Conductor Deployment¶
Deploy the Conductor signal pipeline alongside WitFoo Analytics for log collection.
Architecture¶
Conductor runs as a separate Docker Compose stack connected to Analytics via an external Docker network.
graph LR
Sources[Log Sources] --> SS[Signal Server]
SS --> SP[Signal Parser]
SP --> AF[Artifact Filter]
AF --> AE[Artifact Exporter]
AE -->|HMAC Auth| AI[Analytics Artifact Ingestion]Prerequisites¶
- WitFoo Analytics running with
witfoo-analytics-netDocker network - Conductor binaries built via
scripts/conductor-build.sh
Deployment¶
# Build Conductor binaries
./scripts/conductor-build.sh
# Start Conductor services
./scripts/dev-conductor.sh start
# Verify status
./scripts/dev-conductor.sh status
Services¶
| Service | Ports | Description |
|---|---|---|
| broker-edge | 4223, 8223 | NATS JetStream broker |
| signal-server | 514/udp, 514/tcp, 5044, 6514 | Log receiver |
| signal-parser | Internal | Signal parsing |
| artifact-filter | Internal | Artifact filtering |
| artifact-exporter | Internal | HTTP export to Analytics |
HMAC Authentication¶
Configure the shared secret in both stacks:
# Analytics docker/.env
ANALYTICS_SECRET=your-shared-secret
# Conductor config
# Same secret in conductor-node.json
SAML Authentication in Conductor UI¶
When deployed in AIO (All-in-One) mode with SSO enabled, the Conductor UI inherits SAML authentication from the analytics reverse proxy. The SAML Provider Wizard is available in the Conductor UI settings at Settings > Authentication, providing the same guided 7-step configuration as the analytics UI.
Key details for Conductor SAML:
- Conductor UI runs with
REVERSE_PROXY_MODE=true, trustingX-Auth-*headers from the analytics reverse proxy - A shared
WF_JWT_SECRETenables JWT-based SSO between analytics and conductor - The
/conductor/statusendpoint remains unauthenticated to allow NavBar visibility checks - SAML auth fallback (
?auth_fallback=true) works on the conductor login page as well
SSO Prerequisite
SAML must be configured in the analytics Admin > Settings > Authentication page first. The conductor inherits the authentication configuration from the analytics stack.
Docker Network¶
Both stacks share an external network:
Next Steps¶
After deployment, configure your data source integrations:
- Integration Enablement Guides — Step-by-step setup for 39 supported integrations
- Signal Client — API-based signal collection architecture
- Conductor Troubleshooting — Common issues and diagnostics