Deploying to Production: Docker, CI/CD & Monitoring

Deployment isn't just git push and hope. Production systems need container orchestration, reverse proxies, health checks, CI/CD pipelines, monitoring, and zero-downtime rollouts. This chapter walks through the complete production stack.

The Production Stack

                    ┌─────────────────────┐
                    │   Cloudflare / CDN   │  ← Global edge cache, DDoS protection
                    └──────────┬──────────┘
                               │
                    ┌──────────▼──────────┐
                    │    Nginx (reverse    │  ← SSL termination, static files, rate limit
                    │    proxy)            │
                    └──────┬─────┬────────┘
                           │     │
              ┌────────────▼┐  ┌────────────▼┐
              │  FastAPI     │  │  FastAPI     │  ← Multiple app instances
              │  (container) │  │  (container) │
              └──────┬───────┘  └──────┬───────┘
                     │                │
              ┌──────▼────────────────▼──────┐
              │       PostgreSQL             │  ← Database (separate container)
              └──────────────────────────────┘

Docker Compose — Multi-Service Setup

A single docker-compose.yml defines your entire production infrastructure:

PYTHON PLAYGROUND

⏳ Loading editor…

Nginx Configuration

Nginx is the gateway to your application — it handles SSL termination, static files, rate limiting, and load balancing:

# nginx/nginx.conf
upstream fastapi_backend {
    least_conn;                    # Distribute to least busy server
    server api:8000;
    server api:8000;               # Multiple instances via Docker replicas
}

server {
    listen 80;
    server_name techcoder.io;
    return 301 https://$server_name$request_uri;  # Force HTTPS
}

server {
    listen 443 ssl http2;
    server_name techcoder.io;

    ssl_certificate /etc/nginx/ssl/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;

    # Security headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header Strict-Transport-Security "max-age=31536000" always;

    # Rate limiting (100 req/s per IP)
    limit_req_zone $binary_remote_addr zone=api_limit:10m rate=100r/s;
    limit_req zone=api_limit burst=50 nodelay;

    # Static files (served directly by Nginx — no Python overhead)
    location /static/ {
        alias /app/static/;
        expires 30d;
        add_header Cache-Control "public, immutable";
    }

    # API routes (reverse proxy to FastAPI)
    location / {
        proxy_pass http://fastapi_backend;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

        # Timeouts
        proxy_read_timeout 30s;
        proxy_connect_timeout 5s;
    }

    # Health check endpoint (no auth required)
    location /health {
        proxy_pass http://fastapi_backend/health;
        access_log off;
    }
}

GitHub Actions CI/CD Pipeline

PYTHON PLAYGROUND

⏳ Loading editor…

Monitoring with Prometheus + Grafana

# app/main.py
from prometheus_fastapi_instrumentator import Instrumentator

app = FastAPI()

# Add Prometheus metrics middleware (automatic!)
Instrumentator().instrument(app).expose(app)

# This auto-collects:
# - http_requests_total (count by method, path, status)
# - http_request_duration_seconds (P50, P95, P99)
# - http_requests_in_progress
# - python_gc_collections_total
# - process_virtual_memory_bytes

Grafana dashboard: Import FastAPI dashboard template #15469 for instant visibility.

Production Deployment Checklist

PYTHON PLAYGROUND

⏳ Loading editor…

Zero-Downtime Deployment Pattern

# 1. Build new image
docker compose build api

# 2. Start new containers alongside old ones
docker compose up -d --no-deps --scale api=4 api
# Now running: old (2) + new (2) = 4 total

# 3. Wait for new containers to be healthy
docker compose exec -T api curl -f http://localhost:8000/health

# 4. Stop old containers
docker compose up -d --no-deps --scale api=2 api
# Docker removes the oldest containers, keeping new ones

# 5. Old containers drain existing requests, new ones handle incoming
# Result: Zero dropped requests, no downtime

AI Mentor

Confused about "FastAPI production deployment Docker Compose Nginx reverse proxy GitHub Actions CI/CD Prometheus monitoring zero-downtime"? Ask our AI mentor for a simplified explanation.

Quiz

Question 1 of 10

Why use Nginx as a reverse proxy instead of exposing FastAPI directly?

FastAPI can't handle HTTP

Nginx handles SSL termination, static files, rate limiting, and load balancing — FastAPI focuses on app logic

Nginx is required by Docker

FastAPI is too slow for production

Key Takeaways

✅ Docker Compose orchestrates your entire stack — app, DB, cache, proxy.
✅ Nginx handles SSL, static files, rate limiting — let FastAPI do app logic.
✅ CI/CD (GitHub Actions) automates testing, linting, and deployment.
✅ Prometheus + Grafana for real-time monitoring and alerting.
✅ Zero-downtime deploys with rolling updates and health checks.
✅ Production checklist — never deploy without security, monitoring, and backups.

Python Web Development Module Complete! 🎉

You've mastered the complete Python web stack: HTTP protocol fundamentals, production API clients with httpx, FastAPI architecture and middleware, JWT authentication with RBAC, database integration with connection pooling and query optimization, modern frontend with HTMX and WebSockets, and production deployment with Docker and CI/CD.

This is exactly what companies pay senior backend engineers to build. Keep coding! 🚀