Self-Hosting: Production

Deploy FaraCore in production with PostgreSQL, reverse proxy, and proper security.

PostgreSQL Setup

For production, use PostgreSQL instead of SQLite for better performance and reliability.

Install PostgreSQL

Install PostgreSQL on your server:

# Ubuntu/Debian
sudo apt-get install postgresql postgresql-contrib

# macOS
brew install postgresql

# Start PostgreSQL
sudo systemctl start postgresql  # Linux
brew services start postgresql    # macOS

Create Database

Create a database and user for FaraCore:

sudo -u postgres psql

CREATE DATABASE faramesh;
CREATE USER faramesh_user WITH PASSWORD 'your-secure-password';
GRANT ALL PRIVILEGES ON DATABASE faramesh TO faramesh_user;
\q

Configure FaraCore

Set the PostgreSQL connection string:

export FARA_DB_BACKEND=postgres
export FARA_POSTGRES_DSN="postgresql://faramesh_user:your-secure-password@localhost:5432/faramesh"

Run Migrations

Initialize the database schema:

faracore migrate

Reverse Proxy (Nginx)

Set up Nginx as a reverse proxy in front of FaraCore:

Nginx Configuration

server {
    listen 80;
    server_name faramesh.example.com;

    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # WebSocket support for SSE
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

Enable HTTPS (Let's Encrypt)

sudo apt-get install certbot python3-certbot-nginx
sudo certbot --nginx -d faramesh.example.com

Systemd Service

Create a systemd service for FaraCore:

Service File

Create /etc/systemd/system/faramesh.service:

[Unit]
Description=FaraCore Agent Action Governor
After=network.target postgresql.service

[Service]
Type=simple
User=faramesh
WorkingDirectory=/opt/faramesh
Environment="FARA_DB_BACKEND=postgres"
Environment="FARA_POSTGRES_DSN=postgresql://faramesh_user:password@localhost:5432/faramesh"
Environment="FARA_AUTH_TOKEN=your-secure-token"
Environment="FARA_API_HOST=127.0.0.1"
Environment="FARA_API_PORT=8000"
ExecStart=/usr/local/bin/faracore serve
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

Enable and Start

sudo systemctl daemon-reload
sudo systemctl enable faramesh
sudo systemctl start faramesh
sudo systemctl status faramesh

Environment Variables

Key environment variables for production:

# Database
export FARA_DB_BACKEND=postgres
export FARA_POSTGRES_DSN="postgresql://user:pass@host:5432/dbname"

# API
export FARA_API_HOST=127.0.0.1
export FARA_API_PORT=8000

# Authentication
export FARA_AUTH_TOKEN="your-secure-random-token"

# Policy
export FARA_POLICY_FILE="/etc/faramesh/policy.yaml"

Security Best Practices

  • Use HTTPS - Always use SSL/TLS in production
  • Set Auth Token - Require authentication for API access
  • Firewall - Only expose necessary ports
  • Database Security - Use strong passwords, limit network access
  • Regular Backups - Backup PostgreSQL database regularly
  • Monitor Logs - Set up log aggregation and monitoring

Migration from SQLite

If you're migrating from SQLite to PostgreSQL:

# Export from SQLite (if migration utility exists)
# Then import to PostgreSQL
# Or use pgloader for migration

Metrics & Monitoring

Set up Prometheus metrics and observability for production.

View Metrics Guide

CLI Reference

Complete reference for all FaraCore CLI commands.

View CLI Reference
Previous
Local Development
Next
Metrics