This guide provides step-by-step instructions for deploying Sectoolbox to production using Vercel (frontend + serverless functions) and Railway (backend + Redis).

• Prerequisites
• Architecture Overview
• Vercel Deployment
• Railway Deployment
• Environment Configuration
• DNS Configuration
• Post-Deployment
• Troubleshooting

1. GitHub Account - For repository hosting
2. Vercel Account - For frontend hosting (free tier available)
3. Railway Account - For backend hosting (5 USD credit included)

# Install Git
git --version

# Install Node.js 20+
node --version

# Install Railway CLI (optional, for local testing)
npm install -g @railway/cli

# Install Vercel CLI (optional, for local testing)
npm install -g vercel

Obtain API keys for external services:

1. VirusTotal - https://www.virustotal.com/gui/join-us
2. Have I Been Pwned - https://haveibeenpwned.com/API/Key
3. HackerTarget (optional) - https://hackertarget.com/ip-tools/
4. AbuseIPDB (optional) - https://www.abuseipdb.com/api
5. AlienVault OTX (optional) - https://otx.alienvault.com/

GitHub Repository
       ├─────────────┬─────────────┐
       │             │             │
   Vercel         Railway       Your DNS
  (Frontend)     (Backend)     (Optional)
       │             │             │
   CDN Edge      Private Net    Domain
  + Serverless   + Redis       sectoolbox.cc

Vercel Hosts:

• React frontend (static files)
• Serverless API functions (/api)

Railway Hosts:

• Express backend server
• Redis database
• Background workers

1. Go to https://github.com/sectoolbox/sectoolbox
2. Click "Fork" button (top right)
3. Select your account
4. Wait for fork to complete

1. Go to https://vercel.com/new
2. Click "Import Project"
3. Select "Import Git Repository"
4. Choose your forked repository
5. Click "Import"

Vercel should auto-detect settings, but verify:

Framework Preset: Vite
Build Command: npm run build
Output Directory: dist
Install Command: npm install

In Vercel dashboard, go to "Settings" → "Environment Variables":

Required:

# Threat Intel API Keys
VIRUSTOTAL_API_KEY=your_virustotal_key_here
HIBP_API_KEY=your_hibp_key_here

# Backend Connection (leave empty for now, will update after Railway)
VITE_BACKEND_API_URL=
VITE_BACKEND_WS_URL=
VITE_BACKEND_ENABLED=false

Optional:

ABUSEIPDB_API_KEY=your_abuseipdb_key_here
ALIENVAULT_API_KEY=your_alienvault_key_here
HACKERTARGET_API_KEY=your_hackertarget_key_here

1. Click "Deploy" button
2. Wait for build to complete (2-3 minutes)
3. Vercel will provide a URL: https://your-project.vercel.app

1. Go to https://railway.app/new
2. Click "Deploy from GitHub repo"
3. Select your forked repository
4. Click "Deploy Now"

1. In Railway dashboard, click "New"
2. Select "Database"
3. Choose "Redis"
4. Wait for provisioning (1 minute)

1. Click on your backend service
2. Go to "Settings"
3. Set "Root Directory" to backend
4. Set "Start Command" to npm start

In Railway dashboard, go to backend service → "Variables":

# Node Environment
NODE_ENV=production
PORT=8080

# Redis Connection (automatically provided by Railway)
REDIS_URL=${{Redis.REDIS_URL}}

# CORS Configuration
ALLOWED_ORIGINS=https://your-project.vercel.app

# File Storage
STORAGE_PATH=/app/storage
MAX_FILE_SIZE=2147483648

# Optional: Threat Intel Keys (if not using Vercel's)
VIRUSTOTAL_API_KEY=your_key_here
HIBP_API_KEY=your_key_here

1. Railway auto-deploys on push to main branch
2. Wait for build to complete (5-7 minutes)
3. Railway provides a URL: https://your-backend.railway.app

For better performance, run workers as separate service:

1. Click "New" → "Empty Service"
2. Connect same GitHub repo
3. Set "Root Directory" to backend
4. Set "Start Command" to npm run start:worker
5. Add same environment variables
6. Deploy

