Production CLI Commands

Updated for ɳSelf v0.4.8

Essential CLI commands for deploying and managing ɳSelf in production environments with the v0.4.8 environment management, security hardening, and deployment capabilities.

Production Environment Management

ɳSelf prod status

Show production environment status (default subcommand):

# Show production status
ɳSelf prod status
ɳSelf prod

# Displays:
# - Environment settings (ENV, domain, debug mode)
# - Secrets file status
# - SSL certificate status and expiry
# - Docker Compose file status

ɳSelf prod init

Initialize production configuration:

# Initialize production for your domain
ɳSelf prod init yourdomain.com --email admin@yourdomain.com

# What it does:
# - Sets ENV=production
# - Disables debug mode
# - Enables SSL with Let's Encrypt
# - Disables Hasura dev mode and console
# - Creates docker-compose.prod.yml

ɳSelf prod check / audit

Run comprehensive security audit:

# Run security audit
ɳSelf prod check
ɳSelf prod audit --verbose

# Checks performed:
# - Environment settings (DEBUG, LOG_LEVEL, etc.)
# - Secrets strength and configuration
# - SSL certificate validity and expiry
# - Docker security settings
# - Network security (HSTS, XSS protection, etc.)
# - File permissions

# Exit codes:
# 0 - All checks passed
# 1 - Critical failures detected
# 2 - Warnings only (no critical failures)

ɳSelf prod secrets

Manage production secrets:

# Generate all production secrets
ɳSelf prod secrets generate
ɳSelf prod secrets generate --force  # Overwrite existing

# Validate secrets file
ɳSelf prod secrets validate

# Rotate a specific secret
ɳSelf prod secrets rotate POSTGRES_PASSWORD

# Show secrets (masked by default)
ɳSelf prod secrets show
ɳSelf prod secrets show --unmask

# Generated secrets:
# - POSTGRES_PASSWORD
# - HASURA_GRAPHQL_ADMIN_SECRET
# - JWT_SECRET
# - COOKIE_SECRET
# - MINIO_ROOT_PASSWORD
# - REDIS_PASSWORD
# - GRAFANA_ADMIN_PASSWORD

ɳSelf prod ssl

Manage SSL/TLS certificates:

# Check SSL certificate status
ɳSelf prod ssl status

# Request Let's Encrypt certificate
ɳSelf prod ssl request yourdomain.com --email admin@yourdomain.com
ɳSelf prod ssl request yourdomain.com --staging  # For testing

# Renew SSL certificates
ɳSelf prod ssl renew
ɳSelf prod ssl renew --force

# Generate self-signed certificate
ɳSelf prod ssl self-signed yourdomain.com

# Verify certificate chain
ɳSelf prod ssl verify

ɳSelf prod firewall

Configure and manage firewall rules:

# Check firewall status
ɳSelf prod firewall status

# Configure recommended rules
ɳSelf prod firewall configure --dry-run
ɳSelf prod firewall configure

# Allow/block specific ports
ɳSelf prod firewall allow 8080
ɳSelf prod firewall allow 53 udp
ɳSelf prod firewall block 3306

# Show security recommendations
ɳSelf prod firewall recommendations

ɳSelf prod harden

Apply all security hardening measures:

# Apply all hardening
ɳSelf prod harden

# Preview changes without applying
ɳSelf prod harden --dry-run

# Skip firewall configuration
ɳSelf prod harden --skip-firewall

# Hardening steps:
# 1. Generate secrets (if missing)
# 2. Apply production environment settings
# 3. Fix SSL key permissions
# 4. Check firewall status
# 5. Fix sensitive file permissions

Deployment Commands

nself deploy

Deploy your ɳSelf project to remote servers via SSH:

# Deploy to staging (full stack including frontends)
nself deploy staging

# Deploy to production (backend only by default)
nself deploy prod

# Preview deployment without executing
nself deploy staging --dry-run
nself deploy prod --dry-run

# Force deployment without confirmation
nself deploy staging --force

# Skip health checks after deployment
nself deploy prod --skip-health

# Include/exclude frontends
nself deploy prod --include-frontends
nself deploy staging --exclude-frontends

# Rolling deployment (zero-downtime)
nself deploy prod --rolling

nself deploy check-access

Verify SSH access to environments:

