Complete deployment instructions for production environments.
Create docker-compose.yml:
version: '3.8'
services:
# MongoDB Database
mongodb:
image: mongo:6.0
container_name: ai_simulation_db
restart: unless-stopped
environment:
MONGO_INITDB_ROOT_USERNAME: admin
MONGO_INITDB_ROOT_PASSWORD: ${MONGO_ROOT_PASSWORD}
MONGO_INITDB_DATABASE: ai_simulation
volumes:
- mongodb_data:/data/db
- ./mongo-init.js:/docker-entrypoint-initdb.d/mongo-init.js:ro
ports:
- "27017:27017"
networks:
- ai_simulation_network
# Backend API
backend:
build:
context: ./backend
dockerfile: Dockerfile
container_name: ai_simulation_backend
restart: unless-stopped
environment:
- MONGO_URL=mongodb://admin:${MONGO_ROOT_PASSWORD}@mongodb:27017/ai_simulation?authSource=admin
- JWT_SECRET_KEY=${JWT_SECRET_KEY}
- OPENAI_API_KEY=${OPENAI_API_KEY}
- FAL_KEY=${FAL_KEY}
depends_on:
- mongodb
ports:
- "8001:8001"
networks:
- ai_simulation_network
volumes:
- ./backend:/app
- backend_logs:/app/logs
# Frontend React App
frontend:
build:
context: ./frontend
dockerfile: Dockerfile
args:
- REACT_APP_BACKEND_URL=${REACT_APP_BACKEND_URL}
container_name: ai_simulation_frontend
restart: unless-stopped
ports:
- "3000:80"
depends_on:
- backend
networks:
- ai_simulation_network
# Nginx Reverse Proxy
nginx:
image: nginx:alpine
container_name: ai_simulation_nginx
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./nginx/ssl:/etc/nginx/ssl:ro
- nginx_logs:/var/log/nginx
depends_on:
- frontend
- backend
networks:
- ai_simulation_network
volumes:
mongodb_data:
backend_logs:
nginx_logs:
networks:
ai_simulation_network:
driver: bridge# Database
MONGO_ROOT_PASSWORD=your_secure_mongo_password
# JWT Security
JWT_SECRET_KEY=your_super_secure_jwt_secret_key_here
# AI Services
OPENAI_API_KEY=your_openai_api_key_here
FAL_KEY=your_fal_ai_key_here
# Frontend
REACT_APP_BACKEND_URL=https://yourdomain.com
# SSL (if using HTTPS)
SSL_CERTIFICATE_PATH=/path/to/ssl/cert.pem
SSL_PRIVATE_KEY_PATH=/path/to/ssl/private.key# backend/Dockerfile
FROM python:3.9-slim
WORKDIR /app
# Install system dependencies
RUN apt-get update && apt-get install -y \
gcc \
&& rm -rf /var/lib/apt/lists/*
# Copy and install Python dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
# Copy application code
COPY . .
# Create logs directory
RUN mkdir -p /app/logs
# Expose port
EXPOSE 8001
# Health check
HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=3 \
CMD curl -f http://localhost:8001/api/health || exit 1
# Start application
CMD ["gunicorn", "server:app", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8001", "--access-logfile", "/app/logs/access.log", "--error-logfile", "/app/logs/error.log"]# frontend/Dockerfile
FROM node:18-alpine as build
WORKDIR /app
# Copy package files
COPY package.json yarn.lock ./
# Install dependencies
RUN yarn install --frozen-lockfile
# Copy source code
COPY . .
# Build arguments
ARG REACT_APP_BACKEND_URL
ENV REACT_APP_BACKEND_URL=$REACT_APP_BACKEND_URL
# Build application
RUN yarn build
# Production stage
FROM nginx:alpine
# Copy built application
COPY --from=build /app/build /usr/share/nginx/html
# Copy nginx configuration
COPY nginx.conf /etc/nginx/conf.d/default.conf
# Expose port
EXPOSE 80
# Health check
HEALTHCHECK --interval=30s --timeout=3s \
CMD wget --quiet --tries=1 --spider http://localhost/ || exit 1
# Start nginx
CMD ["nginx", "-g", "daemon off;"]# nginx/nginx.conf
events {
worker_connections 1024;
}
http {
upstream backend {
server backend:8001;
}
upstream frontend {
server frontend:80;
}
# HTTP to HTTPS redirect
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$server_name$request_uri;
}
# HTTPS server
server {
listen 443 ssl http2;
server_name yourdomain.com www.yourdomain.com;
# SSL Configuration
ssl_certificate /etc/nginx/ssl/cert.pem;
ssl_certificate_key /etc/nginx/ssl/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
# Security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-XSS-Protection "1; mode=block" always;
# Frontend (React app)
location / {
proxy_pass http://frontend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Backend API
location /api/ {
proxy_pass http://backend;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# CORS headers (if needed)
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, PUT, DELETE, OPTIONS";
add_header Access-Control-Allow-Headers "Origin, Content-Type, Accept, Authorization";
}
# WebSocket support (if needed)
location /ws {
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
}# Clone repository
git clone https://github.com/yourusername/ai-agent-simulation.git
cd ai-agent-simulation
# Set up environment
cp .env.example .env
# Edit .env with your values
# Start services
docker-compose up -d
