Production Operations

Production operations in nSelf are handled through real CLI commands: security hardening via nself security, SSL management via nself ssl, diagnostics via nself doctor --deep, backup via nself backup, and WAF via nself waf.

Source of truth: SPORT F02-COMMAND-INVENTORY.md.

Security hardening

All security is free (Security-Always-Free doctrine). The full hardening suite runs automatically on nself install, update, and daily cron.

nself security setup                # Apply baseline hardening
nself security audit                # Full security audit report
nself security scan                 # Baseline hardening scan (free, no license)
nself security status               # Current security posture

nself doctor --deep                 # Full diagnostics + hardening (free, no license)

SSL / TLS management

nself ssl setup                     # Initial Let's Encrypt setup
nself ssl status                    # Certificate status and expiry
nself ssl renew                     # Renew all certificates
nself ssl renew example.com         # Renew a specific domain
nself ssl add example.com           # Add a custom domain certificate

Web Application Firewall

nself waf enable                    # Enable Coraza + OWASP CRS
nself waf mode detection            # Detection mode (logs, does not block)
nself waf mode blocking             # Blocking mode
nself waf report                    # WAF event report

Backup and recovery

nself backup create                 # Create a backup
nself backup list                   # List available backups
nself backup restore latest         # Restore most recent backup
nself backup restore <id>           # Restore specific backup
nself backup verify latest          # Verify backup integrity
nself backup schedule               # Configure automatic backup schedule
nself backup status                 # Backup system status

Monitoring and alerting

nself status --deep                  # Full service status + plugin reachability
nself health check                  # Health check all services
nself health watch                  # Continuous health monitoring
nself alerts list                   # List Prometheus alert rules
nself alerts test <alert-name>      # Test an alert
nself watchdog status               # Self-healing watchdog status
nself monitor upgrade-dashboards    # Upgrade Grafana dashboards

Disaster recovery

nself dr drill                      # Practice a disaster recovery drill
nself dr promote-standby            # Promote standby to primary
nself dr reconfigure-dns            # Update DNS after failover
nself dr rollback                   # Roll back a DR operation

# PITR (Point-in-Time Recovery)
nself db pitr status
nself db pitr restore               # Restore to a point in time
nself db pitr restore-drill         # Practice PITR restore

Production checklist

1. Run nself security setup and resolve all findings
2. Run nself ssl setup for your domain
3. Enable WAF: nself waf enable
4. Verify nself doctor --deep reports no CRITICAL findings
5. Configure backup schedule: nself backup schedule
6. Enable PITR: nself db pitr enable
7. Set up alerting: nself alerts list
8. Run nself db rls audit and apply any gaps
9. Run nself db fk-index audit and apply missing indexes

See also

• Deployment — environment switching and promote
• Database Commands — PITR, RLS, backups
• Security Guide — full security hardening reference
• Monitoring Guide — Prometheus, Grafana setup