🚀 Deploy MCP ADR Analysis Server To Production
Complete production deployment guide for enterprise environments
Version: 2.1.0 | Target: Production environments | Security: Enterprise-grade
📋 Prerequisites
System Requirements
- Node.js: ≥20.0.0 (LTS recommended)
- NPM: ≥9.0.0
- Memory: Minimum 2GB RAM, 4GB+ recommended
- Storage: 1GB+ free space for cache and logs
- Network: HTTPS access to OpenRouter.ai API
Security Requirements
- API Keys: OpenRouter.ai API key with appropriate limits
- Environment: Isolated production environment
- Permissions: Non-root user with limited privileges
- Monitoring: Log aggregation and monitoring setup
Infrastructure Prerequisites
- Load Balancer: For high availability (optional)
- Process Manager: PM2 or systemd for process management
- Reverse Proxy: Nginx or similar (recommended)
- SSL/TLS: Valid certificates for HTTPS
🔧 Production Deployment Steps
1. Environment Preparation
# Create dedicated user for MCP server
sudo useradd -m -s /bin/bash mcpserver
sudo usermod -aG sudo mcpserver
# Switch to MCP server user
sudo su - mcpserver
# Create application directory
mkdir -p /opt/mcp-adr-analysis-server
cd /opt/mcp-adr-analysis-server
2. Install MCP ADR Analysis Server
# Install globally from NPM
npm install -g mcp-adr-analysis-server@2.1.0
# Verify installation
mcp-adr-analysis-server --version
# Should output: MCP ADR Analysis Server v2.1.0
# Alternative: Install from source
git clone https://github.com/tosin2013/mcp-adr-analysis-server.git
cd mcp-adr-analysis-server
npm install
npm run build
npm test # Ensure all tests pass
3. Production Configuration
# Create production environment file
cat > /opt/mcp-adr-analysis-server/.env.production << 'EOF'
# MCP ADR Analysis Server Production Configuration
NODE_ENV=production
EXECUTION_MODE=full
# API Configuration
OPENROUTER_API_KEY=your_production_api_key_here
OPENROUTER_MODEL=anthropic/claude-3.5-sonnet
# Project Configuration
PROJECT_PATH=/opt/mcp-adr-analysis-server/projects
ADR_DIRECTORY=./adrs
LOG_LEVEL=info
# Security Configuration
ENABLE_CONTENT_MASKING=true
MASKING_STRATEGY=full
SECURITY_SCAN_ENABLED=true
# Performance Configuration
CACHE_ENABLED=true
CACHE_TTL=3600
MAX_CONCURRENT_REQUESTS=10
# Monitoring Configuration
ENABLE_METRICS=true
METRICS_PORT=9090
HEALTH_CHECK_PORT=8080
EOF
# Set secure permissions
chmod 600 /opt/mcp-adr-analysis-server/.env.production
4. Process Management with PM2
# Install PM2 globally
npm install -g pm2
# Create PM2 ecosystem file
cat > /opt/mcp-adr-analysis-server/ecosystem.config.js << 'EOF'
module.exports = {
apps: [{
name: 'mcp-adr-analysis-server',
script: 'mcp-adr-analysis-server',
cwd: '/opt/mcp-adr-analysis-server',
env_file: '/opt/mcp-adr-analysis-server/.env.production',
instances: 2,
exec_mode: 'cluster',
max_memory_restart: '2G',
error_file: '/var/log/mcp-adr-analysis-server/error.log',
out_file: '/var/log/mcp-adr-analysis-server/out.log',
log_file: '/var/log/mcp-adr-analysis-server/combined.log',
time: true,
autorestart: true,
max_restarts: 10,
min_uptime: '10s',
watch: false,
ignore_watch: ['node_modules', 'logs', '.git'],
env: {
NODE_ENV: 'production',
PORT: 3000
}
}]
};
EOF
# Create log directory
sudo mkdir -p /var/log/mcp-adr-analysis-server
sudo chown mcpserver:mcpserver /var/log/mcp-adr-analysis-server
# Start the application
pm2 start ecosystem.config.js
pm2 save
pm2 startup
5. Reverse Proxy Configuration (Nginx)
# Create Nginx configuration
sudo cat > /etc/nginx/sites-available/mcp-adr-analysis-server << 'EOF'
server {
listen 80;
server_name your-domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name your-domain.com;
# SSL Configuration
ssl_certificate /path/to/your/certificate.crt;
ssl_certificate_key /path/to/your/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
ssl_prefer_server_ciphers off;
# Security Headers
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
# Rate Limiting
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
limit_req zone=api burst=20 nodelay;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_read_timeout 300s;
proxy_connect_timeout 75s;
}
# Health check endpoint
location /health {
proxy_pass http://127.0.0.1:8080/health;
access_log off;
}
# Metrics endpoint (restrict access)
location /metrics {
allow 10.0.0.0/8;
allow 172.16.0.0/12;
allow 192.168.0.0/16;
