Skip to content

Production notes

Before production, decide how you will handle auth, keys, TLS, storage, and limits.

Barq verifies tokens. Your app owns login and token issuing.

Use signed tokens in production. Do not use --allow-unsigned-tokens.

Use --tls-cert and --tls-key, or run behind a trusted TLS proxy.

Clients should use wss:// routes in production.

The server supports tenant limits:

  • --tenant-max-connections
  • --tenant-max-files
  • --tenant-max-open-files
  • --tenant-max-storage-bytes

Tenant limits require per-tenant public keys.

Keep --root-dir on durable storage. Back it up like application data.

If you use per-tenant encryption, store the master secret in a secure secret store.