Skip to main content

Deployment

This guide covers deploying CHAD in production environments with security, reliability, and scalability considerations.

Deployment Options

Best for most deployments: 
docker compose up -d
Includes:
  • CHAD Backend
  • CHAD Frontend
  • PostgreSQL database

Kubernetes

For larger deployments, use Helm charts (coming soon) or adapt the Docker Compose.

Production Checklist

Security

  • Generate unique secrets (JWT, session, encryption keys)
  • Enable HTTPS with valid certificates
  • Set APP_URL to your public URL
  • Configure ALLOWED_HOSTS
  • Enable 2FA for admin accounts
  • Review default ports

Reliability

  • Set up database backups
  • Configure health monitoring
  • Set up alerting for CHAD health
  • Plan for updates and rollbacks

Performance

  • Adequate resources for expected load
  • OpenSearch cluster sized appropriately
  • Database connection pooling configured

Docker Compose Deployment

1. Clone Repository

git clone https://github.com/terrifiedbug/chad.git
cd chad

2. Configure Environment

cp .env.example .env
Edit .env: 
# Required - Generate unique values!
POSTGRES_PASSWORD=$(openssl rand -base64 24)
JWT_SECRET_KEY=$(openssl rand -base64 32)
SESSION_SECRET_KEY=$(openssl rand -base64 32)
CHAD_ENCRYPTION_KEY=$(openssl rand -base64 32)

# Your public URL
APP_URL=https://chad.example.com

# Production logging
LOG_LEVEL=warning

# Allowed hosts (comma-separated)
ALLOWED_HOSTS=chad.example.com

3. SSL/TLS Configuration

Use nginx, Traefik, or cloud load balancer: 
server {
    listen 443 ssl;
    server_name chad.example.com;

    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://localhost:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location /api {
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }

    location /ws {
        proxy_pass http://localhost:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Option B: Built-in SSL

Mount certificates into containers (advanced).

4. Start Services

docker compose up -d

5. Verify Deployment

# Check containers are running
docker compose ps

# Check logs
docker compose logs -f

# Test connectivity
curl https://chad.example.com/api/health

Database Configuration

PostgreSQL Settings

For production workloads: 
# docker-compose.yml
postgres:
  environment:
    POSTGRES_MAX_CONNECTIONS: 100
  command:
    - "postgres"
    - "-c"
    - "shared_buffers=256MB"
    - "-c"
    - "work_mem=16MB"

External PostgreSQL

Use managed PostgreSQL for better reliability: 
# .env
POSTGRES_HOST=your-rds-instance.amazonaws.com
POSTGRES_PORT=5432
POSTGRES_USER=chad
POSTGRES_PASSWORD=your-secure-password
POSTGRES_DB=chad

Backup Strategy

Database Backup

# Automated backup script
#!/bin/bash
BACKUP_DIR=/backups
DATE=$(date +%Y%m%d_%H%M%S)

docker compose exec -T postgres pg_dump -U chad chad | \
  gzip > $BACKUP_DIR/chad_$DATE.sql.gz

# Retain 30 days
find $BACKUP_DIR -name "*.sql.gz" -mtime +30 -delete
Schedule with cron: 
0 2 * * * /opt/chad/backup.sh

Configuration Backup

Export CHAD configuration regularly:
  1. Go to Settings > Export
  2. Download configuration
  3. Store securely

Monitoring

Health Endpoints

# Application health
curl https://chad.example.com/api/health

# Database health
curl https://chad.example.com/api/health/db

# OpenSearch health
curl https://chad.example.com/api/health/opensearch

Metrics

Monitor:
  • Container CPU/memory usage
  • API response times
  • Database connections
  • OpenSearch cluster health

Alerting

Set up alerts for:
  • Health check failures
  • High error rates
  • Database connection issues
  • Disk space warnings

Updates

Standard Update

# Pull latest images
docker compose pull

# Restart with new images
docker compose up -d

# Run migrations (if needed)
docker compose exec backend alembic upgrade head

Rollback

# Restore previous image
docker compose down
docker compose -f docker-compose.yml up -d --no-deps backend

# Or restore from backup
pg_restore -U chad -d chad backup.sql

Scaling Considerations

Single Instance

Suitable for:
  • Small to medium teams (< 50 users)
  • Thousands of rules
  • Millions of alerts

Horizontal Scaling (Future)

For larger deployments:
  • Multiple API instances behind load balancer
  • Celery + Redis for distributed tasks
  • PostgreSQL read replicas

Security Hardening

Network

  • Run CHAD on private network
  • Expose only via reverse proxy
  • Use firewall rules

Containers

  • Run as non-root user
  • Read-only file systems where possible
  • Limited container capabilities

Secrets

  • Use secrets management (Vault, AWS Secrets Manager)
  • Rotate secrets periodically
  • Never log secrets

Updates

  • Subscribe to security advisories
  • Apply updates promptly
  • Test in staging first

Troubleshooting

Container won’t start

# Check logs
docker compose logs backend

# Common issues:
# - Invalid environment variables
# - Database connection failed
# - Port already in use

Database connection failed

  1. Check PostgreSQL is running
  2. Verify credentials
  3. Check network connectivity
  4. Review PostgreSQL logs

API errors

  1. Check backend logs
  2. Verify OpenSearch connection
  3. Check database connectivity
  4. Review recent changes

Next Steps

Environment Variables

Complete configuration reference

Health Monitoring

Set up monitoring