Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Going to Production: add more items #1791

Merged
merged 3 commits into from
Aug 21, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 30 additions & 26 deletions apps/going-to-production.html.markerb
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
title: Going to production
title: Going to production checklist
layout: docs
nav: apps
redirect_from:
Expand All @@ -9,66 +9,70 @@ redirect_from:
- /docs/reference/going-to-production/
---

This document lists important topics to consider when you set up a production environment on Fly.io. What makes an app production-ready can vary from one framework to another. The following topics and linked resources can help you understand when and why you might need specific features or configuration.
This checklist guides you through setting up a production environment on Fly.io. What makes an app production-ready can vary from one framework to another. You'll need to decide what checklist items will work for you; not all of the items will apply to your app and there may be other considerations not listed here.

<div class="important icon">
**Important:** This list is neither exhaustive nor mandatory, and does not guarantee production-readiness for your app. Some apps might have unique requirements for production.
**Important:** This list is neither exhaustive nor mandatory, and does not guarantee production-readiness for your app. Apps might have unique requirements for production.
</div>

## Security

- **Set up single sign-on for organizations:** Enable SSO on your organization to take advantage of Google or GitHub authentication security. See [Single sign-on for organizations](/docs/security/sso/).

- **Use Arcjet application security for JavaScript apps:** Secure your app with rate limiting, bot protection, email validation, and defense against common attacks through our extension partner Arcjet. Currently [free in beta](/docs/reference/arcjet/#pricing), but pricing is subject to change. See [Application Security by Arcjet](/docs/reference/arcjet/).
- **Isolate staging and production environments:** Use organizations to limit access to your production environment. See [Blueprint: Staging and production isolation](/docs/blueprints/staging-prod-isolation/).

- **Enforce least privilege access:** Use access tokens to allow only the minimum access required by team members to your organization, apps, and Machines. See [access tokens](https://fly.io/docs/security/tokens/).

- **Protect sensitive information:** Set secrets to store sensitive data and make them available as environment variables to your app. See [Secrets and Fly Apps](/docs/apps/secrets/).

- **Make sure private services are not exposed:** Check that your private apps with services don't have public IP addresses. Run `fly ips list` and use `fly ips release` to release unnecessary public IPs. See flyctl [`fly ips` commands](/docs/flyctl/ips/).
- **Make sure private services are not exposed:** Check that your private apps with services don't have public IP addresses. Run `fly ips list` and use `fly ips release` to release unnecessary public IPs. See flyctl [`fly ips` commands](/docs/flyctl/ips/). Assign private apps a [Flycast address](https://fly.io/docs/networking/flycast/) instead.

- **Isolate staging and production environments:** Use organizations to limit access to your production environment. See [Blueprint: Staging and production isolation](/docs/blueprints/staging-prod-isolation/).
- **Use Arcjet application security for JavaScript apps:** Secure your app with rate limiting, bot protection, email validation, and defense against common attacks through our extension partner Arcjet. Currently [free in beta](/docs/reference/arcjet/#pricing), but pricing is subject to change. See [Application Security by Arcjet](/docs/reference/arcjet/).

## Networking

- **Set up a custom domain:** Configure a certificate for your domain. See [Use a custom domain](/docs/networking/custom-domain/).

- **Consider a dedicated IPv4 address:** Completely eliminate the chance of blacklisted spammers causing problems for your app. There is a small [added cost](/docs/about/pricing/#anycast-ip-addresses) for dedicated IPv4 addresses. See [Dedicated IPv4](/docs/networking/services/#dedicated-ipv4).

- **Set up Flycast for private apps**: If you haven't already done so, give your private apps a Flycast address to communicate with them entirely on your private network. See [Flycast - Private Fly Proxy services](https://fly.io/docs/networking/flycast/).

## Databases

- **Run "production-grade" Postgres:** For Fly Postgres, our unmanaged database, set up replication clusters of 3+ servers. See [High Availability & Global Replication](/postgres/advanced-guides/high-availability-and-global-replication/). You can also use an external database provider and configure it for redundancy.

- **Set up offsite backups:** Consider offsite backups for your database.
- **Set up offsite backups:** For all databases, it's essential to have a recovery plan that includes storing backups offsite.

- **LiteFS**: LiteFS is a distributed file system that transparently replicates SQLite databases. See the [LiteFS docs](/docs/litefs/).

## Monitoring

- **Export your logs:** Set up the Fly Log Shipper to aggregate your app’s logs to a service of your choice. See [Export logs](/docs/monitoring/exporting-logs/).

