Connecting Clients
The gateway serves its own client installer. Devices don't set an API-URL env var — instead the script rewires three things so all Roboflow traffic routes through the gateway: the Docker daemon proxy (/etc/docker/daemon.json), /etc/hosts (points repo.roboflow.com and secure-gateway at the gateway IP), and the RFDM device config when present.
# Pull and run the installer (HTTPS / 443 is the default)
curl -fsSL https://gateway.example.com/install-client.sh \
| sudo bash -s -- --server gateway.example.com
# Gateway with no TLS configured — use plain HTTP on :80
curl -fsSL http://gateway.lan/install-client.sh \
| sudo bash -s -- --server gateway.lan --insecure-http
# Remove the configuration
sudo bash install-client.sh --uninstallThe installer defaults to HTTPS on 443. If a gateway has in-pod TLS enabled and you also run the optional HTTP_REDIRECT_PORT listener on 80, note that :80 is a 301-only redirector — use HTTPS for clients that POST (a 301 drops the body), or --insecure-http only on gateways without TLS.
What the installer changes
/etc/docker/daemon.json— sets the Docker HTTP/HTTPS proxy to the gateway so image pulls route through it/etc/hosts— pointsrepo.roboflow.comandsecure-gatewayat the gateway, tagged with a managed marker for clean uninstall/opt/rfdm/config/device.json— rewritesapi_base_url/repo_base_urlwhen RFDM is installed