TurboCI
Download
Home/Docs/Default Setup

Default setup

TurboCI provisions the baseline infrastructure for every deployment.

Networking, relay routing, SSH keys, and firewall defaults are all created automatically so the configuration can stay focused on services.

1 relay

per deployment for orchestration, distribution, and SSH ingress

2 firewalls

default SSH and HTTP policies created automatically

deploy.log
bash
$ turboci up -> Private network ready -> Relay server provisioned -> SSH keys registered -> Firewall rules applied

Provisioned defaults

What gets created on every deployment

These resources come along even before your application processes start.

Relay server

A control point for the whole deployment

  • Controls every other server in the deployment.
  • Acts as a NAT gateway for private servers where the provider does not offer managed NAT.
  • Receives synced files first, then fans them out to the target fleet in parallel.
  • Exposes only a public SSH endpoint by default.

Private network

A secure internal lane for every service

  • Every deployment gets its own private network automatically.
  • Services communicate over the internal network instead of relying on public ingress.

SSH setup

Generated keys and linked server access

  • TurboCI creates SSH keys automatically and associates them with the deployment fleet.
  • The generated key material lives under `.turboci/.ssh/` for operational access when needed.

Firewalls

Minimal inbound exposure by default

  • An SSH firewall allows only port 22.
  • An HTTP firewall allows ports 80 and 443 for load balancer services.
  • Everything else is blocked unless the service topology requires it.

File distribution

TurboCI syncs through a relay-first architecture.

File transfers use a hub-and-spoke path that reduces repeated uploads and speeds up deployment across large fleets.

Stage 1

Local to relay

Source files move from the operator machine to the relay server once.

Stage 2

Relay to services

The relay fans those files out to all target servers in parallel.

This pattern reduces bandwidth waste and improves update times when many servers need the same payload.

Operator access

Where the generated SSH material lives

Use the generated key if you need to connect to the relay server directly during diagnostics or operator intervention.

ssh-path
bash
.turboci/.ssh/

The path can also be relocated globally by settingTURBOCI_DIR.

No extra setup

You do not need to model any of this manually.

Define the services you want and let TurboCI create the supporting network, SSH, and firewall baseline around them.

Next step

Move from defaults to service design

The next step is defining deployments, services, and runtime hooks in the YAML configuration.

Continue to configuration