Deployment
Deploy Base to production with Docker, Kubernetes, or a single binary.
Single Binary
The simplest deployment — copy the binary and run:
./base serve --http 0.0.0.0:8090Use a reverse proxy (nginx, Caddy) for TLS termination.
Docker
FROM ghcr.io/hanzoai/base:latest
COPY hz_hooks/ /app/hz_hooks/
COPY hz_migrations/ /app/hz_migrations/
EXPOSE 8090
CMD ["serve", "--http", "0.0.0.0:8090", "--automigrate"]docker build -t my-base .
docker run -p 8090:8090 -v base_data:/app/hz_data my-baseKubernetes
apiVersion: apps/v1
kind: Deployment
metadata:
name: base
spec:
replicas: 1
selector:
matchLabels:
app: base
template:
metadata:
labels:
app: base
spec:
containers:
- name: base
image: ghcr.io/hanzoai/base:latest
ports:
- containerPort: 8090
env:
- name: BASE_ADMIN_EMAIL
valueFrom:
secretKeyRef:
name: base-secrets
key: admin-email
- name: BASE_ADMIN_PASSWORD
valueFrom:
secretKeyRef:
name: base-secrets
key: admin-password
volumeMounts:
- name: data
mountPath: /app/hz_data
readinessProbe:
httpGet:
path: /api/health
port: 8090
initialDelaySeconds: 5
volumes:
- name: data
persistentVolumeClaim:
claimName: base-data
---
apiVersion: v1
kind: Service
metadata:
name: base
spec:
selector:
app: base
ports:
- port: 8090
targetPort: 8090Environment Variables
| Variable | Description | Default |
|---|---|---|
BASE_ADMIN_EMAIL | Initial admin email | — |
BASE_ADMIN_PASSWORD | Initial admin password | — |
S3_ENDPOINT | S3 storage endpoint | — |
S3_BUCKET | S3 bucket name | — |
S3_REGION | S3 region | — |
S3_ACCESS_KEY | S3 access key | — |
S3_SECRET | S3 secret key | — |
Production Checklist
- Set strong admin password
- Configure S3 storage for files
- Set up regular backups
- Use TLS (reverse proxy or load balancer)
- Configure SMTP for email verification
- Review and tighten API rules
- Enable audit logging
- Set up monitoring and alerts
Last updated on