# Check access to all environments
nself deploy check-access

# Check before deploying
nself deploy staging --check-access

nself deploy health

Check deployment health:

# Check staging health
nself deploy health staging

# Check production health
nself deploy health prod

nself deploy rollback

Rollback to previous deployment:

# Rollback if something goes wrong
nself deploy rollback

nself deploy logs

View deployment logs:

# View deployment logs
nself deploy logs

Environment Management

nself env

Manage deployment environments:

# List all environments
nself env list

# Create new environment
nself env create staging staging
nself env create production prod

# Switch environment
nself env switch dev
nself env switch staging
nself env switch prod

# Show current environment status
nself env status

# Compare environments
nself env diff staging prod
nself env diff dev staging --values

# Validate environment configuration
nself env validate staging

# Delete environment
nself env delete qa

# Export/import environments
nself env export staging --output staging-env.tar.gz
nself env import staging-env.tar.gz

System Management

nself update

Update ɳSelf to the latest version:

# Update to latest version
nself update

# Check current version
nself version

nself status

Check comprehensive system status:

# Basic status check
nself status

# Show all service URLs
nself urls

Health Monitoring

nself logs

Access and monitor service logs:

# View all service logs
nself logs

# Follow logs in real-time
nself logs -f

# View specific service logs
nself logs postgres
nself logs hasura

nself exec

Execute commands in service containers:

# Shell into a container
nself exec postgres

# Run specific command
nself exec postgres psql -U postgres

Monitoring Commands

nself monitor

Open monitoring dashboards:

# Open Grafana (default)
nself monitor
nself monitor grafana

# Open Prometheus
nself monitor prometheus

# Open Alertmanager
nself monitor alerts

# Open Loki in Grafana
nself monitor loki

# CLI service status view
nself monitor services

# CLI resource usage view
nself monitor resources

# Tail service logs
nself monitor logs
nself monitor logs postgres

nself metrics

Configure monitoring profiles:

# Enable monitoring profiles
nself metrics enable minimal   # 4 services (~500MB)
nself metrics enable standard  # 7 services (~1GB)
nself metrics enable full      # 10 services (~2GB)
nself metrics enable auto      # Auto-detect based on ENV

# Show current profile
nself metrics status

Backup and Recovery

nself backup

Create system backups:

# Create full system backup
nself backup

# Database only backup
nself db backup

# Include configuration files
nself backup --include-config

# Compressed backup
nself backup --compress

# Remote backup to S3
nself backup --remote s3://my-backups/nself/

nself restore

Restore from backups:

# Restore from latest backup
nself restore

# Restore from specific backup
nself restore --from backup-20250806-140000

# Restore database only
nself db restore backup.sql

# Restore with verification
nself restore --verify

Security Commands

ɳSelf security

Security auditing and hardening:

# Run security audit
ɳSelf security audit

# Check for vulnerabilities
ɳSelf security scan

# Update security configurations
ɳSelf security harden

# Generate new secrets
ɳSelf security rotate-secrets

# SSL certificate management
ɳSelf security ssl-renew
ɳSelf security ssl-status

ɳSelf encrypt

Data encryption utilities:

# Encrypt sensitive files
ɳSelf encrypt .env.prod

# Decrypt files
ɳSelf decrypt .env.prod.enc

# Rotate encryption keys
ɳSelf encrypt rotate-keys

Maintenance Commands

ɳSelf cleanup

System cleanup and optimization:

# Clean up unused resources
ɳSelf cleanup

# Deep clean (removes old images, volumes)
ɳSelf cleanup --deep

# Clean specific components
ɳSelf cleanup docker
ɳSelf cleanup logs
ɳSelf cleanup backups

# Dry run (show what would be cleaned)
ɳSelf cleanup --dry-run

ɳSelf optimize

Performance optimization:

