LogisterDocumentationDeployment config
Documentation / Deployment config

Configure production deploys without guessing.

This page collects the operator-facing configuration from the Rails docs: required secrets, optional services, provider-managed files, and the checklist to run before you call a self-hosted deployment healthy.

Required secrets

These are the minimum variables for a production deployment.

VariablePurpose
RAILS_MASTER_KEYDecrypts Rails credentials
DATABASE_URLConnects PostgreSQL for the control-plane app database
REDIS_URLPowers Sidekiq, caching, and Redis-backed features
LOGISTER_ADMIN_EMAILSBootstraps admin access for named operators

Most production installs also set LOGISTER_EMAIL_FROM and SENDGRID_API_KEY.

Optional services

Enable additional integrations only when you need them.

Email

  • LOGISTER_EMAIL_FROM sets the sender for auth and system mail
  • SENDGRID_API_KEY enables SendGrid delivery in production

Cloudflare Turnstile

shell
LOGISTER_TURNSTILE_ENABLED=true
LOGISTER_TURNSTILE_SITE_KEY=
LOGISTER_TURNSTILE_SECRET_KEY=

The Devise sign-in and sign-up flows render the Turnstile widget and validate tokens server-side when enabled.

Consent-gated analytics

shell
LOGISTER_COOKIE_CONSENT_ENABLED=true
LOGISTER_ANALYTICS_ENABLED=true
COOKIECONSENT_SCRIPT_URL=
COOKIECONSENT_WEBSITE_NAME=
COOKIECONSENT_PRIVACY_POLICY_URL=https://your-domain.example/privacy
GOOGLE_TAG_ID=G-XXXXXXXXXX
CLOUDFLARE_WEB_ANALYTICS_TOKEN=

Provider files

Keep deploy config in version control, but keep secrets out of the repo.

  • Dockerfile for containerized deploys
  • config/deploy.yml for Kamal-based deploys
  • fly.toml as tracked non-secret Fly.io config
  • fly.toml.example as a reference template

Important

Keep secrets in your deploy provider or CI secret store, not in tracked config files.

Production checklist

Run this checklist before calling the rollout complete.

  1. Set the required secrets and connection URLs.
  2. Configure outbound email if you need system or confirmation emails.
  3. Pick your deploy method and keep provider config tracked separately from secrets.
  4. Run migrations during deploy.
  5. Verify Sidekiq boots against the production Redis instance.
  6. Only then turn on ClickHouse, Turnstile, or analytics tooling if you need them.

Deploy verification

Check the operator path, not just the web process.

Post-deploy verification
Admin user can sign in
Project creation succeeds
API key generation works and shows the token once
Background job processes can connect to Redis
One test event lands in the project inbox