You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/deployment/production-deployment.rst
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -10,17 +10,17 @@ Disclaimer
10
10
Running a FAIR Data Point in production is a bit more involved than running one offline on your development machine.
11
11
The configuration details of a production deployments depend on many factors, such as available resources and security requirements.
12
12
13
-
Whether you're setting up your own bare metal server or using a cloud provider that offers all kinds of managed services, you'll need to think about many of the same topics.
13
+
Whether you're setting up your own bare metal server or using a cloud provider with lots of managed services, many of the same topics will need attention.
14
14
Here's just a few that come to mind, in no particular order:
15
15
16
16
- network security
17
17
- secrets storage
18
18
- identity and access management (IAM)
19
19
- data management (security, privacy, replication, backups)
20
-
- service availability (e.g. container orchestration)
20
+
- service availability (container orchestration, monitoring)
21
21
- performance
22
22
- audit logging
23
-
- infrastructure as code
23
+
- deployment automation (infrastructure as code, CI/CD)
24
24
- and so on and so forth...
25
25
26
26
Obviously this list is far from exhaustive.
@@ -35,8 +35,8 @@ Assuming basic infrastructure hardening is already in place (see e.g. `OWASP che
35
35
36
36
These topics are covered by extending the :ref:`local-deployment` examples with some additional configuration.
37
37
38
-
Encrypted communication
39
-
=======================
38
+
HTTPS setup
39
+
===========
40
40
41
41
One of the first requirements for a production deployment is to set up Transport Layer Security (TLS) to provide encrypted communication, better known as HTTPS (HTTP over TLS).
42
42
@@ -50,7 +50,7 @@ TLS certificates
50
50
----------------
51
51
52
52
In order to set up HTTPS, a valid TLS certificate is required (a.k.a. SSL certificate).
53
-
For this example, we assume that a TLS certificate is already available, *on the Docker host*, for our domain ``fdp.example.com``.
53
+
For this example, we assume a TLS certificate is already available, *on the Docker host*, for our domain ``fdp.example.com``.
54
54
55
55
Certificate files can be obtained from various sources.
56
56
Our example assumes that the `certbot`_ tool was used to obtain a certificate from `Let's Encrypt`_.
@@ -129,10 +129,13 @@ Both need to be secured.
129
129
Secrets
130
130
=======
131
131
132
+
The best way to handle application secrets strongly depends on your use-case.
133
+
In our minimal example we take one of the simplest approaches, viz. using environment variables.
0 commit comments