Deploy Deno 2 to Production Without Losing Your Mind

Deno 2.0 dropped in October 2024, and for the first time, it doesn't feel like an academic project. After years of "just use Node" being the safe answer, Deno 2 finally has npm compatibility that makes it worth considering for real production work.

The npm Thing That Changes Everything

You can finally import npm packages without jumping through hoops:

import express from "npm:express@4";
import { z } from "npm:zod@3";

This sounds simple but it's huge. No more rewriting your entire Express app just to try Deno. No more hunting for Deno-specific alternatives to packages everyone already knows work.

Reality check: Most popular packages work fine, but native modules are a complete shitshow. The compatibility docs are actually useful, unlike most documentation, but expect to spend time debugging packages that should "just work."

The Single Executable Thing That Actually Matters

The `deno compile` command creates standalone executables that include everything:

deno compile --output=myapp --allow-net --allow-read main.ts

What this fixes: No more "it works on my machine" bullshit. No node_modules to manage. No version conflicts between environments. No dependency hell.

What breaks: Executables end up way bigger than they claim - mine are usually 80-100MB. And if you mess up the permissions flags, you'll spend 2 hours debugging why your app can't read the config file. Add --allow-all first to test if it's permissions, then narrow it down like a sane person.

Security That Actually Works (When You Configure It Right)

The permission system is the one feature that makes security teams happy:

## Production permissions that won't bite you later
deno run --allow-net=api.stripe.com,db.example.com --allow-read=/app/config --allow-write=/app/logs main.ts

What this prevents: Compromised dependencies can't phone home or read your secrets. It's like having a firewall inside your runtime.

What trips you up: Getting the permissions wrong means silent failures. Your health check returns 200 but your database writes are failing because you forgot --allow-write. I lost a weekend to this bug.

Performance: Pretty Good, Sometimes Great

In my testing, Deno 2 performs about as well as Node.js:

• HTTP throughput: Usually within 10% of Node.js, sometimes faster
• Cold starts: Noticeably faster than Node.js (great for serverless)
• Memory: Uses slightly less RAM than equivalent Node apps
• Binary size: 80-100MB executable (bigger than they claim)

Real world: It's fast enough that you won't notice a difference. Lambda cold starts are noticeably faster - maybe 20-30% in my testing, but your mileage will vary.

Gotchas: TypeScript compilation still takes time during development. The binary size kills some serverless use cases. And if you're doing heavy CPU work, the performance difference is basically zero.

What Actually Deploys

You've got three real options:

1. Single Executable (What I Recommend)

Copy one file to the server and run it. No runtime to install, no dependencies to manage. Perfect for VPS deployments where you want to keep things simple.

Breaks when: You need dynamic imports or your app loads files that aren't bundled. Also, debugging sucks because everything is compiled.

2. Docker Containers

Multi-stage builds work great with Deno. Final images around 60-80MB with proper distroless bases.

Breaks when: Permission mapping between container and compiled binary gets confusing. Docker Desktop randomly stops working and nobody knows why.

3. Source Deployment

Direct source deployment to platforms like Deno Deploy or similar cloud platforms.

Breaks when: You need system-level access or complex deployment scripts. Fine for simple web apps, limited for anything complex.

The Stuff That Still Sucks

• Documentation still has gaps for edge cases
• Error messages are sometimes cryptic as hell
• Some popular packages still don't work properly
• The ecosystem is smaller, so you'll spend time troubleshooting weird issues
• Import path configuration can be finicky

But honestly? It's finally good enough that the trade-offs make sense for new projects. The security model alone makes it worth considering for production workloads where you care about supply chain attacks. Major companies are using it in production now, which is a good sign.

Method 1: Single Executable (The Way That Actually Works)

Single executables are great until they're not. Here's what I learned after the third time my deployment failed at 3am.

