[Reference](https://medium.com/@mathur.danduprolu/exploring-fastapi-2024-deploying-your-fastapi-application-part-7-7-23d37181e35d)

# Step 1: Preparing FastAPI for Production

```
fastapi
uvicorn
gunicorn
PyJWT  # if using JWT authentication
```

```
pip freeze > requirements.txt
```

# Step 2: Containerizing the FastAPI App with Docker

## Create a Dockerfile:

```
# Use a lightweight Python image
FROM python:3.9-slim

# Set working directory
WORKDIR /app

# Copy requirements and install dependencies
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

# Copy the FastAPI app code
COPY . .

# Expose port 80 and start FastAPI with Uvicorn and Gunicorn
CMD ["gunicorn", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "main:app", "--bind", "0.0.0.0:80"]
```

## Build and Run Docker Container:

```
docker build -t fastapi-app .
docker run -d -p 80:80 fastapi-app
```

# Step 3: Deploying to Popular Platforms

## Install the Heroku CLI and log in:

```
heroku login
```

## Create a Heroku App:
```
heroku create your-app-name
```

## Add a Dockerfile for Heroku Deployment:
```
build:
  docker:
    web: Dockerfile
```

## Deploy to Heroku:
```
heroku container:push web -a your-app-name
heroku container:release web -a your-app-name
```

## Deploying FastAPI on DigitalOcean
```
docker build -t fastapi-app .
docker run -d -p 80:80 fastapi-app
```

## Deploying FastAPI on AWS EC2

```
sudo amazon-linux-extras install docker
sudo service docker start
```

```
docker build -t fastapi-app .
docker run -d -p 80:80 fastapi-app
```

# Step 4: Optimizing FastAPI for Production

## Use Gunicorn with Uvicorn Workers

```
gunicorn -w 4 -k uvicorn.workers.UvicornWorker main:app --bind 0.0.0.0:80
```

## Enable HTTPS
- Heroku: Automatically provides HTTPS.
- DigitalOcean: Set up an SSL with Let’s Encrypt.
- AWS EC2: Use Amazon’s Certificate Manager with ELB.


## Configure CORS for Secure Cross-Origin Requests


In [2]:
from starlette.middleware.cors import CORSMiddleware

app.add_middleware(
    CORSMiddleware,
    allow_origins=["https://yourdomain.com"],  # Set your trusted domain
    allow_credentials=True,
    allow_methods=["GET", "POST"],
    allow_headers=["*"],
)

## Rate Limiting and Security Headers

- Rate Limiting: Prevent abuse by limiting the number of requests. Use a reverse proxy or middleware like Redis for rate limiting.
- Security Headers: Use headers to protect against XSS, clickjacking, and other attacks. Libraries like starlette.middleware can help set security headers.