# Optimize database performance
ɳSelf optimize database

# Optimize Docker images
ɳSelf optimize images

# Full system optimization
ɳSelf optimize --all

# Generate optimization report
ɳSelf optimize --report

Configuration Management

nself config

Production configuration management:

# Validate configuration
nself config validate

# Show configuration (sanitized)
nself config show

# Update configuration value
nself config set POSTGRES_MAX_CONNECTIONS 200

# Generate new configuration template
nself config generate --environment production

# Import configuration from file
nself config import production.env

# Export configuration
nself config export --sanitize > config-backup.env

Service Management

nself scale

Scale services for production load:

# Scale specific service
nself scale hasura 3

# Auto-scale based on load
nself scale --auto

# Scale all services
nself scale --replicas 2

# Scale with resource limits
nself scale hasura 3 --memory 512MB --cpu 0.5

ɳSelf reload

Reload services without downtime:

# Reload specific service
ɳSelf reload hasura

# Reload configuration
ɳSelf reload --config

# Rolling reload (zero downtime)
ɳSelf reload --rolling

Network and Connectivity

ɳSelf network

Network diagnostics and configuration:

# Test network connectivity
ɳSelf network test

# Show network configuration
ɳSelf network show

# Test external connectivity
ɳSelf network test-external

# Diagnose network issues
ɳSelf network diagnose

Automated Scripts

Production Deployment Script

#!/bin/bash
# production-deploy.sh

set -e

echo "🚀 Starting production deployment..."

# Backup current state
echo "Creating backup..."
nself backup --name "pre-deploy-$(date +%Y%m%d-%H%M%S)"

# Update system
echo "Updating nself..."
nself update

# Deploy new version
echo "Deploying services..."
ɳSelf prod
cp .env.prod-template .env
nself build
nself up --no-deps

# Run health checks
echo "Running health checks..."
sleep 30
nself doctor

# Verify deployment
if nself status --check; then
    echo "✅ Deployment successful!"
else
    echo "❌ Deployment failed, rolling back..."
    nself restore
    exit 1
fi

Monitoring Script

#!/bin/bash
# monitor.sh - Add to cron for continuous monitoring

# Check system health
if ! nself doctor --quick; then
    echo "Health check failed" | mail -s "ɳSelf Alert" admin@example.com
fi

# Check resource usage
CPU_USAGE=$(ɳSelf resources --format json | jq '.total.cpu')
if (( $(echo "$CPU_USAGE > 80" | bc -l) )); then
    echo "High CPU usage: $CPU_USAGE%" | mail -s "ɳSelf Resource Alert" admin@example.com
fi

# Check disk space
DISK_USAGE=$(df / | tail -1 | awk '{print $5}' | sed 's/%//')
if [ "$DISK_USAGE" -gt 85 ]; then
    ɳSelf cleanup --auto
fi

# Rotate logs
find logs/ -name "*.log" -mtime +7 -delete

Integration with CI/CD

GitHub Actions Example

# .github/workflows/deploy.yml
name: Deploy to Production
on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      
      - name: Install ɳSelf
        run: |
          curl -sSL https://install.nself.org | bash
          
      - name: Deploy to production
        run: |
          echo "${{ secrets.ENV_PROD }}" > .env
          nself build
          nself up --detach
          
      - name: Health check
        run: |
          sleep 30
          nself doctor

Best Practices

• Automated Backups - Schedule regular database and system backups
• Health Monitoring - Run nself doctor regularly via cron
• Resource Monitoring - Monitor CPU, memory, and disk usage
• Log Management - Implement log rotation and retention policies
• Security Updates - Keep ɳSelf and Docker images updated
• Testing - Test backup restoration procedures regularly
• Alerts - Set up alerts for critical system events
• Documentation - Document your production setup and procedures

Next Steps

• Production Setup Guide
• SSL Configuration
• Backup & Restore
• Troubleshooting Guide