Documentation Index
Fetch the complete documentation index at: https://mintlify.com/sockudo/sockudo/llms.txt
Use this file to discover all available pages before exploring further.
Production Checklist
Before deploying Sockudo to production, complete these essential steps:
1. Secure App Credentials
# Generate secure credentials
export SOCKUDO_DEFAULT_APP_ID="your-app-id"
export SOCKUDO_DEFAULT_APP_KEY="$(openssl rand -hex 16)"
export SOCKUDO_DEFAULT_APP_SECRET="$(openssl rand -hex 32)"
# Disable default demo app
export SOCKUDO_DEFAULT_APP_ENABLED="false"
- Environment variables (production servers)
- Secrets management (Docker Swarm, Kubernetes)
- Vault or AWS Secrets Manager
Enable SSL for encrypted connections:
environment:
SSL_ENABLED: "true"
SSL_CERT_PATH: "/app/ssl/fullchain.pem"
SSL_KEY_PATH: "/app/ssl/privkey.pem"
SSL_REDIRECT_HTTP: "true" # Redirect HTTP to HTTPS
SSL_HTTP_PORT: "80"
3. Enable Rate Limiting
environment:
RATE_LIMITER_ENABLED: "true"
RATE_LIMITER_DRIVER: "redis" # Use Redis in production
environment:
SOCKUDO_DEFAULT_APP_MAX_CONNECTIONS: "10000"
SOCKUDO_DEFAULT_APP_MAX_CLIENT_EVENTS_PER_SECOND: "100"
SOCKUDO_DEFAULT_APP_MAX_READ_REQUESTS_PER_SECOND: "100"
environment:
LOG_OUTPUT_FORMAT: "json" # Must be environment variable
LOG_INCLUDE_TARGET: "true"
RUST_LOG: "info,sockudo=info"
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
5. Set Resource Limits
Configure appropriate limits (see Resource Requirements).
6. Enable Monitoring
Expose Prometheus metrics:
environment:
METRICS_ENABLED: "true"
METRICS_PORT: "9601"
METRICS_DRIVER: "prometheus"
METRICS_PROMETHEUS_PREFIX: "sockudo_"
ports:
- "9601:9601"
environment:
WEBHOOK_BATCHING_ENABLED: "true"
WEBHOOK_BATCHING_DURATION: "50"
8. Database Backend
Use persistent storage for app management:
environment:
APP_MANAGER_DRIVER: "mysql" # or postgres, dynamodb
# MySQL Configuration
DATABASE_MYSQL_HOST: "mysql"
DATABASE_MYSQL_PORT: "3306"
DATABASE_MYSQL_USERNAME: "sockudo"
DATABASE_MYSQL_PASSWORD: "${MYSQL_PASSWORD}"
DATABASE_MYSQL_DATABASE: "sockudo"
DATABASE_MYSQL_POOL_MIN: "2"
DATABASE_MYSQL_POOL_MAX: "10"
SSL Setup
Let’s Encrypt with Docker
1. Generate Certificates
# Install certbot
sudo apt-get install certbot
# Generate certificate
sudo certbot certonly --standalone \
-d your-domain.com \
-d ws.your-domain.com
2. Mount Certificates
services:
sockudo:
volumes:
- /etc/letsencrypt/live/${DOMAIN}:/app/ssl:ro
environment:
SSL_ENABLED: "true"
SSL_CERT_PATH: "/app/ssl/fullchain.pem"
SSL_KEY_PATH: "/app/ssl/privkey.pem"
3. Auto-Renewal
# Add to crontab
0 0 * * * certbot renew --quiet && docker-compose restart sockudo
Custom SSL Certificates
volumes:
- ./ssl/certificate.crt:/app/ssl/cert.pem:ro
- ./ssl/private.key:/app/ssl/key.pem:ro
- ./ssl/ca-bundle.crt:/app/ssl/ca.pem:ro # Optional
SSL with Reverse Proxy
If using Nginx/Caddy for SSL termination:
environment:
SSL_ENABLED: "false" # Proxy handles SSL
HOST: "127.0.0.1" # Only accept proxy connections
PORT: "6001"
upstream sockudo {
server 127.0.0.1:6001;
}
server {
listen 443 ssl http2;
server_name ws.your-domain.com;
ssl_certificate /etc/letsencrypt/live/your-domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/your-domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://sockudo;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Security Hardening
Network Security
networks:
sockudo-network:
driver: bridge
ipam:
config:
- subnet: 172.20.0.0/16
services:
sockudo:
networks:
- sockudo-network
redis:
networks:
- sockudo-network
ports: [] # Don't expose to host
