This page shows a practical production baseline for GoModel. It assumes you
will run GoModel behind HTTPS, keep secrets out of shell history, persist
storage across restarts, and protect the gateway with a master key.
Production baseline
Start with these decisions:
| Area | Recommended default |
|---|
| Secrets | Put credentials in a .env file or your orchestrator’s secret manager |
| Authentication | Set GOMODEL_MASTER_KEY before exposing the gateway |
| Logging | Use LOG_FORMAT=json; enable audit logging only with a retention policy |
| Storage | Use SQLite for one instance, PostgreSQL or MongoDB for multiple instances |
| Network | Terminate TLS at a reverse proxy or load balancer, then forward to GoModel |
| Health checks | Use public GET /health from your proxy, load balancer, or process supervisor |
Do not expose GoModel to the internet without GOMODEL_MASTER_KEY. When the
key is empty, API routes are intentionally unprotected for local development.
Create a production .env file
Create /opt/gomodel/.env on the host, or use another host path managed by
your deployment system:
/opt/gomodel/.env is a host file. Docker reads it through --env-file or
Compose env_file before the container starts, then passes the values as
environment variables. The file is not copied into the image. Keeping secrets on
the host lets you rotate credentials without rebuilding or republishing the
container image.
SQLITE_PATH uses /app/data/gomodel.db for Docker because that path exists
inside the GoModel image. The image runs from /app, creates /app/data as a
writable directory for the nonroot container user, and the examples below mount
the host directory /opt/gomodel/data into that container path. This keeps
runtime state out of the image while preserving it on the host.
Protect the file on the host:
SQLite uses sidecar files such as gomodel.db-wal and gomodel.db-shm, so
mount a directory, not only the .db file.
Run with Docker
Use Docker when you want the smallest operational surface. Mount durable
storage and load secrets from the .env file:
Bind to 127.0.0.1 when a reverse proxy on the same host terminates HTTPS. If
GoModel sits behind a cloud load balancer or another container network, publish
the port according to that network boundary instead.
Run with Docker Compose
Use Compose when you also run Redis, PostgreSQL, MongoDB, Prometheus, or a
reverse proxy on the same host.
Start or update the service:
For multi-instance deployments, switch storage to PostgreSQL or MongoDB:
Run as a native binary
Use a native binary when you already manage services with systemd and want to
avoid a container runtime.
Build the binary:
For a native binary, use a host filesystem path for SQLite:
Create a systemd service:
Enable it:
Verify the deployment
Check liveness:
Check authenticated API access:
Send a smoke-test request:
Operational notes
- Put HTTPS, rate limits, IP allowlists, and request timeouts in your reverse
proxy or load balancer.
- Keep
PPROF_ENABLED=false in production unless you expose it only on a
trusted internal network during an investigation.
- Keep
LOGGING_LOG_BODIES=false unless your data handling policy allows full
prompt and response capture.
- Use Configuration for the full environment
variable reference.
- Use Prometheus Metrics if you want metrics
scraping; it is currently experimental.