From Production to Public

The Final Stretch

From Production to Public

So, there I was. My app was up and running in production, ticking along smoothly on AWS.

But what’s the point of having a perfectly tuned app if no one can access it? It was time to take that final step: going public.

This post is all about that last-mile journey—where I took my app from "everything works in production" to "everything is live, stable, and ready for the public." Let me walk you through how I did it.


Cloudflare R2: Offloading Static and Media Files

One of the first things I tackled was moving my static and media files off my EC2 instance and into Cloudflare R2. Managing those files directly on the server was never going to scale well, so I decided to offload them to R2. It's like Cloudflare’s version of S3—perfect for my needs.

I set up the bucket and linked it to my app. It didn’t take long, and before I knew it, my app was serving static and media files from R2 instead of the EC2.

That change alone made my setup feel more polished and took some weight off the server, freeing it up to do the heavy lifting.


Monitoring with Prometheus and Grafana

With the app running smoothly, my next concern was keeping tabs on everything. After all, if something crashes, I want to know about it before my users do. Time to use Prometheus and Grafana.

Prometheus started scraping all kinds of metrics from my Docker containers—everything from CPU and memory usage to request counts. Grafana took all that data and made it pretty with some slick dashboards.

Now I can pull up a real-time view of how the app is performing anytime I want. Plus, I set up some alerts to notify me if anything starts going off the rails.

Of course, that meant I needed secure access to these monitoring tools without exposing them directly to the internet. This is where Tailscale came in handy.


Setting Up DNS for Prometheus and Grafana with Tailscale

I configured Prometheus and Grafana to run in my private Docker network alongside my other containers. But rather than leaving these services open to the public, I decided to route them through Nginx using Tailscale’s private VPN.

I have already set up Tailscale, which gave me a secure, private IP that could only be accessed within my VPN network. Then, I configured DNS entries in Cloudflare for both Prometheus and Grafana as well, similar to Portainer.

Also, I had to get SSL certificates for new subdomains and set them up in the Nginx config.

The DNS entries pointed to my private Tailscale IP, and from there, Nginx routed the traffic to the appropriate services within the Docker network.

With this setup, I could access prometheus.mydomain.com and grafana.mydomain.com securely through Tailscale, while keeping both services completely invisible to the outside world. All the management and monitoring power, none of the public exposure.


Wrapping It Up

After getting all that setup, offloading static files, monitoring performance, and securely accessing Prometheus and Grafana through Tailscale, it was time to flip the switch.

And that’s it, the app is now public, live, and working as expected. I’m happy with where it’s at, and I’ve got everything in place to keep it running smoothly.