Origin Validation
environment:
SOCKUDO_DEFAULT_APP_ALLOWED_ORIGINS: "https://app.example.com,https://admin.example.com"
config.json:
{
"app_manager": {
"array": {
"apps": [
{
"id": "my-app",
"allowed_origins": [
"https://app.example.com",
"*.staging.example.com",
"http://localhost:3000"
]
}
]
}
}
}
CORS Configuration
{
"cors": {
"credentials": true,
"origin": ["https://app.example.com"],
"methods": ["GET", "POST", "OPTIONS"],
"allowed_headers": [
"Authorization",
"Content-Type",
"X-Requested-With"
]
}
}
Redis Security
services:
redis:
command: >
redis-server
--requirepass ${REDIS_PASSWORD}
--appendonly yes
--maxmemory 512mb
--maxmemory-policy allkeys-lru
--bind 0.0.0.0
--protected-mode yes
Container Security
services:
sockudo:
# Run as non-root user
user: sockudo
# Read-only root filesystem
read_only: true
tmpfs:
- /tmp
# Drop capabilities
cap_drop:
- ALL
cap_add:
- NET_BIND_SERVICE
# Security options
security_opt:
- no-new-privileges:true
Firewall Rules
# Allow WebSocket connections
sudo ufw allow 6001/tcp
# Allow HTTPS
sudo ufw allow 443/tcp
# Allow metrics (from monitoring servers only)
sudo ufw allow from 10.0.0.0/8 to any port 9601
# Enable firewall
sudo ufw enable
Resource Requirements
Deployment Scenarios
| Scenario | CPU/RAM | Adapter | Cache | Queue | Max Connections | Resource Limits |
|---|
| Development | 1vCPU/1GB | local | memory | memory | 1K | 512M/1.0 CPU |
| Small Production | 2vCPU/2GB | redis | redis | redis | 10K | 1G/2.0 CPU |
| High Traffic | 4vCPU/4GB+ | redis | redis | redis | 50K+ | 2G/4.0 CPU |
| Multi-Region | 8vCPU/8GB+ | redis-cluster | redis-cluster | redis-cluster | 100K+ | 4G/8.0 CPU |
Development
Use Case: Local development and testing
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
reservations:
memory: 256M
cpus: '0.5'
environment:
ADAPTER_DRIVER: "local"
CACHE_DRIVER: "memory"
QUEUE_DRIVER: "memory"
SOCKUDO_DEFAULT_APP_MAX_CONNECTIONS: "1000"
Small Production
Use Case: Small to medium apps, up to 10K concurrent connections
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
reservations:
memory: 512M
cpus: '1.0'
environment:
ADAPTER_DRIVER: "redis"
CACHE_DRIVER: "redis"
QUEUE_DRIVER: "redis"
SOCKUDO_DEFAULT_APP_MAX_CONNECTIONS: "10000"
# Redis configuration
DATABASE_REDIS_HOST: "redis"
DATABASE_REDIS_PASSWORD: "${REDIS_PASSWORD}"
redis:
deploy:
resources:
limits:
memory: 512M
cpus: '1.0'
High Traffic
Use Case: High-traffic production apps, 50K+ connections
deploy:
resources:
limits:
memory: 2G
cpus: '4.0'
reservations:
memory: 1G
cpus: '2.0'
environment:
ADAPTER_DRIVER: "redis"
CACHE_DRIVER: "redis"
QUEUE_DRIVER: "redis"
SOCKUDO_DEFAULT_APP_MAX_CONNECTIONS: "50000"
# Performance tuning
CLEANUP_QUEUE_BUFFER_SIZE: "50000"
CLEANUP_BATCH_SIZE: "25"
ADAPTER_BUFFER_MULTIPLIER_PER_CPU: "128"
# WebSocket buffers
WEBSOCKET_MAX_MESSAGES: "1000"
WEBSOCKET_MAX_BYTES: "1048576"
WEBSOCKET_DISCONNECT_ON_BUFFER_FULL: "true"
redis:
command: >
redis-server
--maxmemory 1gb
--maxmemory-policy allkeys-lru
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
Multi-Region
Use Case: Geo-distributed, 100K+ connections
deploy:
resources:
limits:
memory: 4G
cpus: '8.0'
reservations:
memory: 2G
cpus: '4.0'
environment:
ADAPTER_DRIVER: "redis-cluster"
CACHE_DRIVER: "redis-cluster"
QUEUE_DRIVER: "redis-cluster"
SOCKUDO_DEFAULT_APP_MAX_CONNECTIONS: "100000"
# Redis Cluster nodes
REDIS_CLUSTER_NODES: "redis-1:6379,redis-2:6379,redis-3:6379,redis-4:6379,redis-5:6379,redis-6:6379"
Production Docker Compose
Complete production configuration:
services:
sockudo:
build:
context: .