1. Go to Vercel dashboard
2. Navigate to "Settings" → "Environment Variables"
3. Update these variables:

VITE_BACKEND_ENABLED=true
VITE_BACKEND_API_URL=https://your-backend.railway.app
VITE_BACKEND_WS_URL=wss://your-backend.railway.app
VITE_RAILWAY_API_URL=https://your-backend.railway.app

4. Redeploy frontend (Vercel → "Deployments" → "Redeploy")

1. Go to Railway dashboard
2. Update ALLOWED_ORIGINS variable:

ALLOWED_ORIGINS=https://your-project.vercel.app,https://your-domain.com

3. Railway will auto-redeploy

If using Vercel's free domain (your-project.vercel.app), skip this section.

1. In Vercel dashboard, go to "Settings" → "Domains"
2. Add your domain: sectoolbox.cc
3. Follow Vercel's instructions to:
   • Update nameservers at your registrar
   • Wait for DNS propagation (up to 48 hours)

Configure these DNS records at your provider:

Type    Name    Value                           TTL
A       @       76.76.21.21                     3600
CNAME   www     cname.vercel-dns.com            3600
CNAME   *       cname.vercel-dns.com            3600

Then in Vercel dashboard:

1. Go to "Settings" → "Domains"
2. Add domain: sectoolbox.cc
3. Vercel will verify DNS and provision SSL certificate

ALLOWED_ORIGINS=https://sectoolbox.cc,https://www.sectoolbox.cc

Frontend:

• Website loads at Vercel URL
• All pages accessible
• Client-side tools work (crypto, image analysis)
• No console errors

Backend:

• Health check: https://backend.railway.app/health
• Returns {"status":"ok"}
• WebSocket connection works
• File uploads successful

Serverless Functions:

• Threat intel lookups work
• Nmap scanning works (if API key provided)
• No CORS errors

Integration:

• PCAP upload → analysis → results
• Event log upload → parsing → display
• Audio upload → spectrogram generation
• WebSocket real-time updates working

# Test backend response time
curl -w "@curl-format.txt" -o /dev/null -s https://backend.railway.app/health

# Test frontend load time
curl -w "@curl-format.txt" -o /dev/null -s https://sectoolbox.cc

# Test file upload (with actual file)
curl -X POST https://backend.railway.app/api/v1/pcap/analyze \
  -F "[email protected]" \
  -F "depth=full"

Vercel Analytics:

1. Enable in Vercel dashboard
2. View metrics: "Analytics" tab

Railway Metrics:

1. View in Railway dashboard
2. Monitor: CPU, Memory, Network

External Monitoring:

1. UptimeRobot: https://uptimerobot.com
2. Add monitors for:
   • Frontend: https://sectoolbox.cc
   • Backend: https://backend.railway.app/health

Problem: Website shows "Failed to load"

# Check Vercel build logs
# Ensure all dependencies installed
# Verify environment variables set

Problem: "Backend not available"

# Verify VITE_BACKEND_API_URL is correct
# Check VITE_BACKEND_ENABLED=true
# Redeploy frontend after changing env vars

Problem: CORS errors in browser console

# Update Railway ALLOWED_ORIGINS
# Must include exact protocol and domain
# No trailing slashes

Problem: Build fails on Railway

# Check Dockerfile syntax
# Verify all dependencies in package.json
# Check Python requirements.txt for errors
# Review Railway build logs

Problem: 502 Bad Gateway

# Check backend is running: /health endpoint
# Verify PORT=8080 in environment
# Check logs for startup errors
# Ensure Redis connection successful

Problem: "Redis connection failed"

# Verify REDIS_URL is set correctly
# Use Railway variable reference: ${{Redis.REDIS_URL}}
# Check Redis service is running
# Restart both Redis and backend

Problem: Files not deleted after 1 hour

# Check cleanup scheduler is running
# Review backend logs for cleanup messages
# Verify STORAGE_PATH is writable
# Check disk space on Railway

Problem: Jobs stuck in "queued" status

# Check worker process is running
# Verify worker connects to same Redis
# Check worker logs for errors
# Ensure tools installed (tshark, python3)

Problem: "Command not found: tshark"

