Prerequisites
Prerequisites
Before installing Message Center, ensure all dependencies and configuration requirements are in place.
Runtime Dependencies
Node.js
- Version: Node.js 20 or later (LTS recommended)
- Verify:
node -v— must showv20.xor higher - The build process requires Node.js 20+ for native fetch, experimental flags, and performance characteristics that the BFF relies on.
Yarn
- Version: Yarn 1.x (Classic) — installed via
npm install -g yarn - Used for dependency installation and script execution.
Docker
- Required for running MongoDB locally in development (via
make dev). - Required for building the production Docker image (
make docker-build).
MongoDB
- Version: MongoDB 6.0 or later
- Deployment: A dedicated MongoDB cluster (not shared with Core or other services)
- Database name: Configurable via
MONGODB_DB(default:core_admin) - Authentication: Root credentials for production (
MONGO_ROOT_USER,MONGO_ROOT_PASSWORD)
Network access:
The MongoDB instance must be reachable from the Message Center pod/container. In Kubernetes, restrict access via NetworkPolicy — only the message-center pod should reach port 27017.
mTLS Certificates
Message Center communicates with Proxy and Core over mutual TLS. You need the following certificate files from your sms-sender/core certificate authority:
| File | Path (default) | Description |
|---|---|---|
| CA certificate | certs/ca/ca.crt | Root CA that signed all service certs |
| Client certificate | certs/client/core.crt | Message Center's identity cert |
| Client private key | certs/client/core.key | Must be kept secret |
The certs/ directory is git-ignored. In Kubernetes, mount these as a read-only Secret volume at /app/certs.
Certificate rotation: Message Center hot-reloads certificates without restart. See mTLS Certificates for the rotation procedure.
BFF Service Account
Message Center authenticates to Proxy using a dedicated service account. Before deploying:
- Create a service account in Proxy (or ask the Proxy administrator).
- Note the credentials: email and password.
- Set
BFF_PROXY_EMAILandBFF_PROXY_PASSWORDin the environment.
This account is not an end-user account — it is used exclusively for service-to-service JWT acquisition.
Network Requirements
Verify connectivity before deploying:
| Source | Destination | Port | Protocol |
|---|---|---|---|
| Message Center | Proxy | 8088 | HTTPS + mTLS (JWT login) |
| Message Center | Proxy/Core API | 8089 | HTTPS + mTLS (API calls) |
| Message Center | Core | 8080 | HTTPS + mTLS (admin API) |
| Message Center | Core (health) | 8092 | HTTP (no mTLS) |
| Message Center | MongoDB | 27017 | TCP |
| Browser | Message Center | 3000 | HTTP/HTTPS |
Optional: Grafana
To enable the embedded monitoring dashboard:
- Grafana 9.x or later
GF_SECURITY_ALLOW_EMBEDDING=trueset in Grafana's configuration- Dashboard URL accessible from users' browsers (not just from the server)
See Monitoring & Alerts for the full Grafana integration guide.
Optional: Aerospike
If your Core deployment uses Aerospike for recipient caching, the Message Center Diagnostics page can query Aerospike statistics. No configuration is required in Message Center — it reads Aerospike data through Core's admin API.
Production Sizing (Minimum)
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 100m (0.1 vCPU) | 500m (0.5 vCPU) |
| Memory | 256 Mi | 512 Mi |
| Disk (MongoDB) | 10 GB | 100 GB+ |
Disk (/tmp for uploads) | 2 GB | 10 GB |
Memory consumption is dominated by MongoDB driver connection pooling and Next.js server-side rendering. Heap usage for file uploads is O(chunk size) regardless of file size due to streaming.
Next Steps
- Installation — install Message Center
- mTLS Certificates — set up mTLS certificates