institutional-trader/DEPLOYMENT.md

376 lines
7.5 KiB
Markdown

# 🚀 PRODUCTION DEPLOYMENT GUIDE
This guide covers deploying the Institutional Trader platform to production.
## Table of Contents
1. [Environment Configuration](#1-environment-configuration)
2. [Backend Deployment (Railway)](#2-backend-deployment-railway)
3. [Frontend Deployment (Vercel)](#3-frontend-deployment-vercel)
4. [Self-Hosting with Nginx](#4-self-hosting-with-nginx)
5. [Monitoring & Health Checks](#5-monitoring--health-checks)
6. [Security Checklist](#6-security-checklist)
---
## 1. Environment Configuration
### Backend Production `.env`
Create a `.env` file in the `backend` directory with the following variables:
```env
# Production Environment Variables
NODE_ENV=production
PORT=3000
# Supabase Configuration
SUPABASE_URL=your_production_supabase_url
SUPABASE_ANON_KEY=your_production_anon_key
SUPABASE_SERVICE_KEY=your_service_role_key
# Direct PostgreSQL Connection (optional, for heavy queries)
# Get this from: Supabase Dashboard > Settings > Database > Connection String (URI)
DATABASE_URL=postgresql://postgres:[password]@db.[project-ref].supabase.co:5432/postgres
# CORS Configuration
CORS_ORIGIN=https://your-frontend-domain.com
# Security
JWT_SECRET=your_super_secret_jwt_key_min_32_chars
RATE_LIMIT_WINDOW=15
RATE_LIMIT_MAX=100
# Error Tracking (optional)
SENTRY_DSN=your_sentry_dsn_here
```
### Frontend Production `.env`
Create a `.env.production` file in the `frontend` directory:
```env
VITE_API_URL=https://your-backend-domain.com
VITE_WS_URL=wss://your-backend-domain.com
VITE_SUPABASE_URL=your_supabase_url
VITE_SUPABASE_ANON_KEY=your_anon_key
```
---
## 2. Backend Deployment (Railway)
### Prerequisites
1. Install Railway CLI:
```bash
npm install -g railway
```
2. Login to Railway:
```bash
railway login
```
### Deployment Steps
1. Initialize Railway project:
```bash
cd backend
railway init
```
2. Link to existing project (if applicable):
```bash
railway link
```
3. Set environment variables:
```bash
railway variables set NODE_ENV=production
railway variables set PORT=3000
railway variables set SUPABASE_URL=your_url
railway variables set SUPABASE_ANON_KEY=your_anon_key
railway variables set SUPABASE_SERVICE_KEY=your_service_key
railway variables set CORS_ORIGIN=https://your-frontend-domain.com
railway variables set RATE_LIMIT_WINDOW=15
railway variables set RATE_LIMIT_MAX=100
railway variables set JWT_SECRET=your_jwt_secret_min_32_chars
```
Or set them via Railway Dashboard:
- Go to your project → Variables tab
- Add each variable individually
4. Deploy:
```bash
railway up
```
5. View logs:
```bash
railway logs
```
### Railway Configuration
The `railway.toml` file is already configured with:
- Build command: `npm install && npm run build`
- Start command: `npm start`
- Health check endpoint: `/health`
- Auto-restart on failure
---
## 3. Frontend Deployment (Vercel)
### Prerequisites
1. Install Vercel CLI:
```bash
npm install -g vercel
```
2. Login to Vercel:
```bash
vercel login
```
### Deployment Steps
1. Navigate to frontend directory:
```bash
cd frontend
```
2. Deploy to preview:
```bash
vercel
```
3. Deploy to production:
```bash
vercel --prod
```
4. Set environment variables in Vercel Dashboard:
- Go to your project → Settings → Environment Variables
- Add all `VITE_*` variables for Production environment
### Vercel Configuration
The `vercel.json` file is already configured for:
- Static build from `dist` directory
- SPA routing (all routes → `index.html`)
- Environment variables support
---
## 4. Self-Hosting with Nginx
### Prerequisites
- Ubuntu/Debian server with Nginx installed
- SSL certificate (Let's Encrypt recommended)
- Node.js installed on server
### Setup Steps
1. **Install dependencies on server:**
```bash
# Backend
cd backend
