Deployment
StackRivet deploys as a single backend jar plus a static admin bundle. Flyway migrates the database automatically on startup, so a deploy is: build, set environment, run.
Build the artifacts
Section titled “Build the artifacts”# Backend fat jarcd stackrivet-servermvn -pl stackrivet-app -am package -DskipTests # → stackrivet-app/target/stackrivet-app.jar
# Static admin bundlecd ../stackrivet-admin-uipnpm install && pnpm build # → dist/Run the backend
Section titled “Run the backend”Load configuration from the environment, then run the jar:
cd stackrivet-serverset -a && source .env && set +a # STACKRIVET_DB_*, STACKRIVET_SECURITY_JWT_SECRET, REDIS_*, storage credsexport JAVA_HOME=$(/usr/libexec/java_home -v 21) # JDK 21java -jar stackrivet-app/target/stackrivet-app.jarThe app starts Tomcat on :8080, runs Flyway, and is up in roughly 13 seconds. Confirm:
curl http://127.0.0.1:8080/actuator/health # {"status":"UP"}Serve the admin dist/ as static files (e.g. behind Nginx), proxying /api/* and /actuator/* to the backend.
Topologies
Section titled “Topologies”| Shape | Layout |
|---|---|
| Local dev | Vite dev server + Spring Boot + Docker MySQL/PostgreSQL + MinIO |
| Small-team production | Nginx → static admin + Spring Boot app → managed MySQL/PostgreSQL → S3 / OSS |
| Enterprise | Load balancer → multiple app nodes → HA database + enterprise object storage + OIDC/SAML/LDAP |
Because the app aims to be stateless — uploads go straight to object storage, heavy work runs as async tasks, lists are paginated — scaling out is adding nodes behind the load balancer.
Production must-dos
Section titled “Production must-dos”- Object storage, not local disk. Set
STACKRIVET_STORAGE_TYPEtos3oraliyun_oss(see Configure object storage); local files don’t survive a restart or scale-out. - Rotate the seeded admin password. The bootstrap
adminaccount ships with a known development password — change it before exposing the app. - Set a strong
STACKRIVET_SECURITY_JWT_SECRETand keep all secrets in the environment, never in the repo. - Redis is required — it backs JWT revocation and the health check.
- Restrict the actuator/metrics endpoints.
/actuator/healthand/actuator/prometheusare reachable without auth by design; put them behind a network ACL in production. - Managed, backed-up database. Use a managed MySQL/PostgreSQL with a tested backup-and-restore procedure.
Recover from a stuck start
Section titled “Recover from a stuck start”| Symptom | Check |
|---|---|
port 8080 failed to start | lsof -nP -iTCP:8080 -sTCP:LISTEN — kill the stale process |
| Login 401 with the right password | STACKRIVET_SECURITY_JWT_SECRET changed since the token was issued |
| Flyway checksum mismatch | See Database migrations → recover |
Edition boundary
Section titled “Edition boundary”Helm charts, multi-instance HA, and SSO (OIDC/SAML/LDAP) are Enterprise — see the pricing page. Community runs well as a single instance behind Nginx.