github.com/System-Glitch/goyave/v2@v2.10.3-0.20200819142921-51011e75d504/docs_src/src/guide/deployment.md (about)

     1  ---
     2  meta:
     3    - name: "og:title"
     4      content: "Deployment - Goyave"
     5    - name: "twitter:title"
     6      content: "Deployment - Goyave"
     7    - name: "title"
     8      content: "Deployment - Goyave"
     9  ---
    10  
    11  # Deployment
    12  
    13  [[toc]]
    14  
    15  ## Introduction
    16  
    17  There are some important details to think about before deploying your Goyave application to production. We are going to cover them in this section of the guide, and make sure your applications are deployed properly.
    18  
    19  ## Application configuration
    20  
    21  Be sure to deploy your application with a `config.production.json` config file containing the correct values for your production environment and **set the `GOYAVE_ENV` environment variable to `production`.**
    22  
    23  1. Ensure that the `app.environment` entry is `production`.
    24  2. The `server.host` entry should be `0.0.0.0` if you want to open access to your service from anywhere. If you're using Apache or Nginx as a proxy on the same machine, keep it at `127.0.0.1` so the server will only be accessible through the proxy.
    25  3. Change the `server.domain` entry to your domain name, if you use one.
    26  4. The `server.port` and `server.httpsPort` will very likely require a change. Most of the time, you need `80` and `443` respectively.
    27  5. If you use `https`, be sure to provide the paths to your `server.tls.cert` and `server.tls.key`. Learn more [here](./configuration.html#setting-up-https).
    28  6. `server.debug` **must** be set do `false`. You don't want anyone to get important information about your internal errors and therefore your code when an error occurs.
    29  7. Change your database connection credentials. `database.autoMigrate` should be set to `false`.
    30  
    31  ## Build
    32  
    33  Of course, don't run your application with `go run` in production. Build your application using `go build` and deploy the executable, alongside the config files and resources directory.
    34  
    35  The following Dockerfile is an example of a goyave application called `docker-goyave`:
    36  ``` docker
    37  FROM golang:alpine as builder
    38  
    39  WORKDIR /app
    40  
    41  COPY . .
    42  
    43  RUN go build -ldflags "-w -s"
    44  
    45  FROM alpine:3.9
    46  
    47  WORKDIR /app
    48  
    49  COPY --from=builder /app/docker-goyave ./docker-goyave
    50  COPY resources /app/resources
    51  COPY config.production.json ./config.production.json
    52  
    53  EXPOSE 80
    54  ENV GOYAVE_ENV=production
    55  
    56  ENTRYPOINT [ "./docker-goyave" ]
    57  ```
    58  
    59  ## Deamon
    60  
    61  Goyave applications are standalone and don't require any web server (such as Apache or Nginx) to function. However, this also means that you will need some additional installation steps on your production server.
    62  
    63  When running a web service, it is important that it stays online. Creating a **deamon** is necessary so your server can run in the background, have the correct filesystem permissions, and restart automatically after a crash or a reboot.
    64  
    65  You can achieve this with any supervisor program, but in this guide, we will use systemd as it's the most common one.
    66  
    67  ### Systemd
    68  
    69  First, we need to create a user and its group for our application:
    70  ```
    71  sudo addgroup goyave
    72  sudo useradd -r -s /bin/false goyave
    73  sudo usermod -a -G goyave goyave
    74  ```
    75  
    76  You may use the following systemd unit file to deploy your Goyave application:
    77  
    78  `/etc/systemd/system/my-goyave-application.service`:
    79  ```
    80  [Unit]
    81  Description=Goyave application deamon
    82  
    83  # If you are using a database, mysql for example, make sure the application
    84  # service starts AFTER the database service.
    85  # After=mysqld.service
    86  After=network.target
    87  StartLimitIntervalSec=0
    88  
    89  [Service]
    90  Environment=GOYAVE_ENV=production
    91  WorkingDirectory=/path/to/goyave-application
    92  ExecStart=/path/to/goyave-application/executable
    93  
    94  # Process management
    95  ####################
    96  
    97  Type=simple
    98  
    99  # Can be changed to "on-failure"
   100  Restart=always
   101  RestartSec=1
   102  TimeoutStopSec=600
   103  
   104  # Run as goyave:goyave
   105  User=goyave
   106  Group=goyave
   107  
   108  # Hardening measures
   109  ####################
   110  
   111  # Provide a private /tmp and /var/tmp.
   112  PrivateTmp=true
   113  
   114  # Mount /usr, /boot/ and /etc read-only for the process.
   115  ProtectSystem=full
   116  
   117  # Deny access to /home, /root and /run/user
   118  ProtectHome=true
   119  
   120  # Disallow the process and all of its children to gain
   121  # new privileges through execve().
   122  NoNewPrivileges=true
   123  
   124  # Use a new /dev namespace only populated with API pseudo devices
   125  # such as /dev/null, /dev/zero and /dev/random.
   126  PrivateDevices=true
   127  
   128  # Deny the creation of writable and executable memory mappings.
   129  MemoryDenyWriteExecute=true
   130  
   131  [Install]
   132  WantedBy=multi-user.target
   133  ```
   134  
   135  ::: warning
   136  Replace `my-goyave-application` with the name of your application and `/path/to/goyave-application` with the **absolute** path to your application. This is important to have unique application names in case you run multiple goyave applications on the same server. You should also create a separate user and group for each application.
   137  :::
   138  
   139  Now let's run the service and enable it on system startup:
   140  ```
   141  sudo systemctl start my-goyave-application
   142  sudo systemctl enable my-goyave-application
   143  ```