Hookdeck Outpost on Ubuntu 24.04 LTS

Azure Streaming & Messaging

Hookdeck Outpost, the open source outbound webhooks and event delivery infrastructure, a Bearer authenticated REST API that routes your events to your users webhook and queue destinations, backed by a bundled PostgreSQL, Valkey and RabbitMQ, secured on first boot.

Base
Hardened build
minimal ports, security patches applied at build time
Access
Unique credentials
generated on first boot, readable only by root
Verified
Boots working
services pass a health gate before release
Support
24/7, 365 days
by email and live chat, 24 hour response SLA

Overview

Hookdeck Outpost is open source outbound webhooks and event delivery infrastructure. It gives your application a complete event destination backend: a REST API to manage tenants, register their event destinations (webhooks, message queues and more), publish events, sign and deliver them, and automatically retry failed deliveries, with full delivery logs, attempt history and metrics available through the API. Outpost keeps entity state in a Valkey store, records delivery logs in PostgreSQL, and moves work through a RabbitMQ message queue, so it delivers events reliably at volume without you building and operating an event pipeline yourself.

It suits teams that need to send events and webhooks to their own users and want to own that infrastructure inside their own cloud account: adding webhook support to a SaaS product, fanning events out to customer queues and endpoints, or decoupling event producers from consumers behind a durable, retrying delivery layer. Every admin request to the API is authenticated with a bearer key, and nothing is exposed without it.

Why the cloudimg image

cloudimg delivers Outpost fully installed with its PostgreSQL log store, Valkey entity store and RabbitMQ message queue on the same instance and the API fronted by nginx, so the delivery service answers the moment the instance boots. The image is secure by default: because Outpost is a control plane for outbound events, nothing ships with a known secret, so the admin API key, the JWT signing secret, the destination encryption secret, and the database, Valkey and RabbitMQ passwords are all generated uniquely on the first boot of each instance, before the port is reachable, and written to a root only credentials file. The bundled datastores are reachable only on the instance, they start empty on first boot with no prior data, and the image ships with a paired step by step deploy guide and 24/7 cloudimg support.

Common uses

  • Add outbound webhooks and event destinations to your SaaS product with a REST API for tenants, destinations, publishing and signed delivery
  • Fan events out reliably to your users webhook endpoints and message queues with automatic retries and full delivery logs and metrics
  • Own your event delivery infrastructure inside your own cloud account, backed by a bundled PostgreSQL, Valkey and RabbitMQ, with per instance secrets