ircquotes/DEPLOYMENT.md

ircquotes Production Deployment

Configuration Management

Configuration File: config.json

All application settings are now centralized in config.json. You can easily modify:

• App settings (host, port, debug mode)
• Database configuration (URI, connection pool settings)
• Security settings (CSRF, session cookies, security headers)
• Rate limiting (per-endpoint limits)
• Quote settings (length limits, pagination)
• Admin credentials
• Feature toggles

Configuration Management

All configuration is done by editing config.json directly. This file contains all application settings organized in sections:

• app: Basic application settings (name, host, port, debug)
• database: Database connection settings
• security: Security headers, CSRF, proxy settings
• rate_limiting: Rate limiting configuration for different endpoints
• admin: Admin username and password hash
• quotes: Quote submission settings (length limits, pagination)
• features: Feature toggles (voting, flagging, dark mode, etc.)
• logging: Logging configuration

Example Configuration Changes

# Edit config.json in any text editor
nano config.json

# Example changes:
# - Change port: "port": 8080 in the "app" section
# - Change quotes per page: "per_page": 50 in the "quotes" section  
# - Disable CSRF: "csrf_enabled": false in the "security" section
# - Change rate limits: "login": "10 per minute" in rate_limiting.endpoints

# After making changes, restart the application

Running with Gunicorn (Production)

Quick Start - Uses config.json settings

# Activate virtual environment
source .venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Option 1: Run with config file (recommended - uses config.json)
gunicorn --config gunicorn.conf.py app:app

# Option 2: Run with Python launcher (also uses config.json)
python start_gunicorn.py

Manual Gunicorn Commands (ignores config.json)

Basic production run:

gunicorn -w 4 -b 127.0.0.1:6969 app:app

With more workers (for higher traffic):

gunicorn -w 8 -b 127.0.0.1:6969 --timeout 30 app:app

Behind a reverse proxy (nginx/apache):

gunicorn -w 4 -b 127.0.0.1:6969 app:app

Environment Variables for Production

export FLASK_ENV=production

Security Notes

• All major security vulnerabilities have been fixed
• CSRF protection enabled
• XSS protection with output escaping
• SQL injection prevention
• Rate limiting on all endpoints
• Secure session configuration
• Security headers added

Admin Access

• Username: Configurable in config.json (default: admin)
• Password: Use the Argon2 hashed password in config.json

Configuration Examples

High-Traffic Setup

{
  "quotes": {
    "per_page": 50
  },
  "rate_limiting": {
    "endpoints": {
      "vote": "120 per minute",
      "search": "60 per minute"
    }
  }
}

Development Setup

{
  "app": {
    "debug": true,
    "port": 5000
  },
  "security": {
    "session_cookie_secure": false
  },
  "logging": {
    "level": "DEBUG"
  }
}

Production Security Setup

{
  "security": {
    "session_cookie_secure": true,
    "csrf_enabled": true
  },
  "logging": {
    "level": "WARNING"
  }
}