Production Checklist
This enterprise feature helps you visualize what you need to do before going to production. It lists all the important steps to do:
Best Practice
Once your server is correctly setup, we recommend disabling this page by setting the environment variable BP_DISABLE_SERVER_CONFIG to true.
Enable Botpress Professional
The section about enterprise licensing shows you how to obtain, add, and activate your license. Remember that the Botpress Professional version comes with a lot of enterprise-specific features.
Environment variables:
BP_CONFIG_PRO_ENABLEDBP_CONFIG_PRO_LICENSEKEY
Values in the botpress.config.json file:
pro.enabledpro.licenseKey
Use a Postgre database
You should use a Postgres database instead of a SQlite database. Postgres is more resilient and allows to run Botpress in cluster mode (using multiple servers).
Environment variable:
DATABASE_URL
Use the database BPFS storage
When you set this option, all your bots and configuration files are stored in the database. Only those can be edited while making changes using the interface. Multiple servers can then synchronously access the same latest data.
Environment variable:
BPFS_STORAGE
Run Botpress in production mode
When you run Botpress in production, these changes happen:
- Stack traces when error occurs are hidden.
- Debug logs and logging of standard errors to optimize speed are hidden.
- Some validations for speed are optimized.
- Using multiple servers (cluster mode) is enabled.
Environment variable:
BP_PRODUCTION
Configure the external server URL
Using an external server URL may cause multiple issues in production, like resources not displaying correctly or links not working.
Notes
- By default, Botpress starts an HTTP server on localhost, listening to port 3000.
- When using Botpress Professional, this value is also used to validate your license.
Environment variable:
EXTERNAL_URL
Value in the botpress.config.json file:
httpServer.externalUrl
Enable Redis support
Redis allows you to run multiple Botpress servers using the same data. Only REDIS_URL and CLUSTER_ENABLED are required. Simply use the same URL for Redis and set the BP_REDIS_SCOPE environment variable to prod on your production environment and staging on your staging environment.
Environment variables:
REDIS_URLCLUSTER_ENABLEDBP_REDIS_SCOPE
Restrict CORS to your own domain
You can either disable CORS completely (set to false), or set an allowed origin.
info
By default, Botpress allows any origin to reach the server.
Values in the botpress.config.json file:
httpServer.cors.enabledhttpServer.cors.origin
Enable Cookie storage for the JWT token
Storing the token in cookies adds an additional layer of security for the user's session.
info
You must configure the CORS policy before.
Values in the botpress.config.json file:
jwtToken.useCookieStoragejwtToken.cookieOptionshttpServer.cors.credentials
Host your own language server
The default language server configured with Botpress is a public server with request limitations.
Value in the botpress.config.json file:
nlu.json: languageSources
Securing your server with HTTPS
Botpress doesn't handle certificates and HTTPS headers directly. You should instead use a NGINX server.
Enable audit trail
You should enable a special debug scope. It tracks every sent requests with their user or IP address and save them to a log file.
Enable Sticky Sessions
When using polling as a primary or secondary socket transport, you must enable sticky sessions. If you decide to use Websocket as the only transport, you don't need to enable sticky sessions.
See this documentation for more details: https://socket.io/docs/v4/using-multiple-nodes/#why-is-sticky-session-required.
Value in the botpress.config.json file:
httpServer.socketTransport
Output logs to the filesystem
By default, Botpress does some minimal logging to the database.
Best Practice
You should enable the log output on the file system.
Value in the botpress.config.json file:
logs.fileOutput.enabled
Change Botpress base path
By default, all requests are handled at the top level of the external URL. You can change that path (for example to use http://localhost:3000/botpress) by updating your server's EXTERNAL_URL and adding the suffix at the end.
Create custom roles and review permissions
There is a default set of role and permissions when you create a workspace.
Best Practice
You should review and update them.
Enable other authentication mechanism
The default authentication method is the basic one.
Configure your Reverse Proxy and Load Balancing
Check the documentation for more information
Generate a diagnostic report
This tool will generate a report (diagnostic.txt) after testing the connectivity to various components and ensuring that proper folders are writable. It will also include the configuration files.
info
Passwords and secrets will be obfuscated.