Azure Deployment Guide

Deploy SelfHostedDB on Microsoft Azure

This guide covers deploying SelfHostedDB on Azure using Container Instances, App Service, or AKS.

Option 1: Azure Container Instances (ACI)

Best for: Quick deployments, simple setups

Steps

1. Create Resource Group

   az group create --name selfhosteddb-rg --location eastus

2. Deploy Container

   az container create \
     --resource-group selfhosteddb-rg \
     --name selfhosteddb \
     --image your-registry/selfhosteddb:latest \
     --dns-name-label selfhosteddb-unique-name \
     --ports 3001 \
     --cpu 1 \
     --memory 1.5 \
     --environment-variables \
       NODE_ENV=production \
       PORT=3001 \
       LICENSE_SERVER_URL=https://license.selfhosteddb.com \
     --secure-environment-variables \
       DATABASE_URL='postgres://...' \
       AUTH_USER='admin' \
       AUTH_PASS='your-password' \
       LICENSE_KEY='your-license-key' \
       LICENSE_EMAIL='your@email.com' \
     --restart-policy Always

   Note: ACI doesn't support volume mounts. License data is stored in the container's filesystem. For persistence across restarts, use environment variables for auto-activation, or use Azure App Service or AKS instead.

3. Access Application

   • URL: http://selfhosteddb-unique-name.eastus.azurecontainer.io:3001
   • For HTTPS, use Azure Application Gateway or Front Door

Database Options

• Azure Database for PostgreSQL: Use connection string from Azure Portal
• Self-hosted: Deploy PostgreSQL container in same resource group

Option 2: Azure App Service (Linux Containers)

Best for: Managed deployments, automatic scaling

Steps

1. Create App Service Plan

   az appservice plan create \
     --name selfhosteddb-plan \
     --resource-group selfhosteddb-rg \
     --sku B1 \
     --is-linux

2. Create Web App

   az webapp create \
     --resource-group selfhosteddb-rg \
     --plan selfhosteddb-plan \
     --name selfhosteddb-app \
     --deployment-container-image-name your-registry/selfhosteddb:latest

3. Configure Environment Variables

   az webapp config appsettings set \
     --resource-group selfhosteddb-rg \
     --name selfhosteddb-app \
     --settings \
       NODE_ENV=production \
       PORT=3001 \
       LICENSE_SERVER_URL=https://license.selfhosteddb.com \
       DATABASE_URL='@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/database-url/)' \
       AUTH_USER='@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/auth-user/)' \
       AUTH_PASS='@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/auth-pass/)' \
       LICENSE_KEY='@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/license-key/)' \
       LICENSE_EMAIL='@Microsoft.KeyVault(SecretUri=https://your-vault.vault.azure.net/secrets/license-email/)'

   Note: App Service provides persistent storage. License data will persist across restarts. If you don't set LICENSE_KEY and LICENSE_EMAIL, you can activate via SSH:

   az webapp ssh --resource-group selfhosteddb-rg --name selfhosteddb-app
   # Then run: activate-license --key YOUR_KEY --email your@email.com

4. Enable HTTPS

   • Azure App Service provides free SSL certificates
   • Configure custom domain in App Service settings

Best Practices

• Use Azure Key Vault for secrets (reference in App Settings)
• Enable Application Insights for monitoring
• Configure auto-scaling rules
• Set up deployment slots for blue-green deployments

Option 3: Azure Kubernetes Service (AKS)

Best for: Enterprise deployments, complex orchestration

Steps

1. Create AKS Cluster

   az aks create \
     --resource-group selfhosteddb-rg \
     --name selfhosteddb-aks \
     --node-count 2 \
     --enable-addons monitoring

2. Store Secrets in Azure Key Vault

   az keyvault secret set --vault-name selfhosteddb-vault --name database-url --value 'postgres://...'
   az keyvault secret set --vault-name selfhosteddb-vault --name auth-user --value 'admin'
   az keyvault secret set --vault-name selfhosteddb-vault --name auth-pass --value 'your-password'
   az keyvault secret set --vault-name selfhosteddb-vault --name license-key --value 'your-license-key'
   az keyvault secret set --vault-name selfhosteddb-vault --name license-email --value 'your@email.com'

3. Deploy Using Kubernetes Manifests

   • Use same YAML as AWS EKS (see AWS EKS section)
   • Include license environment variables and volume mounts
   • Store secrets in Azure Key Vault and reference via CSI driver

Secrets Management

# Store secrets in Azure Key Vault
az keyvault secret set --vault-name selfhosteddb-vault --name database-url --value 'postgres://...'
az keyvault secret set --vault-name selfhosteddb-vault --name auth-user --value 'admin'
az keyvault secret set --vault-name selfhosteddb-vault --name auth-pass --value 'your-password'

Monitoring

Application Insights

• Performance Monitoring: Track response times, throughput
• Error Tracking: Automatic error detection and alerting
• Custom Metrics: Add custom application metrics

Log Analytics

• Container Logs: View logs from all containers
• Query Logs: Use KQL (Kusto Query Language) for advanced queries
• Alerts: Set up alerts based on log queries

Security Best Practices

• Use Azure Key Vault for all secrets
• Enable Managed Identity for service-to-service authentication
• Use Private Endpoints for database connections
• Enable Azure DDoS Protection
• Configure Network Security Groups

Related Documentation

• Production Deployment Guide - General production deployment
• Security Best Practices - Security configuration
• Troubleshooting Guide - Common issues
• Installation Guide - Initial setup

Last Updated: 2025-01-27