- **Use Sentry for Error tracking**: An application monitoring platform that helps you identify and fix software problems before they impact your users from our extension partner Sentry.Fly.io organizations get a year's worth of [Team Plan](https://sentry.io/pricing/+external) credits. See [Application Monitoring by Sentry](/docs/reference/sentry/).


## Availability and resiliency
## Availability, resiliency, and costs

- **Use multiple Machines for resiliency:** Make your app resilient to single-host failures with multiple Machines that stay stopped until you need them. See [Blueprint: Resilient apps use multiple Machines](/docs/blueprints/resilient-apps-multiple-machines/).

- **Set up autoscaling by load or metric:** Use Fly Proxy autostop/autostart or the metrics-based autoscaler app. See [Autoscaling](/docs/reference/autoscaling/).
- **Add regions:** Scale your app in multiple regions closest to your app's users. See [Scale an app's regions](/docs/launch/scale-count/#scale-an-apps-regions).

## CI/CD

- **Deploy with GitHub Actions:** Set up your app for continuous deployment to Fly.io from the app’s GitHub repository. See [Continuous Deployment with Fly.io and GitHub Actions](/docs/app-guides/continuous-deployment-with-github-actions/).
- **Refine the default autostop/autostart settings**: Autostop/autostart lets you stop or suspend Machines when there's low traffic, saving on resource usage and costs. You get autostop/autostart by default with a new app, but you can configure it to optimize for your use case. See [Autostop/autostart Machines](/docs/launch/autostop-autostart/).

- **Generate review apps with GitHub Actions:** Automatically generate ephemeral review apps on Fly.io for each pull request (PR) using GitHub Actions. See [Blueprint: Git Branch Preview Environments on GitHub](/docs/blueprints/review-apps-guide/).
- **Set up autoscaling by metric:** For apps that aren't running web services, use the autoscaler app to scale your app's Machines based on any metric, saving on resource usage and costs. See [Autoscale based on metrics](/docs/launch/autoscale-by-metric/).

## Networking

- **Set up a custom domain:** Configure a certificate for your domain. See [Use a custom domain](/docs/networking/custom-domain/).
## App performance

- **Consider a dedicated IPv4 address:** Completely eliminate the chance of blacklisted spammers causing problems for your app. There is a small [added cost](/docs/about/pricing/#anycast-ip-addresses) for dedicated IPv4 addresses. See [Dedicated IPv4](/docs/networking/services/#dedicated-ipv4).
- **Get Machine sizing right:** Most production apps require 2x or performance CPUs. Also make sure you have enough RAM for your app and/or enable [swapping to disk](https://fly.io/docs/reference/configuration/#swap_size_mb-option) to deal with brief spikes in memory use. See [Machine sizing](docs/machines/guides-examples/machine-sizing/).

- **Fine-tune your app:** Learn about optimizing your app on Fly.io. See [Tips to fine-tune and your app on Fly.io](/docs/reference/fine-tune-apps/).

## Fine-tuning your app
## CI/CD

- **Get Machine sizing right:** Most production apps require 2x or performance CPUs. Also make sure you have enough RAM for your app and/or enable [swapping to disk](https://fly.io/docs/reference/configuration/#swap_size_mb-option) to deal with brief spikes in memory use. See [Machine sizing](docs/machines/guides-examples/machine-sizing/).
- **Generate review apps with GitHub Actions:** Automatically generate ephemeral review apps on Fly.io for each pull request (PR) using GitHub Actions. See [Blueprint: Git Branch Preview Environments on GitHub](/docs/blueprints/review-apps-guide/).

- **Fine-tune and benchmark your app:** Learn about optimizing your app on Fly.io. See [Tips to fine-tune and (not) benchmark your app on Fly.io](/docs/reference/fine-tune-apps/).
- **Deploy with GitHub Actions:** Set up your app for continuous deployment to Fly.io from the app’s GitHub repository. See [Continuous Deployment with Fly.io and GitHub Actions](/docs/app-guides/continuous-deployment-with-github-actions/).

## Support
## Get support

Check out our [community](https://community.fly.io/) to get help and answers.
- **Community:** Check out our [community](https://community.fly.io/) to get help and answers.

Get email support with a [Launch, Scale, or Enterprise plan](https://fly.io/plans).
- **Consider a plan for email support:** You get email support with a [Launch, Scale, or Enterprise plan](https://fly.io/plans).
Loading