User Manual

Secure Gateway Manual

Roboflow Secure Gateway is a FastAPI HTTP proxy for air-gapped Roboflow deployments. It sits in the DMZ between your edge devices and the internet, forwarding requests to api.roboflow.com and repo.roboflow.com, caching responses on local disk or S3, and exporting a structured access record for every request to your SIEM.

It is the successor to the Roboflow License Server — same role in your network, with caching and audit added on top. This manual covers installation, configuration, and day-to-day operation. Current version v0.1.0.

Quickstart

Pull the image (public, anonymous — there is no :latest, so pin a tag) and run it with a local disk cache:

docker run -d \
  --name secure-gateway \
  -p 80:80 \
  -v gateway-cache:/var/cache/secure-gateway \
  repo.roboflow.com/roboflow-edge/secure-gateway:0.1.0-70

curl http://localhost/health
# {"status":"healthy"}

From here: Installation for Helm and S3, Connecting Clients to point devices at the gateway, and Deployment Examples for turnkey ECS / EKS / GKE.

What's in this manual

System Requirements

Runtime, memory, storage, ports, and outbound access.

Installation

Run via Docker or the Helm chart, disk or S3 cache.

Configuration

Every environment variable the container honours.

Caching

Tiered TTLs, S3 backends, headers, and the admin API.

Routes & Proxy

Path routing and the SSRF-protected /proxy.

Log Export / SIEM

Webhook, syslog, and file sinks for audit records.