Skip to main content

Development vs Production

API Master provides different build modes for development and production environments.
Run the development server with hot-reloading:
npm run dev
This uses nodemon and ts-node to automatically restart the server when files change.

Building the Project

API Master includes two build methods defined in package.json.

Standard TypeScript Build

Compile TypeScript files to JavaScript: 
npm run build
This runs the TypeScript compiler (tsc) and outputs to the dist/ directory:
package.json
{
  "scripts": {
    "build": "tsc",
    "start": "node dist/app.js"
  }
}
1

Compile TypeScript

npm run build
Output structure:
dist/
├── app.js
└── src/
    ├── controllers/
    │   └── userController.js
    └── routes/
        └── userRoutes.js
2

Start Production Server

npm start
The server will start on the configured PORT (default: 3000).
3

Verify Deployment

Test the API endpoint:
curl http://localhost:3000

esbuild Bundled Build

Create a single bundled file using esbuild: 
npm run build:exe
This produces a single dist/app.cjs file with all dependencies bundled:
package.json
{
  "scripts": {
    "build:exe": "npx esbuild app.ts --bundle --platform=node --format=cjs --external:@aws-sdk/client-s3 --outfile=dist/app.cjs"
  }
}
esbuild Options Explained:
  • --bundle - Bundle all dependencies into one file
  • --platform=node - Target Node.js environment
  • --format=cjs - Output CommonJS format
  • --external:@aws-sdk/client-s3 - Exclude AWS SDK from bundle
  • --outfile=dist/app.cjs - Output path
Run the bundled build: 
node dist/app.cjs

IIS Deployment

API Master includes a web.config file for deploying to Windows IIS with iisnode.

Prerequisites

1

Install iisnode

Download and install iisnode for Windows Server or IIS.
2

Install Node.js on Server

Ensure Node.js is installed on the IIS server (version 18.x or higher).
3

Configure IIS Application Pool

  • Set No Managed Code for the application pool
  • Enable 32-bit Applications if using 32-bit Node.js

web.config Configuration

The project includes a pre-configured web.config file:
web.config
<configuration>
    <system.webServer>
        <rewrite>
            <rules>
                <rule name="DynamicContent">
                    <match url="/*" />
                    <action type="Rewrite" url="app.js" />
                </rule>
            </rules>
        </rewrite>
        <iisnode 
            loggingEnabled="false" 
            devErrorsEnabled="false" 
            debuggingEnabled="true" 
            promoteServerVars="REMOTE_ADDR">
        </iisnode>
        <handlers>
            <add name="iisnode" path="*.js" verb="*" modules="iisnode" />
        </handlers>
    </system.webServer>
</configuration>

Deployment Steps

1

Build for Production

npm run build
2

Copy Files to IIS Directory

Copy these files and folders to your IIS application directory:
  • dist/ directory
  • node_modules/ directory
  • uploads/ directory (create if not exists)
  • package.json
  • web.config
3

Update web.config Entry Point

Ensure web.config points to the correct entry file:
<action type="Rewrite" url="dist/app.js" />
4

Set Directory Permissions

Grant IIS application pool identity write permissions to:
  • uploads/ directory
  • App_Data/ directory (for iisnode logs)
5

Configure Environment Variables

Set environment variables in IIS:
  • Navigate to Configuration Editor
  • Section: system.webServer/iisnode
  • Add PORT and other environment variables
Production iisnode Settings:
  • Set loggingEnabled="true" temporarily for troubleshooting
  • Always set devErrorsEnabled="false" in production
  • Review debuggingEnabled="false" for production deployments

Environment-Specific CORS

Configure CORS differently for production to enhance security:
app.ts
const corsOptions = {
  origin: process.env.NODE_ENV === 'production' 
    ? ['https://yourdomain.com', 'https://app.yourdomain.com']
    : '*',
  methods: ['GET', 'POST', 'PUT', 'DELETE'],
  allowedHeaders: ['Content-Type', 'Authorization'],
  credentials: process.env.NODE_ENV === 'production'
};

app.use(cors(corsOptions));
The current implementation in app.ts:9-13 uses origin: '*' which should be restricted in production.

Production Best Practices

1

Environment Variables

  • Never commit .env files to version control
  • Use IIS Configuration Editor or system environment variables
  • Set NODE_ENV=production
2

CORS Configuration

  • Replace origin: '*' with specific domains
  • Enable credentials: true only if needed
  • Limit methods to required HTTP verbs
3

File Upload Security

  • Implement file type validation in userRoutes.ts
  • Set file size limits with multer:
const upload = multer({ 
  storage: storage,
  limits: { fileSize: 10 * 1024 * 1024 } // 10MB
});
4

Error Handling

  • Disable devErrorsEnabled in web.config
  • Implement proper error logging
  • Return generic error messages to clients
5

Static File Security

  • Ensure uploads/ directory has correct permissions
  • Consider serving uploads through a CDN
  • Implement authentication for sensitive files
6

Monitoring

  • Enable iisnode logging for troubleshooting
  • Monitor server performance and disk usage
  • Set up alerts for failed file uploads
IIS Deployment Checklist:
  • Build project with npm run build
  • Copy dist/, node_modules/, package.json, web.config
  • Create uploads/ directory with write permissions
  • Update web.config entry point to dist/app.js
  • Configure environment variables in IIS
  • Restrict CORS origins to production domains
  • Test file upload endpoint
  • Verify static file serving from /uploads

Troubleshooting

IIS Deployment Issues

IssueSolution
500 Internal Server ErrorEnable loggingEnabled="true" in web.config and check App_Data/logs
Files not uploadingVerify uploads/ directory exists and has write permissions
CORS errorsUpdate corsOptions.origin in app.ts to include your domain
Module not foundEnsure node_modules/ is deployed and npm install was run

Build Issues

# Clear dist and rebuild
rm -rf dist
npm run build

# Verify TypeScript compilation
npx tsc --noEmit

Next Steps

After deploying your API:
  1. Test the API endpoints - Upload files and verify responses
  2. Configure CORS - Secure your production environment

Build docs developers (and LLMs) love

Get started for freeTalk to us