Deploy
A production deployment adds TLS, subdomain routing, the right server settings, and the control plane.
Server settings
The application is tuned in its config file:
- One workspace per subdomain. A database filter binds each subdomain to its
own database (
dbfilter = ^%d$), soacme.your-domainonly ever loads theacmedatabase. - Database list off. Disable the public database list so tenants can't see or reach each other's databases.
- Workers. Run several worker processes sized to your CPU and memory.
TLS and routing
Nginx terminates TLS with a wildcard certificate for *.your-domain and
proxies to the application server. One certificate covers every workspace
subdomain, so adding a workspace needs no certificate change.
The control plane
The control plane is a small service that:
- Creates a new database per workspace and installs the right apps.
- Handles signup and billing.
- Automates DNS for new subdomains.
Run it alongside the application server in the same Compose project.
Continuous deployment
Pushing to your main branch can trigger a deploy: connect over SSH, pull, rebuild the control plane, restart the application, and run a health check. Keep deployment secrets in your CI provider's secret store, scoped to the production environment.
Related
- Email — wire up outbound mail.
- Domain names — point subdomains at the server.
- Back up & restore — before you go live.
Need a hand with this? company@everjust.co — a human answers.