Production

Production

TrailBase is still young and hasn’t gotten a lot of mileage yet. We’re looking for feedback and are happy to help early adopters to get to production.

Going to production and depending on your requirements things to think about could be:

• HTTPS/TLS termination
• locking down access
• setting up Email
• deployment
• introspection
• disaster recovery

TLS Termination

The most important thing alongside ensuring least-priviledge access protection is to set up TLS termination establishing your server authority and ensuring that your users’ traffic is end-to-end encrypted.

TrailBase has built-in support for TLS and will automatically start in HTTPS mode, if it finds:

• a PEM key file under <traildepot>/secrets/certs/key.pem,
• and a PEM cert file under <traildepot>/secrets/certs/cert.pem.

At this point TrailBase does not yet support automated certificate signing and renewal. We therefore recommend using tools like certbot in standalone mode to periodically refresh your certificates to avoid accidentally being left w/o a valid one.

You could also consider using a reverse proxy with first-class certbot integration like nginx or built-in support for Let’s encrypt like caddy. We would like to add support for auto-refresh with Let’s encrypt in the future.

Access

API Access

Make sure to use record API’s authorization primitives to tighten access to data as much as possible. It’s a good idea to check _REQ_.<user_id> == _USER_.id on record creations and updates to avoid users can impersonate or touch on other users records.

Admin Access

You can expose TrailBase’s admin APIs and UIs on a separate private port as an extra precaution and to simply expose a smaller surface.

Protect Configuration

You can prevent TrailBase configuration from being accidentally changed in prod, e.g. when you think you’re actually configuring a dev instances. To do so, you can read-only mount the configuration directory. However, make sure the data directory remains writable.

Email

By default TrailBase will be using your machine’s sendmail setup. This can lead to messages not being sent at all and likely getting stuck in spam filters not coming from a well-known Email server.

You should likely set up TrailBase with an SMTP server that can send Email coming from your domain. If you don’t have an Email provider yet, an option could be Brevo, Mailchimp, SendGrid, … .

Deployment

We recommend containerization (e.g. Docker) for convenience. You can also consider to mount certain directories and files such as <data_dir>/secrets and <data_dir>/config.textproto as read only.

Introspection

TrailBase’s introspection is fairly non-existent at this point. There is a /api/healthcheck endpoint for container orchestration systems to probe. You could also consider setting up probers probing other endpoints.

Disaster Recovery

The simplest option is to mount another local or remote drive and use TrailBase’s periodic backups. However, this may lead to significant data loss in case of a disaster, which may be acceptable for first party content but likely not for user-generated content.

A more comprehensive approach may be to use Litestream to continuously replicate your database.