Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.conformly.ai/llms.txt

Use this file to discover all available pages before exploring further.

Overview

This guide covers production deployment considerations for Conformly.ai across all three projects, including security, environment configuration, and reliability.

Production Environment Variables

conformly-core (Backend)

VariableProduction Value
ENVIRONMENTproduction
DEBUGfalse
ALLOWED_ORIGINShttps://www.conformly.ai,https://beta.conformly.ai
STRIPE_SUCCESS_URLhttps://beta.conformly.ai/payment-success?session_id={CHECKOUT_SESSION_ID}
STRIPE_CANCEL_URLhttps://www.conformly.ai/#pricing
STRIPE_API_KEYsk_live_... (live key, not test)
REDIS_URLYour managed Redis endpoint

conformly-frontend (Platform App)

VariableProduction Value
VITE_API_BASE_URLhttps://beta-api.conformly.ai/api/v1
VITE_WEB_URLhttps://www.conformly.ai
VITE_SUPABASE_URLYour Supabase project URL
VITE_SUPABASE_ANON_KEYYour Supabase anon key

conformly-web (Marketing Site)

VariableProduction Value
VITE_API_BASE_URLhttps://beta-api.conformly.ai/api/v1
VITE_APP_URLhttps://beta.conformly.ai
VITE_SUPABASE_URLYour Supabase project URL
VITE_SUPABASE_ANON_KEYYour Supabase anon key

Security

Secrets Management

  • Never commit .env files to version control
  • Use secrets management services (AWS Secrets Manager, HashiCorp Vault, or Vercel encrypted env vars)
  • Rotate API keys (Stripe, Supabase, Google, OpenAI) regularly
  • Use separate credentials for development, staging, and production

Authentication

  • All API traffic over HTTPS/TLS
  • CORS restricted to production domains only (no localhost)
  • Rate limiting enabled (RATE_LIMIT_PER_MINUTE, RATE_LIMIT_BURST)
  • JWT token expiration tuned for security (ACCESS_TOKEN_EXPIRE_MINUTES=30)
  • Supabase Row-Level Security (RLS) enforced on all tables

Stripe Webhooks

  • Verify the Stripe-Signature header using STRIPE_WEBHOOK_SECRET
  • Use a dedicated webhook endpoint (POST /api/v1/payments/webhook)
  • Handle checkout.session.completed and customer.subscription.deleted events

Database

  • Supabase manages connection pooling and SSL
  • RLS policies enforce workspace-level tenant isolation
  • The profiles table uses a CHECK constraint on role (admin, engineer, manager, viewer)
  • The handle_new_user() trigger automatically creates profiles on signup

Backend Infrastructure (EC2)

The production backend runs on EC2 with Docker: 
# Pull latest changes
git pull origin main

# Rebuild and restart
docker compose -f docker-compose.prod.yml up -d --build

# Verify
docker compose -f docker-compose.prod.yml ps
docker compose -f docker-compose.prod.yml logs -f backend
The production compose file should not include --reload: 
backend:
  command: ["uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000",
            "--proxy-headers", "--forwarded-allow-ips", "*"]

Reverse Proxy (Nginx)

server {
    listen 443 ssl;
    server_name beta-api.conformly.ai;

    ssl_certificate /etc/letsencrypt/live/beta-api.conformly.ai/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/beta-api.conformly.ai/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
    }
}

Performance

Scaling

  • Backend: Horizontal scaling behind ALB or nginx; each instance runs the full Docker stack
  • Celery Workers: Scale independently — docker compose up -d --scale celery-worker=5
  • Redis: Use managed Redis (ElastiCache) for high availability
  • Database: Supabase manages read replicas and connection pooling

Caching

  • Redis caches frequently accessed data and session state
  • Analysis results are persisted to Supabase tables — no re-computation on page refresh
  • Frontend uses TanStack Query with stale-while-revalidate caching

Monitoring

  • Celery Flower: Task monitoring dashboard (docker compose --profile monitoring up -d)
  • Container logs: docker compose logs -f backend celery-worker
  • APM: Integrate Datadog, New Relic, or Sentry for error tracking
  • Metrics: Prometheus + Grafana for system-level monitoring
  • Health checks: GET /health endpoint for load balancer probes

Reliability

High Availability

  • Deploy across availability zones
  • Use managed Supabase (automatic failover)
  • Redis persistence enabled for job state recovery
  • Health checks and auto-restart via Docker restart: unless-stopped

Backup

  • Supabase manages automated database backups
  • Application logs shipped to centralized storage
  • Document recovery procedures and test them regularly

Deployment Checklist

  • All environment variables set with production values
  • ALLOWED_ORIGINS restricted to production domains
  • Stripe keys switched from sk_test_ to sk_live_
  • STRIPE_SUCCESS_URL and STRIPE_CANCEL_URL point to production URLs
  • HTTPS/TLS enabled with valid certificates
  • Nginx reverse proxy configured with forwarded headers
  • --reload flag removed from production compose
  • Rate limiting enabled
  • Monitoring and alerting configured
  • Supabase email templates configured (confirmation, password reset)
  • Database handle_new_user() trigger verified

Docker Deployment

Learn about Docker-based deployment