local,*.domain2.local

To configure custom certificates, see the section.

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Configuring Insight Point to forward connections to Veza (early access)

An Insight Point can proxy connections to Veza, allowing you to send Open Authorization API (OAA) payloads to a locally accessible server within a VPC instead of directly over the internet.

Create or edit the configuration file /etc/veza-insight-point/service.env to set the proxy port:

PROXY_PORT=8080

Save the changes. Then, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Proxy server is supported since Veza release 2025.5.x. For older Insight Points, you will need to reinstall before you can enable a proxy port:

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- reinstall

Using custom certificates

Create or edit the configuration file /etc/veza-insight-point/service.env to mount the custom certificates to the Insight Point container:

CONTAINER_FLAGS="-v /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt"

After the changes have been made and saved, restart the Insight Point service:

sudo systemctl restart veza-insight-point

Check that the service has started successfully by running the following command:

systemctl status veza-insight-point

Troubleshooting

Status

Retrieve the status of the Insight Point systemd service:

systemctl status veza-insight-point.service

Logs

Retrieve last 500 log lines for the Insight Point service:

journalctl -n 500 -u veza-insight-point.service

Follow logs for the Insight Point service:

journalctl -u veza-insight-point.service -f

Reinstall

Reinstall will remove the currently installed Insight Point service and install it again. All configuration in /etc/veza-insight-point will be preserved.

bash -c "$(curl -fsSL https://veza-releases.s3.us-east-1.amazonaws.com/insightpoint/install.sh)" -- reinstall