RAGWire – FastAPI RAG Backend Setup

RAGWire is an OpenAI-compatible FastAPI server that supports multiple AI agent frameworks — LangChain, LangGraph, CrewAI, and AutoGen — with Qdrant as the vector store and Google Gemini as the language model. This guide covers local Docker development and production deployment across five major cloud platforms.

Configuration

Environment Variables

Create a .env file in the project root:

BASH

GOOGLE_API_KEY=your_google_api_key
QDRANT_URL=https://your-cluster.cloud.qdrant.io:6333
QDRANT_API_KEY=your_qdrant_api_key

AGENT=01_langchain_agent   # see Available Agents below

LANGCHAIN_TRACING_V2=false
CREWAI_TRACING_ENABLED=false

Available Agents

Value	Agent
`01_langchain_agent`	LangChain (default)
`02_langgraph_self_correcting_agent`	LangGraph self-correcting
`03_langgraph_supervisor_agent`	LangGraph supervisor
`04_crewai_agent`	CrewAI single agent
`05_crewai_multiagent`	CrewAI multi-agent
`06_autogen_agent`	AutoGen single agent
`07_microsoft_agent`	Microsoft Agent Framework
`08_microsoft_multiagent`	Microsoft Multi-agent

Local Development

Docker Run

BASH

# Build the image
docker build -t fastapi-rag-backend .

# Run the container
docker run -p 8080:8080 --env-file .env fastapi-rag-backend

Server runs at http://localhost:8080.

Cloud Deployment

Railway

Push code to GitHub.
Go to railway.app → New Project → Deploy from GitHub repo.
Select your repository — Railway auto-detects the Dockerfile.
Add environment variables under the Variables tab.
Go to Settings → Networking → Generate Domain.

Render

Go to render.com → New → Web Service.
Connect your GitHub repository — Render auto-detects the Dockerfile.
Add environment variables under the Environment tab.
Click Deploy.

Note

The free tier spins down after 15 minutes of inactivity.

AWS ECS Express Mode

Note

AWS App Runner no longer accepts new customers as of April 30, 2026. AWS recommends Amazon ECS Express Mode for containerized deployments.

Install AWS CLI

BASH

# macOS
brew install awscli

# Windows
winget install Amazon.AWSCLI

# Linux
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip && sudo ./aws/install

Configure Credentials

BASH

aws configure
# Enter: AWS Access Key ID, Secret Access Key, region (e.g. us-east-1), output format (json)

Push Image to ECR

BASH

# Create ECR repository
aws ecr create-repository --repository-name fastapi-rag-backend

# Authenticate Docker to ECR
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 783330586114.dkr.ecr.us-east-1.amazonaws.com

# Build and push image
docker build -t fastapi-rag-backend .
docker tag fastapi-rag-backend:latest 783330586114.dkr.ecr.us-east-1.amazonaws.com/fastapi-rag-backend:latest
docker push 783330586114.dkr.ecr.us-east-1.amazonaws.com/fastapi-rag-backend:latest

Deploy with ECS Express Mode

Go to AWS Console → Elastic Container Service → Services → Create.
Select Express mode.
Paste your ECR image URI: 783330586114.dkr.ecr.us-east-1.amazonaws.com/fastapi-rag-backend:latest
Set container port to 8080.
Add environment variables (GOOGLE_API_KEY, QDRANT_URL, QDRANT_API_KEY, etc.).
Let AWS auto-create the required IAM roles when prompted.
Click Create — AWS automatically provisions the load balancer, networking, HTTPS endpoint, and auto-scaling.

Your app will be live at the auto-generated HTTPS URL shown in the console.

GCP Cloud Run

Install gcloud CLI

BASH

# macOS
brew install --cask google-cloud-sdk

# Windows
winget install Google.CloudSDK

# Linux
curl https://sdk.cloud.google.com | bash
exec -l $SHELL

Verify the installation:

BASH

gcloud --version

Initialize and Login

BASH

# Login to your Google account
gcloud auth login

# Initialize gcloud (select project, region, etc.)
gcloud init

Tip

If you don't have a GCP project yet, go to console.cloud.google.com → New Project and copy the Project ID.

Set Your Project

BASH

gcloud config set project YOUR_PROJECT_ID

# Verify
gcloud config get project

Enable Required APIs

BASH

gcloud services enable run.googleapis.com
gcloud services enable cloudbuild.googleapis.com
gcloud services enable artifactregistry.googleapis.com

Authenticate Docker to Google Cloud

BASH

gcloud auth configure-docker

Deploy to Cloud Run

Cloud Run builds and deploys the Docker image automatically from source — no manual docker build or docker push needed. First fill in your values in env.yaml, then deploy:

BASH

gcloud run deploy fastapi-rag-backend --source . --region us-central1 --allow-unauthenticated --port 8080 --env-vars-file env.yaml

Note

Cloud Run uses Cloud Build to build your image and stores it in Artifact Registry automatically.