# Verify Dockerfile includes tshark
# Check apt-get install succeeded
# Rebuild Docker image

Problem: Python script execution fails

# Check script exists in backend/src/scripts/pythonScripts/
# Verify requirements.txt includes dependencies
# Check Python script has execute permissions
# Review script output in worker logs

Problem: Slow file uploads

# Check file size (max 2GB)
# Verify network connection
# Test with smaller file first
# Check Railway region (choose closest)

Problem: High memory usage

# Monitor Railway metrics
# Increase memory allocation if needed
# Check for memory leaks in workers
# Implement request queuing

Problem: Redis connection errors

# Check Redis memory usage
# Increase Redis memory limit
# Clear old cache entries
# Review Redis logs

Problem: "Your connection is not private"

# Wait for Vercel SSL provisioning (up to 1 hour)
# Verify domain DNS is correct
# Check domain ownership verification
# Try incognito mode (may be cache issue)

Problem: Mixed content warnings

# Ensure all resources loaded via HTTPS
# Update http:// links to https://
# Check WebSocket using wss:// not ws://

Indicators:

• Response time > 3 seconds
• Memory usage > 80%
• CPU usage > 70%
• Queue backlog growing

Frontend (Vercel):

• Auto-scales infinitely
• No action needed
• Consider Pro plan for:
  • Analytics
  • Faster builds
  • More team members

Backend (Railway):

• Vertical scaling: Increase memory/CPU
• Horizontal scaling: Multiple instances
• Load balancer: Railway Pro plan
• Separate worker instances

Redis:

• Upgrade to larger instance
• Enable persistence
• Add read replicas
• Consider Redis Cluster

Redis:

# Railway provides automated backups (Pro plan)
# Manual backup:
railway run redis-cli BGSAVE

Important: Redis is used for cache and queues only. No permanent data stored.

1. Export environment variables:

   • Vercel: Settings → Environment Variables → Export
   • Railway: Variables → Copy to clipboard

2. Store securely (password manager, encrypted file)

3. Document custom configurations

1. Redeploy from GitHub (automatic)
2. Restore environment variables
3. Verify services running
4. Test critical functionality

Vercel:

• 100GB bandwidth/month
• Unlimited deploys
• 100 serverless function executions/day
• Custom domain included

Railway:

• 5 USD free credit
• ~500 hours of 1GB server/month
• Pay only for usage beyond credit

Light Usage (< 1000 users/month):

• Vercel: $0 (free tier)
• Railway: $5-10
• Total: $5-10/month

Medium Usage (1000-10000 users/month):

• Vercel: $0-20 (may need Pro)
• Railway: $20-50
• Total: $20-70/month

Heavy Usage (> 10000 users/month):

• Vercel: $20 (Pro plan)
• Railway: $100-200
• Total: $120-220/month

• HTTPS only (enforce)
• API keys in environment variables (never in code)
• CORS properly configured
• Rate limiting enabled
• File size limits enforced
• Input validation on all endpoints
• Security headers configured (Helmet.js)
• Regular dependency updates
• Monitoring and alerting configured
• Backup procedure documented

Verify these headers are present:

curl -I https://sectoolbox.cc

Expected headers:

strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Weekly:

• Review error logs
• Check disk space usage
• Monitor API quotas

Monthly:

• Update dependencies
• Review security advisories
• Check performance metrics
• Rotate API keys (if needed)

Quarterly:

• Full security audit
• Load testing
• Backup verification
• Documentation updates

Documentation:

• GitHub: https://github.com/sectoolbox/sectoolbox/docs
• API Reference: /docs/api.md
• Architecture: /docs/architecture.md

Community:

• Discord: https://discord.gg/SvvKKMzE5Q
• GitHub Discussions: https://github.com/sectoolbox/sectoolbox/discussions

Issues:

• Bug reports: https://github.com/sectoolbox/sectoolbox/issues
• Feature requests: GitHub Discussions

After successful deployment:

1. Configure custom domain (optional)
2. Set up monitoring and alerts
3. Create backup procedure
4. Document your configuration
5. Join community Discord
6. Consider contributing improvements

Congratulations on deploying Sectoolbox!