One command to deploy Enferno-based Flask apps with automatic SSL.

# One-liner
curl -sSL https://raw.githubusercontent.com/level09/ignite/main/ignite.sh | sudo DOMAIN=app.example.com bash

# Or download and run interactively
wget https://raw.githubusercontent.com/level09/ignite/main/ignite.sh
sudo bash ignite.sh

• Deploys Enferno or ReadyKit apps
• Automatic SSL via Caddy (zero config)
• Python 3.13 + uv package manager
• Redis for sessions and Celery
• systemd services with auto-restart
• UFW firewall (ports 22, 80, 443)
• SSH access with sudo for app user

• HSTS - Strict Transport Security with 1 year max-age
• Security Headers - X-Frame-Options, X-Content-Type-Options, XSS Protection
• Permissions-Policy - Disables geolocation, microphone, camera by default
• Compression - zstd + gzip for all responses
• Static Caching - 1 year cache for /static/* assets
• JSON Logging - Structured logs at /var/log/caddy/{domain}.log
• Server Header Removed - Hides Caddy version from responses

# Deploy ReadyKit with PostgreSQL
DOMAIN=app.example.com REPO=level09/readykit DB=postgres ./ignite.sh

# Deploy with custom admin
DOMAIN=app.example.com [email protected] ./ignite.sh

# Local testing (no SSL)
DOMAIN=localhost SKIP_SSL=true ./ignite.sh

• Ubuntu 22.04 or 24.04
• Root access
• Domain pointing to server (for SSL)

• App: https://your-domain.com
• SSH: ssh {user}@your-domain.com (uses your existing SSH key)
• Credentials: /home/{user}/.credentials
• App Logs: journalctl -u {domain}.service
• Access Logs: /var/log/caddy/{domain}.log (JSON format)

Caddy supports rate limiting via plugin. To enable:

# Install Caddy with rate-limit plugin
caddy add-package github.com/mholt/caddy-ratelimit

# Edit /etc/caddy/Caddyfile and add inside your domain block:
rate_limit {remote.ip} 100r/s

For auth endpoints, add stricter limits:

@auth path /login* /register* /reset*
rate_limit @auth {remote.ip} 5r/m

MIT