Production Setup

This guide covers production deployment considerations for License Monitor and License Server Detail, including system requirements, network configuration, and security hardening.

Prerequisites

Before deploying to production, ensure you have:

Completed development/staging testing
Configured all required environment variables
Set up SSL/TLS certificates
Planned network topology and firewall rules
Identified backup and disaster recovery requirements

System Requirements

License Monitor

Component	Minimum	Recommended
CPU	1 core	2+ cores
Memory	256 MB	512 MB
Disk	100 MB	500 MB (with logs)
OS	Linux (glibc 2.17+), Windows 10+, macOS 11+	Linux (Ubuntu 22.04+, RHEL 8+)
Network	100 Mbps	1 Gbps

License Server Detail

Component	Minimum	Recommended
CPU	2 cores	4+ cores
Memory	1 GB	2 GB
Disk	500 MB	2 GB (with Convex)
Runtime	Bun 1.3+ or Node.js 20+	Bun 1.3+
Network	100 Mbps	1 Gbps

Network Topology

Recommended Architecture

┌─────────────────────────────────────────────────────────────────────┐
│                           DMZ / Public                               │
│  ┌─────────────────────────────────────────────────────────────────┐│
│  │                    Load Balancer / Reverse Proxy                ││
│  │                    (nginx, HAProxy, or cloud LB)                ││
│  └──────────────────────────────┬──────────────────────────────────┘│
└─────────────────────────────────┼───────────────────────────────────┘
                                  │ HTTPS (443)
                                  ▼
┌─────────────────────────────────────────────────────────────────────┐
│                        Application Tier                              │
│  ┌─────────────────────────────────────────────────────────────────┐│
│  │                  License Server Detail                          ││
│  │                  (Next.js Dashboard)                            ││
│  │                  Port: 3000                                     ││
│  └──────────────────────────────┬──────────────────────────────────┘│
└─────────────────────────────────┼───────────────────────────────────┘
                                  │ HTTP/HTTPS (8080)
                                  ▼
┌─────────────────────────────────────────────────────────────────────┐
│                        Monitoring Tier                               │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │
│  │License Monitor│  │License Monitor│  │License Monitor│              │
│  │  Server 1    │  │  Server 2    │  │  Server 3    │              │
│  │  Port: 8080  │  │  Port: 8080  │  │  Port: 8080  │              │
│  └───────┬──────┘  └───────┬──────┘  └───────┬──────┘              │
└──────────┼─────────────────┼─────────────────┼──────────────────────┘
           │                 │                 │
           ▼                 ▼                 ▼
┌─────────────────────────────────────────────────────────────────────┐
│                        License Server Tier                           │
│  ┌──────────────┐  ┌──────────────┐  ┌──────────────┐              │
│  │  FlexLM      │  │    RLM       │  │  sesinetd    │              │
│  │  Server      │  │   Server     │  │   Server     │              │
│  └──────────────┘  └──────────────┘  └──────────────┘              │
└─────────────────────────────────────────────────────────────────────┘

Port Requirements

Component	Port	Protocol	Direction	Purpose
License Server Detail	3000	TCP	Inbound	Web dashboard
License Monitor API	8080	TCP	Inbound	REST/WebSocket/SSE
Okta Authentication	443	TCP	Outbound	OAuth callbacks
Convex Backend	443	TCP	Outbound	Real-time database
License Servers	Varies	TCP	Outbound	License queries

Production Checklist

License Monitor

Configure environment variables

# Create production config
cat > /etc/license-monitor/config.toml << 'EOF'
[command_mode]
command = "lmstat -a"
interval_seconds = 300

[api]
enabled = true
bind_address = "127.0.0.1"
bind_port = 8080
allow_public_bind = false
rate_limit_requests = 100
rate_limit_window_seconds = 60
cors_origins = ["https://dashboard.example.com"]

[daemon]
log_file = "/var/log/license-monitor/license_monitor.log"
log_level = "warn"

[update]
channel = "stable"
auto_check = false
require_signature = true
EOF

Set up log directory

sudo mkdir -p /var/log/license-monitor
sudo chown license-monitor:license-monitor /var/log/license-monitor