target: runtime
restart: unless-stopped
environment:
# Production settings
RUST_LOG: "info,sockudo=info"
DEBUG: "false"
# SSL
SSL_ENABLED: "true"
SSL_CERT_PATH: "/app/ssl/fullchain.pem"
SSL_KEY_PATH: "/app/ssl/privkey.pem"
SSL_REDIRECT_HTTP: "true"
# Disable default app
SOCKUDO_DEFAULT_APP_ENABLED: "false"
# Drivers
ADAPTER_DRIVER: "redis"
CACHE_DRIVER: "redis"
QUEUE_DRIVER: "redis"
APP_MANAGER_DRIVER: "mysql"
RATE_LIMITER_DRIVER: "redis"
# Database
DATABASE_REDIS_HOST: "redis"
DATABASE_REDIS_PASSWORD: "${REDIS_PASSWORD}"
DATABASE_MYSQL_HOST: "mysql"
DATABASE_MYSQL_PASSWORD: "${MYSQL_PASSWORD}"
# Metrics
METRICS_ENABLED: "true"
METRICS_PORT: "9601"
# Logging
LOG_OUTPUT_FORMAT: "json"
ports:
- "80:80"
- "443:6001"
- "9601:9601"
volumes:
- ./config:/app/config:ro
- ./logs:/app/logs
- /etc/letsencrypt/live/${DOMAIN}:/app/ssl:ro
deploy:
resources:
limits:
memory: 2G
cpus: '4.0'
reservations:
memory: 1G
cpus: '2.0'
restart_policy:
condition: any
delay: 5s
max_attempts: 3
healthcheck:
test: ["CMD", "curl", "-f", "-k", "https://localhost:6001/up/health"]
interval: 30s
timeout: 10s
retries: 5
start_period: 60s
depends_on:
redis:
condition: service_healthy
mysql:
condition: service_healthy
redis:
image: redis:7-alpine
restart: unless-stopped
command: >
redis-server
--requirepass ${REDIS_PASSWORD}
--appendonly yes
--maxmemory 1gb
--maxmemory-policy allkeys-lru
volumes:
- redis-data:/data
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
networks:
- sockudo-network
mysql:
image: mysql:8.0
restart: unless-stopped
environment:
MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
MYSQL_DATABASE: sockudo
MYSQL_USER: sockudo
MYSQL_PASSWORD: ${MYSQL_PASSWORD}
volumes:
- mysql-data:/var/lib/mysql
deploy:
resources:
limits:
memory: 1G
cpus: '2.0'
networks:
- sockudo-network
volumes:
redis-data:
mysql-data:
networks:
sockudo-network:
driver: bridge
Environment Files
Create .env file:
# Domain
DOMAIN=your-domain.com
# Redis
REDIS_PASSWORD=your-secure-redis-password
# MySQL
MYSQL_ROOT_PASSWORD=your-root-password
MYSQL_PASSWORD=your-mysql-password
# Sockudo
SOCKUDO_APP_KEY=your-app-key
SOCKUDO_APP_SECRET=your-app-secret
Next Steps