Page Contents

Configuration for deployment

When you move from deployment to production or staging, you typically want to change your datasource from your internal testing database (or even the in-memory data store) to a production database where your live application data will reside. Additionally, you may want to change application properties such as host name and port number.

By default, a LoopBack application created with the application generator has two kinds of configuration files in the server directory that you use to configure production settings:

  • config.json containing general application configuration. You can override the settings in this file with config._env_.json, where env is the value of NODE_ENV environment variable.
  • datasources.json containing data source configuration. You can override the settings in this file with datasources._env_.json, where env is the value of NODE_ENV environment variable.

Set NODE_ENV to a string reflecting the host environment, for example “development” or “production”.

To get ready for production, create at least two copies of these files:  config.production.json and config.development.json; and datasources.production.json and datasources.development.json

You can create additional files (for example, config.staging.json) if desired. Then, make sure on your development system you set the NODE_ENV to “development” and on your production system you set NODE_ENV to “production”.

For more information, see Environment-specific configuration.

Disabling API Explorer

LoopBack API Explorer is great when you’re developing your application, but for security reasons you may not want to expose it in production.

For an application using loopback-component-explorer, to disable explorer in production:

  • Set the NODE_ENV environment variable to “production”.
  • Then in server/component-config.production.json:


  "loopback-component-explorer": null

Other changes

When you move your app from development to staging, you may want to make additional changes. For example, you might want to customize REST error responses. See Customizing REST error handling for more information.

Using SSL

For a working example app demonstrating how to use SSL with LoopBack, see loopback-example-ssl. The example code below is drawn from that repository.

Generate your own SSL certificate

Here’s an example of generating an SSL certificate: 

$ openssl genrsa -out privatekey.pem 1024
$ openssl req -new -key privatekey.pem -out certrequest.csr
$ openssl x509 -req -in certrequest.csr -signkey privatekey.pem -out certificate.pem

Load the SSL certificate

Once you’ve generated a certificate, load it in your app, for example:


var path = require('path'),
fs = require("fs");
exports.privateKey = fs.readFileSync(path.join(__dirname, './private/privatekey.pem')).toString();
exports.certificate = fs.readFileSync(path.join(__dirname, './private/certificate.pem')).toString();

Configure the app 

  "restApiRoot": "/api",
  "host": "",
  "port": 3000,
  "url": "https://localhost:3000/",
  "swagger": {
    "protocol": "https"

Create the HTTPS server


var https = require('https');
var sslConfig = require('./ssl-config');
var options = {
  key: sslConfig.privateKey,
  cert: sslConfig.certificate

server.listen(app.get('port'), function() {
    var baseUrl = (httpOnly? 'http://' : 'https://') - app.get('host') - ':' - app.get('port');
    app.emit('started', baseUrl);
    console.log('LoopBack server listening @ %s%s', baseUrl, '/');
return server;