Choose Your Platform
Broch ships as a Docker image and runs on any platform that supports containers. The platform you choose determines how TLS is handled, which database options are available, and how much operational overhead you take on.
Platform Comparison
Section titled “Platform Comparison”| Platform | Database options | TLS approach | One-click? | Status |
|---|---|---|---|---|
| Docker Compose | Embedded PostgreSQL or external | Caddy automatic (DNS-01) or bring your own | No (manual) | Ready |
| Azure | Azure Flexible Server (managed) | PFX certificate (base64-encoded) | Yes (Marketplace) | Ready |
| AWS | RDS PostgreSQL (always external) | ACM certificate | Yes (CloudFormation) | In progress |
| DigitalOcean | Embedded PostgreSQL | Automatic via Caddy + DNS-01 | Yes (Terraform) | In progress |
Embedded PostgreSQL Availability
Section titled “Embedded PostgreSQL Availability”Embedded PostgreSQL (a PostgreSQL sidecar running alongside Broch in the same deployment) is available on:
-
Docker Compose — PostgreSQL runs as a compose service on the same host
-
DigitalOcean — PostgreSQL on attached block storage
Embedded PostgreSQL is not available on AWS or Azure — both use managed database services.
Important: Embedded PostgreSQL does not encrypt data at rest. If encryption at rest is a requirement (e.g., for SOC 2 or GDPR compliance), you must use an external managed database with encryption configured. See Database.
Scaling
Section titled “Scaling”The primary scaling strategy for Broch is vertical — allocate more CPU and memory to the container. A single instance handles a large number of concurrent users and tunnels, and most deployments will not need to go beyond this.
If one instance is not enough, the next step is to deploy a second independent instance — for example, one per region, one per team, or one per business unit. Each instance has its own database and license, and users connect to the instance assigned to them.
Horizontal clustering (multiple instances sharing a single database and load balancer) is not available in the current release. If this is a requirement for your deployment, contact [email protected] — it is on the roadmap and will be prioritised based on customer demand.
Choosing
Section titled “Choosing”- Starting out / on-premises / air-gapped: Docker Compose. Most portable, works anywhere Docker runs, full control.
- Azure shop: Azure Marketplace deployment. One-click, Bicep-managed, integrates with Key Vault and Azure AD.
- AWS shop: AWS CloudFormation. ECS Fargate on Graviton, RDS PostgreSQL, ALB. In progress — check back or use Docker Compose on EC2 in the meantime.
- DigitalOcean: Terraform-managed droplet with Caddy for automatic wildcard TLS. In progress.