# Production Setup Source: https://www.potatoannotator.com/docs/deployment/production-setup Deploy Potato for real-world annotation tasks with multiple users, data persistence, and proper security. ## Server Configuration ### Basic Production Config ```yaml server: host: 0.0.0.0 port: 8000 workers: 4 timeout: 120 ``` ### Using HTTPS For secure connections (recommended for production): ```yaml server: host: 0.0.0.0 port: 443 ssl: cert: /path/to/cert.pem key: /path/to/key.pem ``` ## Running with Gunicorn For better performance and reliability: ```bash gunicorn "potato.server:create_app('config.yaml')" \ --workers 4 \ --bind 0.0.0.0:8000 \ --timeout 120 ``` ### With SSL ```bash gunicorn "potato.server:create_app('config.yaml')" \ --workers 4 \ --bind 0.0.0.0:443 \ --certfile /path/to/cert.pem \ --keyfile /path/to/key.pem ``` ## Reverse Proxy Setup ### Nginx Configuration ```nginx upstream potato { server 127.0.0.1:8000; } server { listen 80; server_name annotation.example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name annotation.example.com; ssl_certificate /etc/letsencrypt/live/annotation.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/annotation.example.com/privkey.pem; location / { proxy_pass http://potato; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } # Increase timeouts for long annotation sessions proxy_read_timeout 300; proxy_connect_timeout 300; proxy_send_timeout 300; } ``` ### Apache Configuration ```apache ServerName annotation.example.com SSLEngine on SSLCertificateFile /path/to/cert.pem SSLCertificateKeyFile /path/to/key.pem ProxyPreserveHost On ProxyPass / http://127.0.0.1:8000/ ProxyPassReverse / http://127.0.0.1:8000/ Order allow,deny Allow from all ``` ## Docker Deployment ### Dockerfile ```dockerfile FROM python:3.10-slim WORKDIR /app COPY requirements.txt . RUN pip install --no-cache-dir -r requirements.txt COPY . . EXPOSE 8000 CMD ["gunicorn", "potato.server:create_app('config.yaml')", \ "--workers", "4", "--bind", "0.0.0.0:8000"] ``` ### Docker Compose ```yaml version: '3.8' services: potato: build: . ports: - "8000:8000" volumes: - ./data:/app/data - ./annotations:/app/annotations environment: - POTATO_DEBUG=false restart: unless-stopped nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf - ./certs:/etc/ssl/certs depends_on: - potato restart: unless-stopped ``` ## User Authentication ### Restricted Access ```yaml allow_all_users: false authorized_users: - user1@example.com - user2@example.com - user3@example.com ``` ### Admin Access ```yaml admin_users: - admin@example.com admin_dashboard: enabled: true path: /admin ``` ### Session Management ```yaml session: secret_key: "your-secure-secret-key-here" timeout: 3600 # 1 hour secure_cookie: true # Requires HTTPS ``` ## Data Persistence ### File-Based Storage ```yaml output: path: /var/potato/annotations/ format: json backup_interval: 3600 # Hourly backups ``` ### Database Backend For larger deployments, use MySQL: ```yaml database: type: mysql host: localhost port: 3306 name: potato_db user: potato password: ${DB_PASSWORD} # Use environment variable ``` See [MySQL Backend](/docs/deployment/data-directory) for details. ## Monitoring ### Health Check Endpoint ```yaml monitoring: health_check: /health metrics: /metrics ``` ### Logging Configuration ```yaml logging: level: INFO file: /var/log/potato/app.log max_size: 100MB backup_count: 5 format: "%(asctime)s - %(name)s - %(levelname)s - %(message)s" ``` ### Prometheus Metrics ```yaml monitoring: prometheus: enabled: true port: 9090 ``` ## Scaling ### Horizontal Scaling For high-traffic deployments: ```yaml # docker-compose.yml services: potato: deploy: replicas: 3 # ... rest of config nginx: # Load balancer volumes: - ./nginx-lb.conf:/etc/nginx/nginx.conf ``` ### Load Balancer Config ```nginx upstream potato_cluster { least_conn; server potato_1:8000; server potato_2:8000; server potato_3:8000; } ``` ## Backup Strategy ### Automated Backups ```bash #!/bin/bash # backup.sh DATE=$(date +%Y%m%d_%H%M%S) BACKUP_DIR=/var/backups/potato # Backup annotations tar -czf $BACKUP_DIR/annotations_$DATE.tar.gz /var/potato/annotations/ # Backup config cp /var/potato/config.yaml $BACKUP_DIR/config_$DATE.yaml # Keep only last 7 days find $BACKUP_DIR -mtime +7 -delete ``` Add to crontab: ```bash 0 2 * * * /var/potato/backup.sh ``` ## Security Checklist - [ ] Use HTTPS with valid SSL certificate - [ ] Set strong session secret key - [ ] Restrict user access with `authorized_users` - [ ] Keep Potato and dependencies updated - [ ] Use environment variables for sensitive data - [ ] Configure firewall rules - [ ] Enable logging and monitoring - [ ] Set up regular backups - [ ] Use database backend for production - [ ] Review admin access regularly ## Environment Variables ```bash # .env file POTATO_SECRET_KEY=your-super-secret-key POTATO_DB_PASSWORD=database-password POTATO_ADMIN_EMAIL=admin@example.com ``` Load in Docker Compose: ```yaml services: potato: env_file: - .env ``` ## Troubleshooting ### Check Logs ```bash # Gunicorn logs journalctl -u potato -f # Docker logs docker-compose logs -f potato ``` ### Common Issues **502 Bad Gateway**: Check if Potato is running and bound to correct port **Session issues**: Ensure secret key is consistent across restarts **Slow performance**: Increase worker count or add database backend ## Next Steps - [MySQL Backend](/docs/deployment/data-directory) - Database storage - [Crowdsourcing](/docs/deployment/crowdsourcing) - Prolific/MTurk integration - [User Management](/docs/core-concepts/user-management) - Access control