System Requirements
Minimum
- Windows 10 / macOS 12 / Ubuntu 22.04
- 4 GB RAM
- 200 MB disk space
- Internet connection
Recommended
- Windows 11 / macOS 14 / Ubuntu 24.04
- 8 GB RAM
- 500 MB disk space
- Administrator / root access
Individual Setup
The Individual plan runs as a standalone desktop application. No server or IT infrastructure required.
- 1Download the installer from your dashboard (Windows .msi/.exe, macOS .dmg, or Linux .AppImage/.deb/.rpm)
- 2Run the installer and follow the setup process
- 3Enter your license key when prompted (format:
LIC-XXXX-XXXX-XXXX-XXXX) - 4Install the CA certificate (required for HTTPS inspection of AI traffic)
- 5Bleep starts protecting - runs in your system tray
Team Deployment
Team plans include a centralized admin server for policy management and monitoring. The admin server runs on your infrastructure via Docker.
Admin Server Setup (Docker)
# 1. Set your license key
export BLEEP_LICENSE_KEY=LIC-XXXX-XXXX-XXXX-XXXX
# 2. Run with Docker Compose
docker-compose up -d
# Dashboard available at http://localhost:8081Docker Compose Configuration
- • Image:
bleepit/admin-server:latest - • Port:
8081(admin dashboard & API) - • Volume:
bleep-data:/datafor persistent storage (database, seats, violations) - • Health check:
curl -f http://localhost:8081/api/stats
Note: This Docker setup runs the admin server only. Endpoint devices run the Bleep desktop app separately.
Endpoint Deployment
Deploy the endpoint app to team devices using your existing software deployment tools (SCCM, Intune, Jamf, etc.) or have users install manually.
- • Available as .msi (Windows), .dmg (macOS), .AppImage/.deb/.rpm (Linux)
- • Each endpoint requires a license key for activation
- • License is bound to the instance on first validation
Environment Variables
Bleep can be configured via environment variables or a YAML config file (config.yaml or bleep.yaml).
| Variable | Default | Description |
|---|---|---|
| BLEEP_LICENSE_KEY | - | Your license key (required) |
| BLEEP_PROXY_PORT | 8080 | HTTP/HTTPS proxy port |
| BLEEP_WEB_PORT | 8081 | Web dashboard port |
| BLEEP_BIND_HOST | 127.0.0.1 | Bind address (use 0.0.0.0 for Docker) |
| BLEEP_MODE | warning | Operating mode: learning, warning, or enforcing |
| BLEEP_SECRET_KEY | - | Session secret (Docker admin server) |
| BLEEP_LICENSE_API_URL | (built-in) | License API URL override |
Network Configuration
Firewall Rules
Bleep needs outbound HTTPS access for license validation and updates:
| Service | Destination | Port |
|---|---|---|
| License validation | *.supabase.co | 443 |
| Updates & downloads | *.supabase.co | 443 |
| AI services (proxied) | See destinations config | 443 |
Local Ports
Bleep uses three local ports. All bind to 127.0.0.1 by default (localhost only):
| Port | Purpose | Notes |
|---|---|---|
| 8080 | HTTP/HTTPS proxy | Only AI traffic is routed here via PAC |
| 8081 | Web dashboard | Local admin UI and API |
| 18080 | PAC file server | Serves proxy.pac for selective routing |
Only AI traffic is routed through the proxy via PAC-based selective routing. All other traffic (browsing, email, apps) goes direct without any inspection.