Production Setup¶
Deploy USSO to production with best practices.
Architecture¶
Prerequisites¶
- Managed MongoDB (Atlas, DocumentDB, etc.)
- Managed Redis (ElastiCache, Redis Cloud, etc.)
- SSL certificate
- Domain name
Deployment Steps¶
1. Database Setup¶
MongoDB Atlas:
MONGO_URI=mongodb+srv://username:[email protected]/usso
Redis Cloud:
REDIS_URI=redis://username:[email protected]:6379
2. Configure Environment¶
# Production settings
DEBUG=0
LOG_LEVEL=WARNING
# Use strong passwords
SYSTEM_PASSWORD=$(openssl rand -base64 32)
# Production domain
DOMAIN=api.yourapp.com
3. SSL/TLS¶
Use Let's Encrypt with Traefik or Nginx:
# docker-compose.yml
services:
traefik:
image: traefik:v2.10
command:
- [email protected]
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true
4. Monitoring¶
# Sentry for error tracking
SENTRY_DSN=https://[email protected]/...
# Prometheus metrics
/metrics endpoint enabled
5. Backups¶
# MongoDB backup
mongodump --uri="$MONGO_URI" --out=/backups/$(date +%Y%m%d)
# Schedule with cron
0 2 * * * /path/to/backup.sh
Scaling¶
Horizontal Scaling¶
Run multiple USSO instances:
Load Balancer¶
upstream usso {
server usso-1:8000;
server usso-2:8000;
server usso-3:8000;
}
server {
listen 443 ssl;
location / {
proxy_pass http://usso;
}
}
Security Checklist¶
- [ ] Use HTTPS
- [ ] Enable MongoDB authentication
- [ ] Use Redis password
- [ ] Set strong SYSTEM_PASSWORD
- [ ] Configure CORS properly
- [ ] Enable rate limiting
- [ ] Set up monitoring
- [ ] Configure backups
- [ ] Review logs regularly