Production Deployment

This guide covers a complete production deployment with nginx, SSL, and monitoring.

Automated Deployment

Use the included deployment script:

sudo ./scripts/deploy.sh

This script:

Installs Node.js 18
Configures nginx with SSL
Sets up systemd service
Configures Let’s Encrypt certificates

Manual Setup

1. Server Requirements

Ubuntu 20.04+ or similar
Node.js 18+
nginx
MySQL (local or remote)

2. Install Dependencies

# Node.js
curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash -
sudo apt-get install -y nodejs

# nginx
sudo apt-get install -y nginx

# Certbot
sudo apt-get install -y certbot python3-certbot-nginx

3. Deploy Application

# Clone and build
cd /opt
sudo git clone https://github.com/bytefederal/byte-mcp.git
cd byte-mcp
sudo npm install
sudo npm run build

# Create environment file
sudo cp .env.example .env
sudo nano .env  # Configure database credentials

4. Systemd Service

Create /etc/systemd/system/bytemcp.service:

[Unit]
Description=ByteMCP Server
After=network.target

[Service]
Type=simple
User=www-data
WorkingDirectory=/opt/byte-mcp
ExecStart=/usr/bin/node dist/index.js
Restart=on-failure
RestartSec=10
Environment=MCP_MODE=remote
Environment=PORT=3000
EnvironmentFile=/opt/byte-mcp/.env

[Install]
WantedBy=multi-user.target

Enable and start:

sudo systemctl enable bytemcp
sudo systemctl start bytemcp

5. Nginx Configuration

Create /etc/nginx/sites-available/mcp.bytefederal.com:

upstream bytemcp {
    server 127.0.0.1:3000;
    keepalive 32;
}

server {
    listen 80;
    server_name mcp.bytefederal.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mcp.bytefederal.com;

    ssl_certificate /etc/letsencrypt/live/mcp.bytefederal.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mcp.bytefederal.com/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;

    # Rate limiting
    limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;

    location / {
        limit_req zone=api burst=20 nodelay;
        proxy_pass http://bytemcp;
        proxy_http_version 1.1;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # SSE endpoint - extended timeouts
    location /sse {
        proxy_pass http://bytemcp;
        proxy_http_version 1.1;
        proxy_set_header Connection '';
        proxy_buffering off;
        proxy_cache off;
        proxy_read_timeout 86400;
        chunked_transfer_encoding off;
    }

    location /health {
        proxy_pass http://bytemcp;
        limit_req off;
    }
}

Enable and reload:

sudo ln -s /etc/nginx/sites-available/mcp.bytefederal.com /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

6. SSL Certificate

sudo certbot --nginx -d mcp.bytefederal.com

Monitoring

Health Endpoint

curl https://mcp.bytefederal.com/health

Heartbeat (Optional)

ByteMCP can update a dashboard database every 5 minutes:

HEARTBEAT_HOST=dashboard.example.com
HEARTBEAT_DATABASE=monitoring
HEARTBEAT_USER=monitor
HEARTBEAT_PASSWORD=secret

Logs

# Application logs
sudo journalctl -u bytemcp -f

# Nginx access logs
sudo tail -f /var/log/nginx/mcp.bytefederal.com.access.log

# Nginx error logs
sudo tail -f /var/log/nginx/mcp.bytefederal.com.error.log

Security Checklist

SSL/TLS enabled
Rate limiting configured
Database user has minimal permissions
Environment variables secured
Firewall configured (ports 80, 443 only)
Regular security updates

Scaling

For high availability:

Multiple Instances - Run behind a load balancer
Database Replication - Read replicas for queries
Caching - Add Redis for frequent queries
CDN - Cache static discovery endpoints

Next Steps

AI Assistants - Connect remote clients
API Reference - Full API documentation