Best Practices and Production Recommendations | LinaPro.AI - AI-native full-stack framework for sustainable delivery

Version: 0.4.x(Latest)

Introduction

Before going live, at least check these configurations to ensure system stability, security, and observability in the production environment. This section provides a configuration checklist and best practice recommendations.

Static Configuration Checklist

Item	Recommendation
`jwt.secret`	Replace default value with a randomly generated strong key
`database.default.link`	Point to production `PostgreSQL`; do not use demo connection strings
`database.default.debug`	Keep `false` to avoid leaking `SQL` details
`logger.extensions.structured`	Enable structured logging in production
`workspace.basePath`	Keep `/admin` or use `/` for independent admin domain; do not occupy reserved paths; default workspace address locally is `http://localhost:5666/admin`
`scheduler.defaultTimezone`	Set according to business timezone
`cluster.redis`	Use independent, reliable, authenticated `Redis` instance in cluster mode
`plugin.allowForceUninstall`	Decide based on organizational governance requirements
`plugin.autoEnable`	Carefully enable demo data in production

Runtime Parameter Checklist

Item	Recommendation
`sys.jwt.expire`	Set reasonable token expiration per security policy; adjustable anytime via admin console
`sys.login.blackIPList`	Configure `IP` blacklist based on security needs; supports exact addresses and `CIDR` ranges
`sys.log.retentionDays`	Set log retention days based on disk capacity and compliance requirements
`cron.log.retention`	Set reasonable log cleanup policy based on task execution frequency; avoid unbounded log table growth
`sys.ui.watermark.enabled`	Enable watermark when data leakage prevention is needed

Security Recommendations

Sensitive Configuration Management

JWT Key: Production must replace the default jwt.secret with a randomly generated strong key; do not commit real keys to the source repository
Database Connection: Ensure database connection string passwords are secure; use environment variables or key management services
Redis Password: Redis instances in cluster mode should enable authentication with strong passwords

Access Control

IP Blacklist: Reasonably configure sys.login.blackIPList to restrict suspicious IP access
Force Uninstall: Decide whether to enable plugin.allowForceUninstall based on organizational governance requirements
Demo Data: Carefully enable withMockData in plugin.autoEnable for production

Logging and Auditing

Structured Logging: Enable logger.extensions.structured in production for log collection and analysis
Log Retention: Set reasonable sys.log.retentionDays based on disk capacity and compliance requirements
Task Logs: Configure cron.log.retention to avoid unbounded scheduled task log growth

Configuration Boundaries

Admin Workspace Path

workspace.basePath cannot use main framework reserved paths. The following paths and their sub-paths are prohibited:

Reserved Path	Purpose
`/api`	Main framework `REST API` root path
`/api/v1`	Main framework `REST API v1` namespace
`/x`	Plugin `API` and extension routes
`/x-assets`	Plugin asset distribution
`/plugin-assets`	Plugin static assets

If a conflict is detected at startup, the main framework will panic directly.

Cluster Mode Requirements

When cluster is enabled, coordination must be set to "redis" (the only currently supported coordination backend), and redis.address must be non-empty, otherwise the main framework will error at startup.

Health Probe Timeout

health.timeout directly affects deployment observability and orchestration system decisions. In containerized deployments, health probe timeouts should not be set too long, otherwise faulty nodes will be removed later. Duration fields require second-alignment and must be at least 1s.

Best Practices Summary

Environment Separation: Use different configuration files for development, testing, and production environments
Sensitive Information: Use environment variables or key management services for sensitive configuration
Configuration Validation: Validate all required configuration items before going live
Monitoring Alerts: Configure reasonable health probes and log monitoring
Backup Strategy: Regularly back up databases and configuration files
Documentation Maintenance: Keep configuration documentation in sync with actual configuration

Introduction​

Static Configuration Checklist​

Runtime Parameter Checklist​

Security Recommendations​

Sensitive Configuration Management​

Access Control​

Logging and Auditing​

Configuration Boundaries​

Admin Workspace Path​

Cluster Mode Requirements​

Health Probe Timeout​

Best Practices Summary​