deny all;
proxy_pass http://127.0.0.1:9090/metrics;
}
}
EOF
# Enable the site
sudo ln -s /etc/nginx/sites-available/mcp-adr-analysis-server /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
6. Monitoring and Logging
# Install monitoring tools
npm install -g @pm2/io
# Configure log rotation
sudo cat > /etc/logrotate.d/mcp-adr-analysis-server << 'EOF'
/var/log/mcp-adr-analysis-server/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 644 mcpserver mcpserver
postrotate
pm2 reloadLogs
endscript
}
EOF
# Set up system monitoring
pm2 install pm2-server-monit
🔍 Production Validation
Health Checks
# Test server health
curl -f http://localhost:8080/health
# Expected: {"status":"healthy","timestamp":"..."}
# Test MCP functionality
mcp-adr-analysis-server --test
# Expected: ✅ Health check passed
# Test API endpoints
curl -X POST http://localhost:3000/mcp \
-H "Content-Type: application/json" \
-d '{"method":"tools/list"}'
Performance Testing
# Install testing tools
npm install -g autocannon
# Load test the server
autocannon -c 10 -d 30 http://localhost:3000/health
# Memory usage monitoring
pm2 monit
Security Validation
# Run security scan
npm audit
gitleaks detect --source . --verbose
# Test content masking
curl -X POST http://localhost:3000/mcp \
-H "Content-Type: application/json" \
-d '{"method":"tools/call","params":{"name":"analyze_content_security","arguments":{"content":"API_KEY=secret123"}}}'
🚨 Production Troubleshooting
Common Issues
1. Server Won't Start
# Check logs
pm2 logs mcp-adr-analysis-server
# Check configuration
mcp-adr-analysis-server --config
# Verify environment
cat /opt/mcp-adr-analysis-server/.env.production
2. High Memory Usage
# Monitor memory
pm2 monit
# Restart if needed
pm2 restart mcp-adr-analysis-server
# Check for memory leaks
node --inspect mcp-adr-analysis-server
3. API Rate Limiting
# Check OpenRouter API usage
curl -H "Authorization: Bearer $OPENROUTER_API_KEY" \
https://openrouter.ai/api/v1/auth/key
# Adjust rate limits in nginx
sudo nano /etc/nginx/sites-available/mcp-adr-analysis-server
🔒 Security Best Practices
API Key Management
- Use environment variables, never hardcode keys
- Rotate API keys regularly (monthly recommended)
- Monitor API usage and set appropriate limits
- Use separate keys for different environments
Network Security
- Enable HTTPS only (no HTTP)
- Use strong SSL/TLS configuration
- Implement rate limiting
- Restrict access to metrics endpoints
System Security
- Run as non-root user
- Keep system and dependencies updated
- Enable firewall (UFW/iptables)
- Regular security audits
📊 Monitoring and Maintenance
Daily Checks
- Server health status
- Memory and CPU usage
- Error log review
- API rate limit status
Weekly Maintenance
- Log rotation and cleanup
- Security updates
- Performance metrics review
- Backup verification
Monthly Tasks
- API key rotation
- Security audit
- Dependency updates
- Capacity planning review
🆘 Emergency Procedures
Server Down
- Check PM2 status:
pm2 status - Review logs:
pm2 logs --lines 100 - Restart if needed:
pm2 restart mcp-adr-analysis-server - Check system resources:
htop,df -h
High Load
- Scale horizontally:
pm2 scale mcp-adr-analysis-server +2 - Enable caching: Verify
CACHE_ENABLED=true - Check rate limiting: Review nginx configuration
- Monitor API usage: Check OpenRouter dashboard
Security Incident
- Isolate server: Block suspicious IPs
- Rotate API keys: Generate new OpenRouter key
- Review logs: Check for unauthorized access
- Update security: Apply patches immediately
📚 Additional Resources
- Configuration Guide - Detailed configuration options
- Security Guide - Security best practices
- Troubleshooting Guide - Common issues and solutions
- API Reference - Complete API documentation
🎯 Production Deployment Checklist
- System requirements met
- Security requirements implemented
- MCP server installed and configured
- Process management setup (PM2)
- Reverse proxy configured (Nginx)
- Monitoring and logging enabled
- Health checks passing
- Security validation complete
- Emergency procedures documented
- Team trained on operations
Your MCP ADR Analysis Server is now production-ready! 🚀
3. Verify results
# Verification command
echo "Verify success"
Troubleshooting
If you encounter issues:
- Check condition 1
- Verify setting 2