Deployment

Production

View as Markdown

Production Deployment

Deploy agents to production with proper SSL, authentication, monitoring, and scaling. Use uvicorn workers, nginx reverse proxy, and systemd for process management.

Production Checklist

Security

  • HTTPS enabled with valid certificates
  • Basic authentication configured
  • Firewall rules in place
  • No secrets in code or logs

Reliability

  • Process manager (systemd/supervisor)
  • Health checks configured
  • Logging to persistent storage
  • Error monitoring/alerting

Performance

  • Multiple workers for concurrency
  • Reverse proxy (nginx) for SSL termination
  • Load balancing if needed

Environment Variables

$## Authentication (required for production)
$export SWML_BASIC_AUTH_USER="your-username"
$export SWML_BASIC_AUTH_PASSWORD="your-secure-password"
$
$## SSL Configuration
$export SWML_SSL_ENABLED="true"
$export SWML_SSL_CERT_PATH="/etc/ssl/certs/agent.crt"
$export SWML_SSL_KEY_PATH="/etc/ssl/private/agent.key"
$
$## Domain configuration
$export SWML_DOMAIN="agent.example.com"
$
$## Proxy URL (if behind load balancer/reverse proxy)
$export SWML_PROXY_URL_BASE="https://agent.example.com"

Running with Uvicorn Workers

For production, run with multiple workers:

$## Run with 4 workers
$uvicorn my_agent:app --host 0.0.0.0 --port 3000 --workers 4

Create an entry point module:

1## app.py
2from my_agent import MyAgent
3
4agent = MyAgent()
5app = agent._app

Systemd Service

Create /etc/systemd/system/signalwire-agent.service:

1[Unit]
2Description=SignalWire AI Agent
3After=network.target
4
5[Service]
6Type=simple
7User=www-data
8Group=www-data
9WorkingDirectory=/opt/agent
10Environment="PATH=/opt/agent/venv/bin"
11Environment="SWML_BASIC_AUTH_USER=your-username"
12Environment="SWML_BASIC_AUTH_PASSWORD=your-password"
13ExecStart=/opt/agent/venv/bin/uvicorn app:app --host 127.0.0.1 --port 3000 --workers 4
14Restart=always
15RestartSec=5
16
17[Install]
18WantedBy=multi-user.target

Enable and start:

$sudo systemctl enable signalwire-agent
$sudo systemctl start signalwire-agent
$sudo systemctl status signalwire-agent

Nginx Reverse Proxy

1## /etc/nginx/sites-available/agent
2server {
3    listen 443 ssl http2;
4    server_name agent.example.com;
5
6    ssl_certificate /etc/ssl/certs/agent.crt;
7    ssl_certificate_key /etc/ssl/private/agent.key;
8
9    location / {
10        proxy_pass http://127.0.0.1:3000;
11        proxy_http_version 1.1;
12        proxy_set_header Host $host;
13        proxy_set_header X-Real-IP $remote_addr;
14        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
15        proxy_set_header X-Forwarded-Proto $scheme;
16        proxy_set_header X-Forwarded-Host $host;
17        proxy_read_timeout 300s;
18        proxy_connect_timeout 75s;
19    }
20}
21
22server {
23    listen 80;
24    server_name agent.example.com;
25    return 301 https://$server_name$request_uri;
26}

Enable the site:

$sudo ln -s /etc/nginx/sites-available/agent /etc/nginx/sites-enabled/
$sudo nginx -t
$sudo systemctl reload nginx

Production Architecture

Production Architecture.
Production Architecture

SSL Configuration

Using Environment Variables

$export SWML_SSL_ENABLED="true"
$export SWML_SSL_CERT_PATH="/path/to/cert.pem"
$export SWML_SSL_KEY_PATH="/path/to/key.pem"

Let’s Encrypt with Certbot

$## Install certbot
$sudo apt install certbot python3-certbot-nginx
$
$## Get certificate
$sudo certbot --nginx -d agent.example.com
$
$## Auto-renewal is configured automatically

Health Checks

For AgentServer deployments:

$## Health check endpoint
$curl https://agent.example.com/health

Response:

1{
2    "status": "ok",
3    "agents": 1,
4    "routes": ["/"]
5}

For load balancers, use this endpoint to verify agent availability.

Logging Configuration

1import logging
2
3## Configure logging for production
4logging.basicConfig(
5    level=logging.INFO,
6    format='%(asctime)s - %(name)s - %(levelname)s - %(message)s',
7    handlers=[
8        logging.FileHandler('/var/log/agent/agent.log'),
9        logging.StreamHandler()
10    ]
11)

Or use environment variable:

$export SIGNALWIRE_LOG_MODE=default

Monitoring

Prometheus Metrics

Add custom metrics to your agent:

1from prometheus_client import Counter, Histogram, start_http_server
2
3## Start metrics server on port 9090
4start_http_server(9090)
5
6## Define metrics
7call_counter = Counter('agent_calls_total', 'Total calls handled')
8call_duration = Histogram('agent_call_duration_seconds', 'Call duration')

External Monitoring

  • Uptime monitoring: Monitor the health endpoint
  • Log aggregation: Ship logs to ELK, Datadog, or similar
  • APM: Use Application Performance Monitoring tools

Scaling Considerations

Vertical Scaling

  • Increase uvicorn workers (--workers N)
  • Use larger server instances
  • Optimize agent code and external calls

Horizontal Scaling

  • Multiple server instances behind load balancer
  • Stateless agent design
  • Shared session storage (Redis) if needed

Serverless

  • Auto-scaling with Lambda/Cloud Functions
  • Pay per invocation
  • No server management

Security Best Practices

DO:

  • Use HTTPS everywhere
  • Set strong basic auth credentials
  • Use environment variables for secrets
  • Enable firewall and limit access
  • Regularly update dependencies
  • Monitor for suspicious activity

DON’T:

  • Expose debug endpoints in production
  • Log sensitive data
  • Use default credentials
  • Disable SSL verification
  • Run as root user