Skip to content
Diese Seite ist in Ihrer Sprache noch nicht verfügbar. Englische Version wird angezeigt.

Production Setup

Deploy Potato for production annotation with multiple users.

Production Setup

Deploy Potato for real-world annotation tasks with multiple users, data persistence, and proper security.

Server Configuration

Basic Production Config

yaml
server:
  host: 0.0.0.0
  port: 8000
  workers: 4
  timeout: 120

Using HTTPS

For secure connections (recommended for production):

yaml
server:
  host: 0.0.0.0
  port: 443
  ssl:
    cert: /path/to/cert.pem
    key: /path/to/key.pem

Running with Gunicorn

For better performance and reliability:

bash
gunicorn "potato.server:create_app('config.yaml')" \
  --workers 4 \
  --bind 0.0.0.0:8000 \
  --timeout 120

With SSL

bash
gunicorn "potato.server:create_app('config.yaml')" \
  --workers 4 \
  --bind 0.0.0.0:443 \
  --certfile /path/to/cert.pem \
  --keyfile /path/to/key.pem

Reverse Proxy Setup

Nginx Configuration

nginx
upstream potato {
    server 127.0.0.1:8000;
}
 
server {
    listen 80;
    server_name annotation.example.com;
    return 301 https://$server_name$request_uri;
}
 
server {
    listen 443 ssl;
    server_name annotation.example.com;
 
    ssl_certificate /etc/letsencrypt/live/annotation.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/annotation.example.com/privkey.pem;
 
    location / {
        proxy_pass http://potato;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 
    # Increase timeouts for long annotation sessions
    proxy_read_timeout 300;
    proxy_connect_timeout 300;
    proxy_send_timeout 300;
}

Apache Configuration

apache
<VirtualHost *:443>
    ServerName annotation.example.com
 
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
 
    ProxyPreserveHost On
    ProxyPass / http://127.0.0.1:8000/
    ProxyPassReverse / http://127.0.0.1:8000/
 
    <Proxy *>
        Order allow,deny
        Allow from all
    </Proxy>
</VirtualHost>

Docker Deployment

Dockerfile

dockerfile
FROM python:3.10-slim
 
WORKDIR /app
 
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
 
COPY . .
 
EXPOSE 8000
 
CMD ["gunicorn", "potato.server:create_app('config.yaml')", \
     "--workers", "4", "--bind", "0.0.0.0:8000"]

Docker Compose

yaml
version: '3.8'
 
services:
  potato:
    build: .
    ports:
      - "8000:8000"
    volumes:
      - ./data:/app/data
      - ./annotations:/app/annotations
    environment:
      - POTATO_DEBUG=false
    restart: unless-stopped
 
  nginx:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./certs:/etc/ssl/certs
    depends_on:
      - potato
    restart: unless-stopped

User Authentication

Restricted Access

yaml
allow_all_users: false
authorized_users:
  - user1@example.com
  - user2@example.com
  - user3@example.com

Admin Access

yaml
admin_users:
  - admin@example.com
 
admin_dashboard:
  enabled: true
  path: /admin

Session Management

yaml
session:
  secret_key: "your-secure-secret-key-here"
  timeout: 3600  # 1 hour
  secure_cookie: true  # Requires HTTPS

Data Persistence

File-Based Storage

yaml
output:
  path: /var/potato/annotations/
  format: json
  backup_interval: 3600  # Hourly backups

Database Backend

For larger deployments, use MySQL:

yaml
database:
  type: mysql
  host: localhost
  port: 3306
  name: potato_db
  user: potato
  password: ${DB_PASSWORD}  # Use environment variable

See MySQL Backend for details.

Monitoring

Health Check Endpoint

yaml
monitoring:
  health_check: /health
  metrics: /metrics

Logging Configuration

yaml
logging:
  level: INFO
  file: /var/log/potato/app.log
  max_size: 100MB
  backup_count: 5
  format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s"

Prometheus Metrics

yaml
monitoring:
  prometheus:
    enabled: true
    port: 9090

Scaling

Horizontal Scaling

For high-traffic deployments:

yaml
# docker-compose.yml
services:
  potato:
    deploy:
      replicas: 3
    # ... rest of config
 
  nginx:
    # Load balancer
    volumes:
      - ./nginx-lb.conf:/etc/nginx/nginx.conf

Load Balancer Config

nginx
upstream potato_cluster {
    least_conn;
    server potato_1:8000;
    server potato_2:8000;
    server potato_3:8000;
}

Backup Strategy

Automated Backups

bash
#!/bin/bash
# backup.sh
DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR=/var/backups/potato
 
# Backup annotations
tar -czf $BACKUP_DIR/annotations_$DATE.tar.gz /var/potato/annotations/
 
# Backup config
cp /var/potato/config.yaml $BACKUP_DIR/config_$DATE.yaml
 
# Keep only last 7 days
find $BACKUP_DIR -mtime +7 -delete

Add to crontab:

bash
0 2 * * * /var/potato/backup.sh

Security Checklist

  • Use HTTPS with valid SSL certificate
  • Set strong session secret key
  • Restrict user access with authorized_users
  • Keep Potato and dependencies updated
  • Use environment variables for sensitive data
  • Configure firewall rules
  • Enable logging and monitoring
  • Set up regular backups
  • Use database backend for production
  • Review admin access regularly

Environment Variables

bash
# .env file
POTATO_SECRET_KEY=your-super-secret-key
POTATO_DB_PASSWORD=database-password
POTATO_ADMIN_EMAIL=admin@example.com

Load in Docker Compose:

yaml
services:
  potato:
    env_file:
      - .env

Troubleshooting

Check Logs

bash
# Gunicorn logs
journalctl -u potato -f
 
# Docker logs
docker-compose logs -f potato

Common Issues

502 Bad Gateway: Check if Potato is running and bound to correct port

Session issues: Ensure secret key is consistent across restarts

Slow performance: Increase worker count or add database backend

Next Steps