# 🚀 PRODUCTION DEPLOYMENT GUIDE This guide covers deploying the Institutional Trader platform to production. ## Table of Contents 1. [Environment Configuration](#1-environment-configuration) 2. [Backend Deployment (Railway)](#2-backend-deployment-railway) 3. [Frontend Deployment (Vercel)](#3-frontend-deployment-vercel) 4. [Self-Hosting with Nginx](#4-self-hosting-with-nginx) 5. [Monitoring & Health Checks](#5-monitoring--health-checks) 6. [Security Checklist](#6-security-checklist) --- ## 1. Environment Configuration ### Backend Production `.env` Create a `.env` file in the `backend` directory with the following variables: ```env # Production Environment Variables NODE_ENV=production PORT=3000 # Supabase Configuration SUPABASE_URL=your_production_supabase_url SUPABASE_ANON_KEY=your_production_anon_key SUPABASE_SERVICE_KEY=your_service_role_key # Direct PostgreSQL Connection (optional, for heavy queries) # Get this from: Supabase Dashboard > Settings > Database > Connection String (URI) DATABASE_URL=postgresql://postgres:[password]@db.[project-ref].supabase.co:5432/postgres # CORS Configuration CORS_ORIGIN=https://your-frontend-domain.com # Security JWT_SECRET=your_super_secret_jwt_key_min_32_chars RATE_LIMIT_WINDOW=15 RATE_LIMIT_MAX=100 # Error Tracking (optional) SENTRY_DSN=your_sentry_dsn_here ``` ### Frontend Production `.env` Create a `.env.production` file in the `frontend` directory: ```env VITE_API_URL=https://your-backend-domain.com VITE_WS_URL=wss://your-backend-domain.com VITE_SUPABASE_URL=your_supabase_url VITE_SUPABASE_ANON_KEY=your_anon_key ``` --- ## 2. Backend Deployment (Railway) ### Prerequisites 1. Install Railway CLI: ```bash npm install -g railway ``` 2. Login to Railway: ```bash railway login ``` ### Deployment Steps 1. Initialize Railway project: ```bash cd backend railway init ``` 2. Link to existing project (if applicable): ```bash railway link ``` 3. Set environment variables: ```bash railway variables set NODE_ENV=production railway variables set PORT=3000 railway variables set SUPABASE_URL=your_url railway variables set SUPABASE_ANON_KEY=your_anon_key railway variables set SUPABASE_SERVICE_KEY=your_service_key railway variables set CORS_ORIGIN=https://your-frontend-domain.com railway variables set RATE_LIMIT_WINDOW=15 railway variables set RATE_LIMIT_MAX=100 railway variables set JWT_SECRET=your_jwt_secret_min_32_chars ``` Or set them via Railway Dashboard: - Go to your project → Variables tab - Add each variable individually 4. Deploy: ```bash railway up ``` 5. View logs: ```bash railway logs ``` ### Railway Configuration The `railway.toml` file is already configured with: - Build command: `npm install && npm run build` - Start command: `npm start` - Health check endpoint: `/health` - Auto-restart on failure --- ## 3. Frontend Deployment (Vercel) ### Prerequisites 1. Install Vercel CLI: ```bash npm install -g vercel ``` 2. Login to Vercel: ```bash vercel login ``` ### Deployment Steps 1. Navigate to frontend directory: ```bash cd frontend ``` 2. Deploy to preview: ```bash vercel ``` 3. Deploy to production: ```bash vercel --prod ``` 4. Set environment variables in Vercel Dashboard: - Go to your project → Settings → Environment Variables - Add all `VITE_*` variables for Production environment ### Vercel Configuration The `vercel.json` file is already configured for: - Static build from `dist` directory - SPA routing (all routes → `index.html`) - Environment variables support --- ## 4. Self-Hosting with Nginx ### Prerequisites - Ubuntu/Debian server with Nginx installed - SSL certificate (Let's Encrypt recommended) - Node.js installed on server ### Setup Steps 1. **Install dependencies on server:** ```bash # Backend cd backend npm install --production # Frontend cd frontend