MasterController

Deployment & HTTPS

Take your API to production, securely.

A MasterController API is a plain Node process — deploy it anywhere Node runs. The recommended setup: HTTPS (direct or via proxy), a process manager, and NODE_ENV=production.

Production server#

server.js (https)
import { readFileSync } from 'node:fs';

const server = master.setupServer('https', {
  key: readFileSync(process.env.TLS_KEY),
  cert: readFileSync(process.env.TLS_CERT),
});
master.enableHSTS({ maxAge: 31536000, includeSubDomains: true, preload: true });

Process manager (PM2)#

terminal
$ npm install -g pm2
$ NODE_ENV=production PORT=3001 pm2 start server.js --name my-app-api
$ pm2 save
$ pm2 startup

Behind a reverse proxy#

Terminate TLS at nginx/Caddy and forward to the app — a common split:

text
https://example.com/       -> Next.js   (:3000)
https://api.example.com/   -> MasterController (:3001)

Set FRONTEND_URL (for CORS) and trustedProxies so forwarded headers are honored only from your proxy.

HTTP → HTTPS redirect
Always pass an explicit allowed-hosts list to the redirect helper to prevent open-redirect attacks: master.startHttpToHttpsRedirect(80, '0.0.0.0', ['example.com']).

With the Master CLI#

If you scaffolded with Master, one command runs both halves in production:

terminal
$ master build      # builds the Next.js frontend
$ NODE_ENV=production master start
Security
The full production checklist.
Master Deployment
Deploy the whole monorepo.
PreviousMonitoring & Scaling
Improve this page on GitHub