RIPS Installer Tool

The RIPS installer is a small Python script that helps administrators to manage their local RIPS installation. It supports command line arguments to select an action and to specify its behavior.


All commands are exclusive, i.e. you can only execute one command at a time.

rips:installStart the installation process [Installing RIPS]
rips:updatePull new RIPS Docker containers and replace the old containers [Updating RIPS]
rips:stopStop RIPS Docker containers
rips:startStart RIPS Docker containers
rips:restartStop and start RIPS Docker containers
rips:configModify the configuration values
rips:passwordChange the password of RIPS users
rips:reportCreate an archive with all log files for the customer support
rips:downloadDownload current Docker images and store them in archive
rips:migrateMigrate RIPS2 to RIPS3 (deprecated)
rips:statusShow status information about the RIPS Docker containers
rips:execExecute a system command in a RIPS Docker container
rips:loginStore the download credentials permanently in the configuration
rips:logoutRemove the download credentials from the configuration
rips:uninstallGenerate an uninstall verification token [Uninstalling RIPS]
listShow all available commands
helpShow help and parameters for commands

Configuration Parameters

The RIPS configuration parameters can be specified when running rips:install or rips:migrate for the first time or in combination with rips:config. RIPS has to be restarted to load the new configuration values. Different commands have additional parameters that can be listed with help. For example, to apply configuration values directly the --restart parameter can be used in combination with rips:config.

--api-timeout-t600Modify the timeout period (seconds) for requests
--engine-timeout-T14400Modify the timeout period (seconds) for scans
--consumer-C2Modify the amount of additional consumer containers
--ui-port-p80Modify the user interface port
--ui-admin-port-k8070Modify the admin interface port
--api-port-P8080Modify the application programming interface port
--storage-port-Q9000Modify the storage port
--ui-address-b0.0.0.0Modify the bind address for the user interface
--ui-admin-address-K0.0.0.0Modify the bind address for the admin interface
--api-address-B0.0.0.0Modify the bind address for the application programming interface
--storage-address-S127.0.0.1Modify the bind address for the storage server
--api-url-ahttp:// the URL to the application programming interface (recommended)
--ui-url-uhttp:// the URL to the user interface
--storage-url-shttp://storage:9000Modify the URL to the storage server
0Enable (1) or disable (0) LDAP support
--docker-socket-D/var/run/docker.sockModify the path to the Docker socket that is used by the installer
--ip4-subnet-I172.28.0.0/16Modify the Docker IPv4 subnet
--master-M1Enable (1) or disable (0) master services
--worker-W1Enable (1) or disable (0) worker services
--disable-invite-X0If enabled (1) e-mail addresses do not have to be verified
--engine-memory-allocation-m85Modify the maximum percentage of allocated memory (Java engine)


You can set the following environment variables for optional configuration.



Use Docker images from manually downloaded archive (see "Offline installation" in the installation example)


Use this user to authenticate


Use this password to authenticate


Use content as additional environment variables for the installer



Modify the path to custom CA certificate (PEM)



Modify the path to the Docker socket that is used by the installer

Proxy Server

In case you are in a corporate network and can only reach the Internet through a proxy, you have to configure the Docker daemon to use said proxy. More information can be found in the official Docker documentation. Additionally, you have to specify your proxy environment variables with RIPS_ENV, for example RIPS_ENV="HTTP_PROXY=;HTTPS_PROXY=". Multiple variables can be separated with a semicolon.

TLS Interception

If you are intercepting TLS connections you have to place your CA certificate at /etc/docker/certs.d/ The certificate has to be in PEM format.