Get Your Public URL

After deploy, the service URL is printed in the terminal:

BASH

Service URL: https://fastapi-rag-backend-xxxxxxxxxx-uc.a.run.app

Verify the deployment:

BASH

curl https://fastapi-rag-backend-xxxxxxxxxx-uc.a.run.app/health
# Expected: {"status": "ok"}

Update Deployment

Run the same deploy command again after code changes — Cloud Run rebuilds and redeploys with zero downtime:

BASH

gcloud run deploy fastapi-rag-backend --source . --region us-central1

Azure Container Apps

Install Azure CLI

BASH

# macOS
brew install azure-cli

# Windows
winget install Microsoft.AzureCLI

# Linux
curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash

Login and Create Resource Group

BASH

az login
az group create --name ragwire-rg --location eastus

Create Azure Container Registry and Push Image

BASH

# Create ACR
az acr create --name ragwireacr --resource-group ragwire-rg --sku Basic

# Login to ACR
az acr login --name ragwireacr

# Build and push image
docker build -t ragwireacr.azurecr.io/fastapi-rag-backend:latest .
docker push ragwireacr.azurecr.io/fastapi-rag-backend:latest

Note

az containerapp up --source . uses ACR Tasks to build the image, which is not available on free/trial Azure subscriptions. Building and pushing locally bypasses this restriction.

Deploy

Run locally or from Azure Cloud Shell (recommended if you have TLS or network issues locally):

BASH

az acr update -n ragwireacr --admin-enabled true

az containerapp env create --name ragwire-env --resource-group ragwire-rg --location eastus

az containerapp up --name fastapi-rag-backend --image ragwireacr.azurecr.io/fastapi-rag-backend:latest --resource-group ragwire-rg --environment ragwire-env --ingress external --target-port 8080 --registry-server ragwireacr.azurecr.io --registry-username ragwireacr --registry-password $(az acr credential show --name ragwireacr --query "passwords[0].value" -o tsv)

Set Environment Variables

macOS / Ubuntu / Azure Cloud Shell — reads directly from .env file:

BASH

az containerapp update --name fastapi-rag-backend --resource-group ragwire-rg --set-env-vars $(grep -v '^#' .env | grep '=' | xargs)

Windows (PowerShell):

POWERSHELL

$envVars = (Get-Content .env | Where-Object { $_ -notmatch '^#' -and $_ -match '=' })

az containerapp update --name fastapi-rag-backend --resource-group ragwire-rg --set-env-vars @envVars

Endpoints

Method	Endpoint	Description
`GET`	`/health`	Health check
`GET`	`/v1/models`	List available models
`POST`	`/v1/chat/completions`	Chat with the RAG agent (streaming)
`POST`	`/upload`	Upload documents for ingestion

OpenWebUI Integration

Go to OpenWebUI → Settings → Connections.
Set URL to your deployed API URL (e.g. https://your-app.up.railway.app).
Select the model and start chatting.

Upload Documents

BASH

curl -X POST https://your-api-url/upload -F "files=@document.pdf" -F "files=@report.docx"

Authentication

The server supports optional API key authentication via Bearer token, matching the OpenAI authentication scheme.

Add the Security Dependency to `routes.py`

PYTHON

import os
from fastapi import Depends, HTTPException, Security
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

API_KEY = os.getenv("API_KEY")
bearer = HTTPBearer(auto_error=False)

def verify_api_key(credentials: HTTPAuthorizationCredentials = Security(bearer)):
    if API_KEY and (not credentials or credentials.credentials != API_KEY):
        raise HTTPException(status_code=401, detail="Invalid or missing API key")

Protect Routes with the Dependency

Add dependencies=[Depends(verify_api_key)] to each route you want to protect:

PYTHON

@router.post("/v1/chat/completions", dependencies=[Depends(verify_api_key)])
@router.get("/v1/models", dependencies=[Depends(verify_api_key)])
@router.post("/upload", dependencies=[Depends(verify_api_key)])

Set the Environment Variable

BASH

API_KEY=your-secret-key

Note

If API_KEY is not set, authentication is disabled and all endpoints are open. The /health endpoint is always public.

Topics You Will Master

Configuration

Environment Variables

Available Agents

Local Development

Docker Run

Cloud Deployment

Railway

Render

AWS ECS Express Mode

Install AWS CLI

Configure Credentials

Push Image to ECR

Deploy with ECS Express Mode

GCP Cloud Run

Install gcloud CLI

Initialize and Login

Set Your Project

Enable Required APIs

Authenticate Docker to Google Cloud

Deploy to Cloud Run

Get Your Public URL

Update Deployment

Azure Container Apps

Install Azure CLI

Login and Create Resource Group

Create Azure Container Registry and Push Image

Deploy

Set Environment Variables

Endpoints

OpenWebUI Integration

Upload Documents

Authentication

Add the Security Dependency to routes.py

Protect Routes with the Dependency

Set the Environment Variable

Latest recommendations you might like

Hunyuan3D v2 and Blender MCP Setup Guide

Local LLMs 2026: Technical Reference

Find this tutorial useful?

Discussion & Comments

Add the Security Dependency to `routes.py`