Configure log rotation

cat > /etc/logrotate.d/license-monitor << 'EOF'
/var/log/license-monitor/*.log {
    daily
    rotate 14
    compress
    delaycompress
    missingok
    notifempty
    create 0640 license-monitor license-monitor
    postrotate
        systemctl reload license-monitor > /dev/null 2>&1 || true
    endscript
}
EOF

Verify binary integrity

# Verify SHA-256 checksum
sha256sum /usr/local/bin/license_monitor
# Compare with published checksum from release

Test configuration

/usr/local/bin/license_monitor --config /etc/license-monitor/config.toml --debug

License Server Detail

Configure environment variables

# Create .env.production
cat > .env.production << 'EOF'
# Public variables
NEXT_PUBLIC_API_BASE_URL=https://api.example.com
NEXT_PUBLIC_API_TIMEOUT_MS=15000
NEXT_PUBLIC_LOG_LEVEL=info

# Server-side secrets (use secrets manager in production)
LICENSE_MONITOR_API_KEY=${LICENSE_MONITOR_API_KEY}
LICENSE_MONITOR_BASE_URL=http://license-monitor:8080
AUTH_OKTA_ID=${AUTH_OKTA_ID}
AUTH_OKTA_SECRET=${AUTH_OKTA_SECRET}
AUTH_OKTA_ISSUER=https://your-org.okta.com/oauth2/default
AUTH_SECRET=${AUTH_SECRET}
NEXTAUTH_URL=https://dashboard.example.com
EOF

Build for production
Terminal window
```
bun install --production
bun run build
```

Verify build output

# Check for build errors
ls -la .next/
# Verify static assets
ls -la .next/static/

Configure process manager

See Systemd Services or Windows Services.

Set up health monitoring

# Health check endpoint
curl -f https://dashboard.example.com/api/health || exit 1

SSL/TLS Configuration

Certificate Requirements

Valid SSL/TLS certificate (Let’s Encrypt, commercial CA, or internal PKI)
TLS 1.2 or higher (TLS 1.3 recommended)
Strong cipher suites

Recommended Cipher Configuration

# nginx example
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;

Monitoring and Alerting

Health Check Endpoints

Endpoint	Purpose	Expected Response
`/api/health`	Application health	`200 OK` with JSON status
`/api/ping`	Basic connectivity	`200 OK`
`/api/status`	Detailed status	`200 OK` with metrics

Recommended Monitoring

# Example health check script
#!/bin/bash
HEALTH_URL="http://localhost:8080/api/health"
RESPONSE=$(curl -s -o /dev/null -w "%{http_code}" "$HEALTH_URL")

if [ "$RESPONSE" != "200" ]; then
    echo "Health check failed: HTTP $RESPONSE"
    exit 1
fi

echo "Health check passed"
exit 0

Log Aggregation

Configure log shipping to your centralized logging solution:

# Example: Forward to syslog
logger -t license-monitor -p local0.info "Application started"

Backup and Recovery

What to Back Up

Component	Backup Frequency	Retention
Configuration files	Daily	30 days
Log files	Daily	14 days
Convex database	Real-time (managed)	Per plan
SSL certificates	On renewal	1 year

Recovery Procedures

License Monitor Recovery

# Restore configuration
cp /backup/license-monitor/config.toml /etc/license-monitor/
# Restart service
systemctl restart license-monitor

License Server Detail Recovery

# Restore environment
cp /backup/license-server-detail/.env.production .
# Rebuild and restart
bun run build && pm2 restart all

Performance Tuning

License Monitor

# config.toml - Performance settings
[api]
max_connections = 100
rate_limit_requests = 100
rate_limit_window_seconds = 60

[command_mode]
interval_seconds = 300  # Adjust based on load

License Server Detail

# Environment variables for performance
NODE_OPTIONS="--max-old-space-size=2048"
NEXT_PUBLIC_API_RETRY_MAX_ATTEMPTS=2
NEXT_PUBLIC_API_CIRCUIT_FAILURES=3

Next Steps

Docker Deployment - Containerized deployment
Systemd Services - Linux service configuration
Reverse Proxy - Nginx/Apache configuration
Security Overview - Security hardening