Skip to main content
This page shows a practical production baseline for GoModel. It assumes you will run GoModel behind HTTPS, keep secrets out of shell history, persist storage across restarts, and protect the gateway with a master key.

Production baseline

Start with these decisions:
AreaRecommended default
SecretsPut credentials in a .env file or your orchestrator’s secret manager
AuthenticationSet GOMODEL_MASTER_KEY before exposing the gateway
LoggingUse LOG_FORMAT=json; enable audit logging only with a retention policy
StorageUse SQLite for one instance, PostgreSQL or MongoDB for multiple instances
NetworkTerminate TLS at a reverse proxy or load balancer, then forward to GoModel
Health checksUse public GET /health from your proxy, load balancer, or process supervisor
Do not expose GoModel to the internet without GOMODEL_MASTER_KEY. When the key is empty, API routes are intentionally unprotected for local development.

Create a production .env file

Create /opt/gomodel/.env on the host, or use another host path managed by your deployment system:
/opt/gomodel/.env is a host file. Docker reads it through --env-file or Compose env_file before the container starts, then passes the values as environment variables. The file is not copied into the image. Keeping secrets on the host lets you rotate credentials without rebuilding or republishing the container image. SQLITE_PATH uses /app/data/gomodel.db for Docker because that path exists inside the GoModel image. The image runs from /app, creates /app/data as a writable directory for the nonroot container user, and the examples below mount the host directory /opt/gomodel/data into that container path. This keeps runtime state out of the image while preserving it on the host. Protect the file on the host:
SQLite uses sidecar files such as gomodel.db-wal and gomodel.db-shm, so mount a directory, not only the .db file.

Run with Docker

Use Docker when you want the smallest operational surface. Mount durable storage and load secrets from the .env file:
Bind to 127.0.0.1 when a reverse proxy on the same host terminates HTTPS. If GoModel sits behind a cloud load balancer or another container network, publish the port according to that network boundary instead.

Run with Docker Compose

Use Compose when you also run Redis, PostgreSQL, MongoDB, Prometheus, or a reverse proxy on the same host.
Start or update the service:
For multi-instance deployments, switch storage to PostgreSQL or MongoDB:

Run as a native binary

Use a native binary when you already manage services with systemd and want to avoid a container runtime. Build the binary:
For a native binary, use a host filesystem path for SQLite:
Create a systemd service:
Enable it:

Verify the deployment

Check liveness:
Check authenticated API access:
Send a smoke-test request:

Operational notes

  • Put HTTPS, rate limits, IP allowlists, and request timeouts in your reverse proxy or load balancer.
  • Keep PPROF_ENABLED=false in production unless you expose it only on a trusted internal network during an investigation.
  • Keep LOGGING_LOG_BODIES=false unless your data handling policy allows full prompt and response capture.
  • Use Configuration for the full environment variable reference.
  • Use Prometheus Metrics if you want metrics scraping; it is currently experimental.