npm install --production
# Frontend
cd frontend
npm install
npm run build
```
2. **Set up systemd service for backend:**
```bash
sudo nano /etc/systemd/system/flow-api.service
```
Add:
```ini
[Unit]
Description=Flow Platform API
After=network.target
[Service]
Type=simple
User=your-user
WorkingDirectory=/path/to/institutional_trader/backend
Environment=NODE_ENV=production
ExecStart=/usr/bin/node src/server.js
Restart=always
[Install]
WantedBy=multi-user.target
```
Enable and start:
```bash
sudo systemctl enable flow-api
sudo systemctl start flow-api
```
3. **Configure Nginx:**
Copy `nginx.conf.example` to `/etc/nginx/sites-available/your-domain` and update:
- Replace `yourdomain.com` with your domain
- Update SSL certificate paths
- Update root path for frontend
- Update proxy_pass URLs if needed
Enable site:
```bash
sudo ln -s /etc/nginx/sites-available/your-domain /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
```
4. **Set up SSL with Let's Encrypt:**
```bash
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com -d api.yourdomain.com
```
---
## 5. Monitoring & Health Checks
### Health Check Endpoint
The backend includes an enhanced health check at `/health`:
```bash
curl https://api.yourdomain.com/health
```
Response includes:
- Status (ok/degraded)
- Timestamp
- Uptime
- Database connection status
- Database latency
### Uptime Monitoring
Set up monitoring with:
- **UptimeRobot** (free): Monitor `/health` endpoint
- **Pingdom**: Full-page monitoring
- **Sentry**: Error tracking (configure `SENTRY_DSN`)
### Logs
**Railway:**
```bash
railway logs --tail
```
**Vercel:**
- View in Dashboard → Deployments → Logs
**Self-hosted:**
```bash
# Backend logs
sudo journalctl -u flow-api -f
# Nginx logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
```
---
## 6. Security Checklist
- [ ] All environment variables set in production
- [ ] `JWT_SECRET` is at least 32 characters and random
- [ ] `SUPABASE_SERVICE_KEY` is kept secret (never in frontend)
- [ ] CORS origin set to production frontend URL only
- [ ] Rate limiting enabled (default: 100 requests per 15 minutes)
- [ ] SSL/TLS certificates installed and valid
- [ ] Security headers configured (Helmet)
- [ ] Health check endpoint configured
- [ ] Error tracking configured (Sentry)
- [ ] Database connection pooling enabled
- [ ] Caching layer configured for performance
- [ ] `.env` files excluded from git (verify `.gitignore`)
- [ ] Production build optimized (check bundle sizes)
---
## Performance Optimizations
### Already Implemented
1. **Backend:**
- Compression middleware (gzip)
- Connection pooling (PostgreSQL)
- Request caching (NodeCache)
- Rate limiting
2. **Frontend:**
- Code splitting (vendor chunks)
- Asset optimization
- Production build minification
### Additional Recommendations
1. **CDN:** Use Cloudflare or similar for static assets
2. **Database:** Enable connection pooling in Supabase
3. **Caching:** Consider Redis for distributed caching
4. **Monitoring:** Set up APM (Application Performance Monitoring)
---
## Troubleshooting
### Backend won't start
1. Check environment variables:
```bash
railway variables
```
2. Check logs:
```bash
railway logs
```
3. Verify database connection:
```bash
curl https://api.yourdomain.com/health
```
### Frontend build fails
1. Check environment variables are set
2. Verify API URLs are correct
3. Check build logs:
```bash
vercel logs [deployment-url]
```
### WebSocket connection fails
1. Verify `VITE_WS_URL` uses `wss://` (not `ws://`)
2. Check Nginx WebSocket configuration
3. Verify backend WebSocket route is accessible
---
## Support
For issues or questions:
1. Check logs first
2. Verify environment variables
3. Test health check endpoint
4. Review security checklist
Your platform is now production-ready! 🎉