# Check status
docker-compose ps
# View logs
docker-compose logs -f
# Stop services
docker-compose down# k8s/namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: ai-simulation# k8s/mongodb.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: mongodb
namespace: ai-simulation
spec:
replicas: 1
selector:
matchLabels:
app: mongodb
template:
metadata:
labels:
app: mongodb
spec:
containers:
- name: mongodb
image: mongo:6.0
ports:
- containerPort: 27017
env:
- name: MONGO_INITDB_ROOT_USERNAME
value: "admin"
- name: MONGO_INITDB_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mongodb-secret
key: password
volumeMounts:
- name: mongodb-storage
mountPath: /data/db
volumes:
- name: mongodb-storage
persistentVolumeClaim:
claimName: mongodb-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mongodb-service
namespace: ai-simulation
spec:
selector:
app: mongodb
ports:
- port: 27017
targetPort: 27017# k8s/backend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: backend
namespace: ai-simulation
spec:
replicas: 3
selector:
matchLabels:
app: backend
template:
metadata:
labels:
app: backend
spec:
containers:
- name: backend
image: your-registry/ai-simulation-backend:latest
ports:
- containerPort: 8001
env:
- name: MONGO_URL
valueFrom:
secretKeyRef:
name: app-secrets
key: mongo-url
- name: JWT_SECRET_KEY
valueFrom:
secretKeyRef:
name: app-secrets
key: jwt-secret
livenessProbe:
httpGet:
path: /api/health
port: 8001
initialDelaySeconds: 30
periodSeconds: 30
readinessProbe:
httpGet:
path: /api/health
port: 8001
initialDelaySeconds: 5
periodSeconds: 10
---
apiVersion: v1
kind: Service
metadata:
name: backend-service
namespace: ai-simulation
spec:
selector:
app: backend
ports:
- port: 8001
targetPort: 8001# k8s/frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: frontend
namespace: ai-simulation
spec:
replicas: 2
selector:
matchLabels:
app: frontend
template:
metadata:
labels:
app: frontend
spec:
containers:
- name: frontend
image: your-registry/ai-simulation-frontend:latest
ports:
- containerPort: 80
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 30
periodSeconds: 30
---
apiVersion: v1
kind: Service
metadata:
name: frontend-service
namespace: ai-simulation
spec:
selector:
app: frontend
ports:
- port: 80
targetPort: 80# k8s/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ai-simulation-ingress
namespace: ai-simulation
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
cert-manager.io/cluster-issuer: letsencrypt-prod
spec:
tls:
- hosts:
- yourdomain.com
secretName: ai-simulation-tls
rules:
- host: yourdomain.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: backend-service
port:
number: 8001
- path: /
pathType: Prefix
backend:
service:
name: frontend-service
port:
number: 80# Apply all configurations
kubectl apply -f k8s/
# Check deployments
kubectl get deployments -n ai-simulation
# Check services
kubectl get services -n ai-simulation
# Check pods
kubectl get pods -n ai-simulation
# View logs
kubectl logs -f deployment/backend -n ai-simulation# aws-ecs-task-definition.json
{
"family": "ai-simulation",
"networkMode": "awsvpc",
"requiresCompatibilities": ["FARGATE"],
"cpu": "1024",
"memory": "2048",
"executionRoleArn": "arn:aws:iam::account:role/ecsTaskExecutionRole",
"containerDefinitions": [
{
"name": "backend",
"image": "your-account.dkr.ecr.region.amazonaws.com/ai-simulation-backend:latest",
"portMappings": [
{
"containerPort": 8001,
"protocol": "tcp"
}
],
"environment": [
{
"name": "MONGO_URL",
"value": "mongodb://your-documentdb-cluster"
}
],
"logConfiguration": {
"logDriver": "awslogs",
"options": {
"awslogs-group": "/ecs/ai-simulation",
"awslogs-region": "us-east-1",
"awslogs-stream-prefix": "ecs"
}
}
}
]
}# cloudbuild.yaml
steps:
# Build backend
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', 'gcr.io/$PROJECT_ID/ai-simulation-backend', './backend']
# Build frontend
- name: 'gcr.io/cloud-builders/docker'
args: ['build', '-t', 'gcr.io/$PROJECT_ID/ai-simulation-frontend', './frontend']
# Push images
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/$PROJECT_ID/ai-simulation-backend']
- name: 'gcr.io/cloud-builders/docker'
args: ['push', 'gcr.io/$PROJECT_ID/ai-simulation-frontend']
# Deploy to Cloud Run
- name: 'gcr.io/cloud-builders/gcloud'
args: ['run', 'deploy', 'ai-simulation-backend',
'--image', 'gcr.io/$PROJECT_ID/ai-simulation-backend',
'--platform', 'managed',
'--region', 'us-central1',
'--allow-unauthenticated']# server.py - Production settings
from fastapi import FastAPI
from fastapi.middleware.gzip import GZipMiddleware
from fastapi.middleware.cors import CORSMiddleware
app = FastAPI(
title="AI Agent Simulation API",
