# Deploying HQ

The HQ docker image can be configured via volume mounts for the configuration file.

{% hint style="info" %}
The HQ looks for the **config.yaml** in the current working directory. This is the root directory for Docker.
{% endhint %}

## Running the Docker <a href="#running-the-docker" id="running-the-docker"></a>

{% code title="terminal" %}

```bash
docker run --name lenses-hq \
--network panoptes \
-p 8080:8080 \
-v $(pwd)/config.yaml:/config.yaml\
lensting/lenses-hq:6.1
```

{% endcode %}

***

## Prerequisites

The main pre-requirements that has to be fulfilled before Lenses HQ container can be started and those are:

* [x] Postgres database
  * [x] See [docs here](https://docs.lenses.io/latest/getting-started/connecting-lenses-to-your-environment/overview#postgres) for information on configuring Postgres to work with Agent.

## Complete configuration file

{% hint style="success" %}
In demo purposes and testing the product you can use our community license

```yaml
license_key_2SFZ0BesCNu6NFv0-EOSIvY22ChSzNWXa5nSds2l4z3y7aBgRPKCVnaeMlS57hHNVboR2kKaQ8Mtv1LFt0MPBBACGhDT5If8PmTraUM5xXLz4MYv
```

{% endhint %}

Main configuration file that has to be configured before running docker command is **config.yaml**.

{% hint style="info" %}
Assertion Consumer Service endpoint is following

```
/api/v2/auth/saml/callback?client_name=SAML2Client
```

{% endhint %}

Sample configuration file is following:

{% code title="config.yaml" %}

```yaml
auth:
  administrators:
    - admin
    - admin@company.com
  users:
    - username: admin
      # bcrypt("correcthorsebatterystaple").
      password: $2a$10$F66cb6ZhnJjGCZuxlvKP1e84eytTpT1MDJcpBblHaZgsqp1/Aa0LG
  sessionDuration: 24h
  saml:
    enabled: true
    baseURL: https://lenses6.company.com
    entityID: https://lenses6.company.com
    metadata: |          
         <?xml version="1.0" encoding="UTF-8"?><md:EntityDescriptor
          xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
            </md:IDPSSODescriptor>
          </md:EntityDescriptor>
          
    userCreationMode: manual
    groupMembershipMode: manual
    uiRootURL: /
    groupAttributeKey: groups
    authnRequestSignature:
      enabled: false
http:
  address: :8080
  accessControlAllowOrigin:
    - https://lenses6.company.com
  accessControlAllowCredentials: false
  secureSessionCookies: false
agents:
  address: :10000
database:
  host: postgres-postgresql.postgres.svc.cluster.local:5432
  username: $(LENSESHQ_PG_USERNAME)
  password: $(LENSESHQ_PG_PASSWORD)
  schema:
  database: lenseshq
  TLS: false
license:
  key: license_key_
  acceptEULA: true
logger:
  mode: text
  level: debug
metrics:
  prometheusAddress: :9090

```

{% endcode %}

More about configuration options, see [HQ](https://docs.lenses.io/latest/deployment/configuration/hq).

***

## What's next?

After the successful configuration and installation of HQ, the next steps would be:

1. [**Deploying an Agent**](https://docs.lenses.io/latest/deployment/installation/docker/agent)
2. [**Example Policies**](https://docs.lenses.io/latest/deployment/installation/docker/broken-reference)