Use sails.log() for logging
Have you tried lifting locally with the NODE_ENV environment variable set to "production"? (A quick way to test this out is to run NODE_ENV=production node app (or, as a shortcut: sails lift --prod).)
Setting your app's environment config to 'production' tells Sails to get its game face on—i.e. that your app is running in a production environment.
When your app is running in a production environment:
middleware and other dependencies baked into Sails switch to using more efficient code.
all of your models' migration settings are forced to migrate: 'safe'. This is a failsafe to protect against inadvertently damaging your production data during deployment
your asset pipeline runs in production mode (if relevant). Out of the box, that means your Sails app will compile all stylesheets, client-side scripts, and precompiled JST templates into minified .css and .js files to decrease page load times and reduce bandwidth consumption.
error messages and stack traces from res.serverError() will still be logged, but will not be sent in the response (this is to prevent a would-be attacker from accessing any sensitive information, such as encrypted passwords or the path where your Sails app is located on the server's file system).
Note: If you set sails.config.environment to 'production' some other way, that's totally cool. Just note that Sails will either set the NODE_ENV environment variable to 'production' for you automatically, or it will log a warning—so keep an eye on the console! The reason this environment variable is so important is that it is a universal convention in Node.js, regardless of the framework you are using. Built-in middleware and dependencies in Sails expect NODE_ENV to be set in production, otherwise they use their less efficient code paths that were designed for development use only.
If you have sockets enabled for your app (that is, you have the sails-hook-sockets module installed), then for security reasons you'll need to set sails.config.sockets.onlyAllowOrigins to the array of origins that should be allowed to connect to your app via websockets. You’ll likely set this in your app’s config/env/production.js file. See the socket configuration documentation for more info on onlyAllowOrigins.
Keep in mind that if you are using version control (git, for example), then any sensitive credentials (such as database passwords) will be checked in to the repo if you include them in your app's configuration files. A common solution to this problem is to provide certain sensitive configuration settings as environment variables. See Configuration for more information.
Protecting against CSRF is an important security measure for Sails apps. If you haven't already been developing with CSRF protection enabled (see sails.config.security.csrf), be sure to enable CSRF protection before going to production.
To lift in prod environment, either of the below can be run
NODE_ENV=production node app.js
node app.js --prod
References:
https://livebook.manning.com/book/sails-js-in-action/chapter-15/285
No comments:
Post a Comment