ircquotes/DEPLOYMENT.md

# ircquotes Production Deployment

## Configuration Management

### Configuration File: `config.json`
All application settings are now centralized in `config.json`. You can easily modify:

- **App settings** (host, port, debug mode)
- **Database configuration** (URI, connection pool settings)
- **Security settings** (CSRF, session cookies, security headers)
- **Rate limiting** (per-endpoint limits)
- **Quote settings** (length limits, pagination)
- **Admin credentials**
- **Feature toggles**

### Configuration Management
All configuration is done by editing `config.json` directly. This file contains all application settings organized in sections:

- **app**: Basic application settings (name, host, port, debug)
- **database**: Database connection settings
- **security**: Security headers, CSRF, proxy settings
- **rate_limiting**: Rate limiting configuration for different endpoints
- **admin**: Admin username and password hash
- **quotes**: Quote submission settings (length limits, pagination)
- **features**: Feature toggles (voting, flagging, dark mode, etc.)
- **logging**: Logging configuration

### Example Configuration Changes
```bash
# Edit config.json in any text editor
nano config.json

# Example changes:
# - Change port: "port": 8080 in the "app" section
# - Change quotes per page: "per_page": 50 in the "quotes" section  
# - Disable CSRF: "csrf_enabled": false in the "security" section
# - Change rate limits: "login": "10 per minute" in rate_limiting.endpoints

# After making changes, restart the application
```

## Running with Gunicorn (Production)

### Quick Start - Uses config.json settings
```bash
# Activate virtual environment
source .venv/bin/activate

# Install dependencies
pip install -r requirements.txt

# Option 1: Run with config file (recommended - uses config.json)
gunicorn --config gunicorn.conf.py app:app

# Option 2: Run with Python launcher (also uses config.json)
python start_gunicorn.py
```

### Manual Gunicorn Commands (ignores config.json)

**Basic production run:**
```bash
gunicorn -w 4 -b 127.0.0.1:6969 app:app
```

**With more workers (for higher traffic):**
```bash
gunicorn -w 8 -b 127.0.0.1:6969 --timeout 30 app:app
```

**Behind a reverse proxy (nginx/apache):**
```bash
gunicorn -w 4 -b 127.0.0.1:6969 app:app
```

### Environment Variables for Production
```bash
export FLASK_ENV=production
```

## Security Notes

- All major security vulnerabilities have been fixed
- CSRF protection enabled
- XSS protection with output escaping
- SQL injection prevention
- Rate limiting on all endpoints
- Secure session configuration
- Security headers added

## Admin Access
- Username: Configurable in `config.json` (default: admin)
- Password: Use the Argon2 hashed password in `config.json`

## Configuration Examples

### High-Traffic Setup
```json
{
  "quotes": {
    "per_page": 50
  },
  "rate_limiting": {
    "endpoints": {
      "vote": "120 per minute",
      "search": "60 per minute"
    }
  }
}
```

### Development Setup
```json
{
  "app": {
    "debug": true,
    "port": 5000
  },
  "security": {
    "session_cookie_secure": false
  },
  "logging": {
    "level": "DEBUG"
  }
}
```

### Production Security Setup
```json
{
  "security": {
    "session_cookie_secure": true,
    "csrf_enabled": true
  },
  "logging": {
    "level": "WARNING"
  }
}
```