Production Best Practices
This guide covers production best practices for deploying and managing Browserless Enterprise Docker containers at scale.
1. Security Hardening
Use Secrets Management
Never store sensitive credentials in environment variables or code. Use Docker secrets or a secrets management system:
# Docker Compose with secrets
services:
browserless:
image: registry.browserless.io/browserless/browserless/enterprise:latest
secrets:
- browserless_key
- browserless_token
environment:
- KEY_FILE=/run/secrets/browserless_key
- TOKEN_FILE=/run/secrets/browserless_token
secrets:
browserless_key:
file: ./secrets/license_key.txt
browserless_token:
file: ./secrets/api_token.txt
Network Isolation
Isolate Browserless containers from external networks and use a reverse proxy for external access:
services:
browserless:
networks:
- internal
# Don't expose ports externally; use reverse proxy
nginx:
networks:
- internal
- external
ports:
- "443:443"
networks:
internal:
internal: true
external:
Minimize Attack Surface
Disable unnecessary features to reduce potential security vulnerabilities:
# Disable unnecessary features
-e ALLOW_GET=false \
-e ALLOW_FILE_PROTOCOL=false \
-e ENABLE_CORS=false
2. Performance Tuning
Optimize Concurrency Settings
Match your concurrency settings to your workload patterns and available resources. Key settings include CONCURRENT (active sessions), QUEUED (waiting requests, typically 1.5-2x concurrent), and TIMEOUT (session timeout in milliseconds). See the Configuration Reference for detailed guidance on these settings.
Resource Limits
Define resource limits to prevent containers from consuming excessive resources:
deploy:
resources:
limits:
cpus: '8'
memory: 16G
reservations:
cpus: '4'
memory: 8G
Sizing Guide:
- Light workload (5-10 concurrent): 2 CPU, 4GB RAM
- Medium workload (10-20 concurrent): 4 CPU, 8GB RAM
- Heavy workload (20-50 concurrent): 8+ CPU, 16GB+ RAM
Connection Pooling
Reuse browser contexts instead of creating new browsers for better performance:
// Good: Reuse browser connection and create multiple pages
const browser = await puppeteer.connect({
browserWSEndpoint: 'ws://localhost:3000?token=your-token-here'
});
const page1 = await browser.newPage();
const page2 = await browser.newPage();
// Avoid: Creating new browser connections repeatedly
// const browser1 = await puppeteer.connect(...);
// const browser2 = await puppeteer.connect(...);
Performance Tips
- Use
--disable-dev-shm-usagefor stability in containerized environments - Enable
HEALTHchecks to prevent overload (reject requests when resources are high) - Monitor
/pressureendpoint to track system load - Use headless mode (default) for better performance
3. Monitoring & Observability
Health Checks
Implement Docker health checks using the /pressure endpoint to monitor container availability and resource usage. Configure the HEALTH environment variable to enable pre-request health checks that reject requests when CPU or memory thresholds are exceeded. See the Configuration Reference for all health check options.
Metrics Collection
Persist metrics for long-term analysis and alerting:
# Persist metrics
-e METRICS_JSON_PATH=/metrics/metrics.json \
-v ./metrics:/metrics
# Query metrics endpoint
curl http://localhost:3000/metrics
Key Metrics to Monitor:
- Session metrics: Total sessions, successful, failed, timeouts
- Queue metrics: Queue depth, queue wait time, rejections
- Resource metrics: CPU usage, memory usage, disk usage
- Performance metrics: Average session duration, p95/p99 latency
Webhook Monitoring
Configure webhooks to receive real-time alerts for critical events like queuing, timeouts, errors, and health failures. See the Webhooks guide for complete configuration details and payload examples.
Logging Best Practices
Configure appropriate logging levels for production:
# Production: Minimal logging
-e DEBUG=browserless:*
# Debugging: Verbose logging (temporary only)
-e DEBUG=*
# Turn off debug logs
-e DEBUG=-*
Avoid running DEBUG=* in production as it generates excessive logs and impacts performance.
4. High Availability
Multi-Instance Deployment
Deploy multiple Browserless containers behind a load balancer for redundancy and horizontal scale. This architecture provides:
- High availability: Automatic failover if an instance becomes unhealthy
- Load distribution: Balance traffic across instances based on connection count or other metrics
- Zero downtime deployments: Update instances one at a time without service interruption
- Horizontal scaling: Add capacity by deploying more instances
For complete setup instructions including Docker Compose configurations, NGINX setup, health checks, and SSL configuration, see the NGINX Load Balancing guide.
Auto-Scaling Strategies
Horizontal Scaling:
- Monitor queue depth via
/pressureendpoint - Scale up when queue is consistently high
- Scale down when instances are underutilized
Vertical Scaling:
- Increase
CONCURRENTsetting when adding resources - Monitor CPU/memory to determine when to scale vertically
Kubernetes Auto-Scaling:
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: browserless-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: browserless
minReplicas: 2
maxReplicas: 10
metrics:
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: 70
5. Data Persistence
Volume Management
Define volumes for persistent data:
volumes:
# User data (cookies, local storage)
- browserless_data:/user_data
# Downloaded files
- browserless_downloads:/downloads
# Metrics history
- browserless_metrics:/metrics
# Custom fonts
- ./fonts:/usr/share/fonts/custom:ro
volumes:
browserless_data:
driver: local
browserless_downloads:
driver: local
browserless_metrics:
driver: local
Backup Strategy
Implement regular backups for important data:
# Backup metrics
docker cp browserless:/metrics/metrics.json ./backups/metrics-$(date +%Y%m%d).json
# Backup user data
docker run --rm -v browserless_data:/data -v $(pwd)/backups:/backup \
alpine tar czf /backup/user-data-$(date +%Y%m%d).tar.gz /data
Backup Schedule Recommendations:
- Metrics: Daily backups, retain 30 days
- User data: Weekly backups, retain 4 weeks
- Configuration: On every change, version controlled
Disaster Recovery
Prepare for disaster recovery:
- Document your setup: Keep docker-compose files and configurations in version control
- Test restores regularly: Verify backups can be restored successfully
- Have fallback instances: Keep standby instances in different regions/zones
- Monitor external dependencies: Track docker registry availability
6. CI/CD Integration
Automated Testing
Test Browserless integration in your CI pipeline:
# GitHub Actions example
jobs:
test:
runs-on: ubuntu-latest
services:
browserless:
image: registry.browserless.io/browserless/browserless/enterprise:latest
ports:
- 3000:3000
env:
TOKEN: test-token
steps:
- name: Run browser tests
run: npm test
env:
BROWSERLESS_URL: ws://localhost:3000
Deployment Pipeline
Implement a safe deployment pipeline:
- Pull new image in staging environment
- Run smoke tests against staging
- Rolling update in production (one instance at a time)
- Monitor metrics after deployment
- Rollback if issues detected
Configuration Management
Use environment-specific configurations:
# Use different env files per environment
docker run --env-file .env.production ... # Production
docker run --env-file .env.staging ... # Staging
docker run --env-file .env.development ... # Development
Summary Checklist
Before going to production, ensure:
- Secrets are managed securely (not in plaintext)
- Network isolation is configured
- Resource limits are set appropriately
- Health checks are enabled
- Monitoring and alerting are configured
- Multiple instances are deployed (HA)
- Load balancer is configured with health checks
- Data volumes are backed up regularly
- Disaster recovery plan is documented
- CI/CD pipeline includes Browserless tests
- Documentation is updated for your team
Related Guides
- Docker Configuration Reference - All environment variables
- NGINX Load Balancing - Load balancer setup
- Webhooks - Event notifications and alerts