Skip to content

gauthami-tech/leaf-audit-dashboard

BranchesTags

Repository files navigation

Leaf Audit Dashboard – Production Deployment Guide

A secure, production-ready analytics dashboard for auditing Leaf usage.

Runs on:

Windows Server (Azure VM)

Python Dash + Waitress (internal web server)

IIS Reverse Proxy (HTTPS termination)

Task Scheduler (background execution service)

📂 Project Structure C:\LeafAuditDashboard │ app.py │ callbacks_module.py │ layout.py │ database.py │ config.py │ start_dashboard.bat │ requirements.txt │ task_scheduler.xml │ web.config │ README.md │ └── assets theme.css copy.js

🚀 1. Application Overview

The Leaf Audit Dashboard displays:

1.Users running cohort queries
2.Number of queries executed
3.SQL statements run (with copy button)
4.Time-based usage trends
5.Drill-down per user

The Python app runs internally on:

http://127.0.0.1:8050

The Waitress WSGI server is used for production. IIS provides: *HTTPS encryption *DNS routing *Reverse proxy forwarding to Waitress

Public URL:

https://leafaudit.rush.edu/

🧩 2. Background Service (Task Scheduler)

Task Scheduler automatically runs the dashboard on server startup using:
start_dashboard.bat
Batch file launches Waitress:
python -m waitress --listen=127.0.0.1:8050 app:server
Task Scheduler configuration:
Trigger: At Startup
Action:
    cmd.exe /c C:\LeafAuditDashboard\start_dashboard.bat
Run whether user is logged on or not
Highest privileges enabled
Automatic restart on failure

This ensures:

✔ Application runs 24/7
✔ Survives VM restarts
✔ No RDP session required

🔐 3. HTTPS Setup Using IIS Reverse Proxy

IIS listens for HTTPS traffic and forwards to the Python backend.
IIS Website Binding
Setting	Value
Protocol	HTTPS
Hostname	leafaudit.rush.edu
Port	443
Certificate	Rush internal SSL cert
Reverse Proxy Rule (URL Rewrite)

This is defined in:

C:\LeafAuditDashboard\web.config

IIS forwards all traffic to:

http://127.0.0.1:8050

Requirements:

URL Rewrite module

Application Request Routing (ARR)

🗃 4. Python Dependencies Installation

Run: pip install -r requirements.txt

Includes:

Dash
Pandas
SQLAlchemy
PyODBC
Waitress
Plotly
python-dotenv

🧪 5. Testing the App From the VM: http://127.0.0.1:8050

From the outside world:
https://leafaudit.rush.edu/

If outside fails:

Check IIS binding
Verify SSL cert installed
Ensure firewall/Nginx/NSG allows port 443
Ensure ARR and rewrite modules enabled

🔄 6. Restarting the Dashboard

Restart background service:
Task Scheduler → LeafAuditDashboard → Run

Restart manually:

taskkill /IM python.exe /F
C:\LeafAuditDashboard\start_dashboard.bat

🛡 7. Security Notes

Waitress listens only on 127.0.0.1 (safe – not internet exposed)
IIS handles encryption (HTTPS)
Only allow port 443 in Azure NSG
Block inbound port 8050 completely
Store DB credentials securely (config.py or .env)

♻️ 8. Updating Code

Stop the Task Scheduler job
Replace updated .py files
Restart the Task Scheduler job
Confirm dashboard loads correctly

About

Leaf Audit Dashboard

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages