Skip to content
Rack Gateway

Convox Deployment

Rack Gateway deploys as a single Convox service that serves the API and the web UI. An optional admin service is included in convox.yml for running migrations or admin tasks.

Prerequisites

Section titled “Prerequisites”
  • Convox CLI authenticated against your rack
  • Google OAuth client configured (see OAuth Setup)
  • PostgreSQL database (Convox resource or external)

Deployment Steps

Section titled “Deployment Steps”

  1. Set required environment variables

    Terminal window
    convox env set \
      DOMAIN=gateway.example.com \
      APP_SECRET_KEY=$(openssl rand -base64 32) \
      GOOGLE_CLIENT_ID=your-client-id \
      GOOGLE_CLIENT_SECRET=your-client-secret \
      GOOGLE_ALLOWED_DOMAIN=example.com \
      ADMIN_USERS=admin@example.com \
      RACK_TOKEN=your-convox-rack-token

  2. (Optional) Configure audit anchors

    Terminal window
    convox env set \
      AUDIT_HMAC_SECRET=your-hmac-secret \
      AUDIT_ANCHOR_BUCKET=your-worm-bucket \
      AUDIT_ANCHOR_CHAIN_ID=production \
      AUDIT_ANCHOR_RETENTION_DAYS=400

  3. Deploy

    Terminal window
    convox deploy -a rack-gateway

  4. Verify

    Terminal window
    curl -s https://gateway.example.com/api/v1/health

Environment Variables

Section titled “Environment Variables”

Required

Section titled “Required”
VariableDescription
DOMAINGateway domain (used for OAuth redirects)
APP_SECRET_KEYSession/CSRF secret
GOOGLE_CLIENT_IDOAuth client ID
GOOGLE_CLIENT_SECRETOAuth client secret
GOOGLE_ALLOWED_DOMAINAllowed email domain
ADMIN_USERSComma-separated bootstrap admin emails
RACK_TOKENConvox rack API token
Section titled “Recommended”
VariableDescription
AUDIT_HMAC_SECRETHMAC chain secret (required in production)
RACK_ALIASShort rack identifier
RACK_DISPLAY_NAMEHuman-readable rack name

Optional

Section titled “Optional”
VariableDescription
RACK_HOSTConvox rack API URL (override)
POSTMARK_API_TOKENEmail notifications
SLACK_CLIENT_IDSlack integration
SLACK_CLIENT_SECRETSlack integration

Database Configuration

Section titled “Database Configuration”

Using Convox PostgreSQL Resource

Section titled “Using Convox PostgreSQL Resource”
Terminal window
convox resources create postgres --name gateway-db
convox resources link gateway-db -a rack-gateway

Convox automatically sets DATABASE_URL for linked apps.

Using External PostgreSQL

Section titled “Using External PostgreSQL”
Terminal window
convox env set DATABASE_URL=postgres://user:pass@host:5432/rack_gateway

Running Migrations

Section titled “Running Migrations”

Use the admin service in convox.yml for database tasks:

Terminal window
convox run admin -- ./rack-gateway-api migrate -a rack-gateway

Convox Manifest

Section titled “Convox Manifest”

The repository ships a production-ready convox.yml that defines:

  • gateway service (API + web UI)
  • admin service (on-demand maintenance)
  • CloudWatch retention via LOG_RETENTION_DAYS in appSettings

Keep the manifest in sync with your deployment.