Deployment

Run Zander reliably in production with a process manager and a reverse proxy. This page covers PM2, nginx, and environment hardening.

Starting the Application

Development

npm run dev

Uses nodemon for automatic restarts on file changes.

Production

npm run prod

Starts the application with the --experimental-vm-modules flag and a 512 MB memory cap. This command does not auto-restart on crash — use a process manager (see below).

Build Step

Run the build step once before first launch and after each update:

npm run build

This installs dependencies, runs prisma migrate deploy, and generates the Prisma client.

Process Management

For production deployments, run the app under a process manager to ensure it restarts automatically.

PM2 (recommended)

npm install -g pm2
pm2 start app.js --name zander-web --node-args="--experimental-vm-modules" --max-memory-restart 512M
pm2 save
pm2 startup

Heroku / Procfile

The repository includes a Procfile for Heroku-style platforms:

web: npm run prod

Reverse Proxy (nginx)

Serve the app over HTTPS using nginx as a reverse proxy:

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        proxy_pass http://127.0.0.1:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

Update siteAddress in .env to the public HTTPS URL once the proxy is configured.

Environment Variables

Ensure all required .env values are set before starting in production. In particular:

NODE_ENV=production — enables production-mode logging and error handling
sessionCookieSecret — must be a secure random string (32+ characters)
siteAddress — must be the public HTTPS URL
DATABASE_URL — must point to a reliable MySQL instance

warning

Never commit your .env file to version control. Use a secrets manager or environment injection provided by your hosting platform.

Updating

Pull the latest code.
Run npm run build to apply any new migrations and regenerate the Prisma client.
Restart the application (pm2 restart zander-web or equivalent).

Starting the Application​

Development​

Production​

Build Step​

Process Management​

PM2 (recommended)​

Heroku / Procfile​

Reverse Proxy (nginx)​

Environment Variables​

Updating​