version="1.0.0",
docs_url="/docs" if DEBUG else None, # Disable docs in production
redoc_url=None if not DEBUG else "/redoc"
)
# Add compression
app.add_middleware(GZipMiddleware, minimum_size=1000)
# Production CORS settings
app.add_middleware(
CORSMiddleware,
allow_origins=["https://yourdomain.com"], # Specific domain only
allow_credentials=True,
allow_methods=["GET", "POST", "PUT", "DELETE"],
allow_headers=["*"],
)# Create indexes for better performance
async def create_indexes():
await db.users.create_index("email", unique=True)
await db.agents.create_index([("user_id", 1), ("archetype", 1)])
await db.simulations.create_index("user_id")
await db.conversations.create_index([("simulation_id", 1), ("timestamp", -1)])// webpack optimization
const path = require('path');
module.exports = {
optimization: {
splitChunks: {
chunks: 'all',
cacheGroups: {
vendor: {
test: /[\\/]node_modules[\\/]/,
name: 'vendors',
chunks: 'all',
},
},
},
},
resolve: {
alias: {
'@': path.resolve(__dirname, 'src'),
},
},
};# Additional security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header Permissions-Policy "camera=(), microphone=(), geolocation=()" always;# Backend rate limiting
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
limiter = Limiter(key_func=get_remote_address)
app.state.limiter = limiter
app.add_exception_handler(429, _rate_limit_exceeded_handler)
@app.get("/api/agents")
@limiter.limit("100/minute")
async def get_agents(request: Request):
# ... endpoint logic# docker-compose.monitoring.yml
version: '3.8'
services:
prometheus:
image: prom/prometheus
ports:
- "9090:9090"
volumes:
- ./prometheus.yml:/etc/prometheus/prometheus.yml
grafana:
image: grafana/grafana
ports:
- "3001:3000"
environment:
- GF_SECURITY_ADMIN_PASSWORD=admin
volumes:
- grafana-storage:/var/lib/grafana
volumes:
grafana-storage:# ELK Stack for log aggregation
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:8.8.0
environment:
- discovery.type=single-node
- xpack.security.enabled=false
ports:
- "9200:9200"
logstash:
image: docker.elastic.co/logstash/logstash:8.8.0
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
kibana:
image: docker.elastic.co/kibana/kibana:8.8.0
ports:
- "5601:5601"
depends_on:
- elasticsearch# .github/workflows/deploy.yml
name: Deploy to Production
on:
push:
branches: [main]
jobs:
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Setup Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install frontend dependencies
run: cd frontend && yarn install
- name: Run frontend tests
run: cd frontend && yarn test --coverage
- name: Setup Python
uses: actions/setup-python@v4
with:
python-version: '3.9'
- name: Install backend dependencies
run: cd backend && pip install -r requirements.txt
- name: Run backend tests
run: cd backend && python -m pytest
deploy:
needs: test
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
steps:
- uses: actions/checkout@v3
- name: Deploy to production
run: |
# Build and push Docker images
docker build -t ${{ secrets.REGISTRY }}/ai-simulation-backend ./backend
docker build -t ${{ secrets.REGISTRY }}/ai-simulation-frontend ./frontend
# Push to registry
docker push ${{ secrets.REGISTRY }}/ai-simulation-backend
docker push ${{ secrets.REGISTRY }}/ai-simulation-frontend
# Deploy to production server
ssh ${{ secrets.PRODUCTION_SERVER }} "cd /opt/ai-simulation && docker-compose pull && docker-compose up -d"# Check container logs
docker logs ai_simulation_backend
docker logs ai_simulation_frontend
# Access container shell
docker exec -it ai_simulation_backend bash
# Check resource usage
docker stats# Test MongoDB connection
docker exec -it ai_simulation_backend python -c "
import motor.motor_asyncio
client = motor.motor_asyncio.AsyncIOMotorClient('mongodb://mongodb:27017')
print('Connected to MongoDB')
"# Generate self-signed certificate for testing
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout nginx/ssl/private.key \
-out nginx/ssl/cert.pem
# Check certificate
openssl x509 -in nginx/ssl/cert.pem -text -noout# Backend health
curl -f http://localhost:8001/api/health
# Frontend health
curl -f http://localhost:3000
# Database health
docker exec ai_simulation_db mongo --eval "db.adminCommand('ping')"- Environment variables configured
- SSL certificates installed
- Database backup created
- Load testing completed
- Security scan passed
- Performance benchmarks met
- Health checks passing
- Monitoring alerts configured
- Log aggregation working
- Backup schedule verified
- Rollback plan tested
- Team notifications sent
Deployment Complete! π
Your AI Agent Simulation Platform should now be running in production with proper monitoring, security, and scalability.