Skip to content

Deployment

There are several ways to deploy rustfava depending on your needs.

Desktop App

For personal use, the desktop app is the simplest option. It runs entirely locally with no server setup required.

Docker

For server deployments, Docker is recommended:

docker run -p 5000:5000 -v /path/to/ledger:/data ghcr.io/rustledger/rustfava /data/main.beancount

For advanced Docker configurations (authentication, HTTPS, docker-compose), see the Docker deployment guide.

Systemd Service

To run rustfava as a system service on Linux:

# /etc/systemd/system/rustfava.service
[Unit]
Description=rustfava Web UI for Beancount
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/rustfava --host 127.0.0.1 --port 5000 /path/to/main.beancount
User=your-user
Restart=on-failure

[Install]
WantedBy=multi-user.target

Then:

sudo systemctl enable rustfava
sudo systemctl start rustfava

Reverse Proxy

Apache

ProxyPass "/rustfava" "http://localhost:5000/rustfava"
ProxyPassReverse "/rustfava" "http://localhost:5000/rustfava"

Run rustfava with the --prefix option:

rustfava --prefix /rustfava /path/to/main.beancount

Nginx

location /rustfava/ {
    proxy_pass http://127.0.0.1:5000/rustfava/;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

Caddy

your-domain.com {
    reverse_proxy localhost:5000
}

Caddy automatically handles HTTPS with Let's Encrypt.

Security Considerations

When exposing rustfava to the internet:

  1. Use HTTPS - Never expose plain HTTP to the public internet
  2. Add authentication - Use a reverse proxy with OAuth2 or basic auth
  3. Restrict access - Use firewall rules to limit access to trusted IPs
  4. Keep updated - Regularly update rustfava for security patches

See SECURITY.md for more security best practices.