Deployment
Production Setup
Set up SkyPort for production deployments
Production Setup
Guide to setting up SkyPort in a production environment.
Server Requirements
Minimum
- CPU: 2 cores
- RAM: 2GB
- Storage: 10GB
- Network: 100Mbps connection
Recommended
- CPU: 4+ cores
- RAM: 8GB+
- Storage: 50GB+ SSD
- Network: 1Gbps connection
- Backup storage
Pre-Production Checklist
Security
- Enable HTTPS with valid certificates
- Configure firewall rules
- Set up strong authentication
- Enable audit logging
- Configure API rate limiting
- Use SSH keys for server access
Performance
- Configure reverse proxy (Caddy/Nginx)
- Enable caching
- Set up monitoring
- Configure auto-scaling
- Test load handling
- Optimize Docker resource limits
Reliability
- Configure backups
- Set up monitoring and alerts
- Enable health checks
- Configure auto-restart policies
- Test disaster recovery
- Document runbooks
Compliance
- Enable logging and retention
- Configure access controls
- Document security policies
- Plan compliance audits
- Configure data encryption
Installation for Production
1. Secure SSH Access
# Disable password authentication
sudo nano /etc/ssh/sshd_config
# Set: PasswordAuthentication no
# Set: PubkeyAuthentication yes
# Restart SSH
sudo systemctl restart sshd
# Verify no root login
# Set: PermitRootLogin no
2. System Hardening
# Update system
sudo apt update && sudo apt upgrade -y
# Enable firewall
sudo ufw enable
sudo ufw default deny incoming
sudo ufw default allow outgoing
# Allow SSH
sudo ufw allow 22/tcp
# Allow HTTP/HTTPS for SkyPort
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 8080/tcp # SkyPort WebUI
3. Install SkyPort
# Download production binary
wget https://github.com/Nil369/SkyPort/releases/latest/download/skyport-linux-amd64
chmod +x skyport-linux-amd64
sudo mv skyport-linux-amd64 /usr/local/bin/skyport
# Verify
skyport --version
4. Create Systemd Service
Create /etc/systemd/system/skyport.service:
[Unit]
Description=SkyPort Infrastructure Platform
After=network.target docker.service
Wants=docker.service
[Service]
Type=simple
User=skyport
ExecStart=/usr/local/bin/skyport start webui --port 8080
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal
[Install]
WantedBy=multi-user.target
Enable and start:
# Create skyport user
sudo useradd -r -s /bin/false skyport
# Enable service
sudo systemctl daemon-reload
sudo systemctl enable skyport
sudo systemctl start skyport
# Check status
sudo systemctl status skyport
Reverse Proxy Configuration
Nginx
server {
listen 443 ssl http2;
server_name skyport.example.com;
ssl_certificate /etc/letsencrypt/live/skyport.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/skyport.example.com/privkey.pem;
location / {
proxy_pass http://localhost:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 80;
server_name skyport.example.com;
return 301 https://$server_name$request_uri;
}
Caddy
skyport.example.com {
reverse_proxy localhost:8080
}
TLS/SSL Certificate
Using Let's Encrypt
# Install Certbot
sudo apt install certbot python3-certbot-nginx
# Generate certificate
sudo certbot certonly --nginx -d skyport.example.com
# Auto-renewal
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer
Self-Signed (for testing only)
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Monitoring & Alerts
System Monitoring
# Install monitoring tools
sudo apt install htop iotop nethogs
# Monitor in real-time
htop
# Check disk usage
du -sh *
df -h
# Network stats
nethogs
Application Monitoring
# SkyPort status
skyport status
# View system metrics
skyport metrics
# Check all services
skyport docker ps
skyport pm2 list
Log Aggregation
Configure log rotation in /etc/logrotate.d/skyport:
/var/log/skyport/*.log {
daily
rotate 30
compress
delaycompress
notifempty
create 0640 skyport skyport
sharedscripts
postrotate
systemctl reload skyport > /dev/null 2>&1 || true
endscript
}
Backup Strategy
Database Backups
# Backup PostgreSQL database
docker exec postgres pg_dump -U postgres dbname > backup.sql
# Schedule with cron
0 2 * * * docker exec postgres pg_dump -U postgres dbname > /backups/$(date +\%Y\%m\%d).sql
Volume Backups
# Backup Docker volumes
skyport docker volume backup data-volume --destination /backups/data.tar.gz
# Schedule backups
0 3 * * * skyport docker volume backup data-volume --destination /backups/$(date +\%Y\%m\%d).tar.gz
Configuration Backups
# Backup SkyPort configuration
tar -czf ~/.skyport-backup-$(date +%Y%m%d).tar.gz ~/.skyport/
Performance Tuning
Docker Daemon Configuration
Edit /etc/docker/daemon.json:
{
"log-driver": "json-file",
"log-opts": {
"max-size": "10m",
"max-file": "3"
},
"storage-driver": "overlay2",
"userland-proxy": false
}
Reload:
sudo systemctl reload docker
System Limits
Edit /etc/security/limits.conf:
skyport soft nofile 65535
skyport hard nofile 65535
skyport soft nproc 65535
skyport hard nproc 65535
High Availability
Multi-Server Setup
- Set up load balancer (HAProxy, Nginx)
- Install SkyPort on multiple servers
- Configure shared storage for data
- Use database clustering if applicable
- Set up health checks
Load Balancer Configuration (HAProxy)
global
maxconn 4096
frontend web
bind *:80
bind *:443 ssl crt /etc/ssl/cert.pem
default_backend servers
backend servers
server skyport1 192.168.1.10:8080 check
server skyport2 192.168.1.11:8080 check
server skyport3 192.168.1.12:8080 check
Security Best Practices
- Enable HTTPS only (disable HTTP)
- Use strong passwords and API tokens
- Implement rate limiting
- Enable audit logging
- Regularly update dependencies
- Use firewall rules
- Enable fail2ban for brute-force protection
- Use secrets management for credentials
- Regular security audits
- Keep backups offline
Next: Scaling | CI/CD Integration