npm install npm run build ``` 2. **Set up systemd service for backend:** ```bash sudo nano /etc/systemd/system/flow-api.service ``` Add: ```ini [Unit] Description=Flow Platform API After=network.target [Service] Type=simple User=your-user WorkingDirectory=/path/to/institutional_trader/backend Environment=NODE_ENV=production ExecStart=/usr/bin/node src/server.js Restart=always [Install] WantedBy=multi-user.target ``` Enable and start: ```bash sudo systemctl enable flow-api sudo systemctl start flow-api ``` 3. **Configure Nginx:** Copy `nginx.conf.example` to `/etc/nginx/sites-available/your-domain` and update: - Replace `yourdomain.com` with your domain - Update SSL certificate paths - Update root path for frontend - Update proxy_pass URLs if needed Enable site: ```bash sudo ln -s /etc/nginx/sites-available/your-domain /etc/nginx/sites-enabled/ sudo nginx -t sudo systemctl reload nginx ``` 4. **Set up SSL with Let's Encrypt:** ```bash sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com -d api.yourdomain.com ``` --- ## 5. Monitoring & Health Checks ### Health Check Endpoint The backend includes an enhanced health check at `/health`: ```bash curl https://api.yourdomain.com/health ``` Response includes: - Status (ok/degraded) - Timestamp - Uptime - Database connection status - Database latency ### Uptime Monitoring Set up monitoring with: - **UptimeRobot** (free): Monitor `/health` endpoint - **Pingdom**: Full-page monitoring - **Sentry**: Error tracking (configure `SENTRY_DSN`) ### Logs **Railway:** ```bash railway logs --tail ``` **Vercel:** - View in Dashboard → Deployments → Logs **Self-hosted:** ```bash # Backend logs sudo journalctl -u flow-api -f # Nginx logs sudo tail -f /var/log/nginx/access.log sudo tail -f /var/log/nginx/error.log ``` --- ## 6. Security Checklist - [ ] All environment variables set in production - [ ] `JWT_SECRET` is at least 32 characters and random - [ ] `SUPABASE_SERVICE_KEY` is kept secret (never in frontend) - [ ] CORS origin set to production frontend URL only - [ ] Rate limiting enabled (default: 100 requests per 15 minutes) - [ ] SSL/TLS certificates installed and valid - [ ] Security headers configured (Helmet) - [ ] Health check endpoint configured - [ ] Error tracking configured (Sentry) - [ ] Database connection pooling enabled - [ ] Caching layer configured for performance - [ ] `.env` files excluded from git (verify `.gitignore`) - [ ] Production build optimized (check bundle sizes) --- ## Performance Optimizations ### Already Implemented 1. **Backend:** - Compression middleware (gzip) - Connection pooling (PostgreSQL) - Request caching (NodeCache) - Rate limiting 2. **Frontend:** - Code splitting (vendor chunks) - Asset optimization - Production build minification ### Additional Recommendations 1. **CDN:** Use Cloudflare or similar for static assets 2. **Database:** Enable connection pooling in Supabase 3. **Caching:** Consider Redis for distributed caching 4. **Monitoring:** Set up APM (Application Performance Monitoring) --- ## Troubleshooting ### Backend won't start 1. Check environment variables: ```bash railway variables ``` 2. Check logs: ```bash railway logs ``` 3. Verify database connection: ```bash curl https://api.yourdomain.com/health ``` ### Frontend build fails 1. Check environment variables are set 2. Verify API URLs are correct 3. Check build logs: ```bash vercel logs [deployment-url] ``` ### WebSocket connection fails 1. Verify `VITE_WS_URL` uses `wss://` (not `ws://`) 2. Check Nginx WebSocket configuration 3. Verify backend WebSocket route is accessible --- ## Support For issues or questions: 1. Check logs first 2. Verify environment variables 3. Test health check endpoint 4. Review security checklist Your platform is now production-ready! 🎉