What You Actually Need

• Deno 2.0+ on your dev machine
• SSH access to your server (duh)
• Patience for systemd to shit the bed

Step 1: Build Something That Actually Works

Test your permissions locally first, or you'll spend hours debugging why your compiled binary can't read files. Also test that your binary actually starts up - I've had builds complete successfully but the executable immediately segfaults because of some weird import path issue that only shows up in production.

// main.ts - messy but works
import { serve } from "https://deno.land/std@0.208.0/http/server.ts";

const PORT = parseInt(Deno.env.get("PORT") ?? "8000");

const handler = async (req: Request): Promise<Response> => {
  const url = new URL(req.url);
  
  if (url.pathname === "/health") {
    return new Response("OK", { status: 200 });
  }
  
  if (url.pathname === "/api/data") {
    try {
      // TODO: clean this up later
      return Response.json({ message: "Hello from Deno 2!" });
    } catch (error) {
      console.error("API error:", error); // this saved my ass when debugging at 3am
      return new Response("Internal Server Error", { status: 500 });
    }
  }
  
  return new Response("Not Found", { status: 404 });
};

console.log(`Server starting on port ${PORT}`);
try {
  await serve(handler, { port: PORT });
} catch (error) {
  console.error("Server failed to start:", error);
  Deno.exit(1);
}

Step 2: Configure This Without Screwing It Up

Your deno.json needs permissions that actually work in production:

{
  "compilerOptions": {
    "strict": true,
    "lib": ["deno.window"]
  },
  "tasks": {
    "start": "deno run --allow-net --allow-env main.ts",
    "build": "deno compile --allow-net --allow-env --allow-read=/etc/ssl,/opt/app/config --allow-write=/var/log/myapp --output=./dist/myapp main.ts"
  },
  "imports": {
    "std/": "https://deno.land/std@0.208.0/"
  }
}

Pro tip: The `--allow-read=/etc/ssl` part will save you 2 hours of debugging SSL certificate errors. The `--allow-write=/var/log/myapp` lets you actually write logs. You're welcome.

Step 3: Build and Test (This Will Fail The First Time)

## Build the executable
deno task build

## Test it locally - this catches 90% of issues
PORT=8080 ./dist/myapp

If the build fails, you probably have dynamic imports or missing permissions. The most common error is Cannot resolve module which usually means a dynamic import somewhere that compile can't see at build time.

Reality check: The binary will be bigger than they claim - mine are usually 60-80MB instead of the optimistic numbers in the docs.

Step 4: Copy Shit to the Server (And Deal With Permissions)

## Create the directory first or scp will fail
ssh user@yourserver.com "sudo mkdir -p /opt/myapp && sudo chown $USER:$USER /opt/myapp"

## Copy binary to server
scp ./dist/myapp user@yourserver.com:/opt/myapp/

## SSH and fix permissions (this always breaks)
ssh user@yourserver.com
chmod +x /opt/myapp/myapp

## Test it works before setting up systemd
cd /opt/myapp && PORT=8080 ./myapp

When this fails: Usually it's missing /tmp access or the binary can't bind to the port. Check `journalctl -f` while testing.

Step 5: systemd Service (Prepare for Pain)

OK, enough complaining about systemd. Here's how to actually configure it.

Create /etc/systemd/system/myapp.service - and yes, you need to create a user first:

## Create the service user (systemd will fail without this)
sudo useradd -r -s /bin/false myapp
sudo mkdir -p /var/log/myapp
sudo chown myapp:myapp /var/log/myapp

[Unit]
Description=My Deno 2 Application
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=myapp
Group=myapp
WorkingDirectory=/opt/myapp
ExecStart=/opt/myapp/myapp
Restart=always
RestartSec=10
Environment=PORT=8000
StandardOutput=journal
StandardError=journal
SyslogIdentifier=myapp
TimeoutStopSec=5

## This prevents most common systemd failures
PrivateTmp=true
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/var/log/myapp

[Install]
WantedBy=multi-user.target

Enable and start (then debug for 30 minutes):

sudo systemctl daemon-reload
sudo systemctl enable myapp
sudo systemctl start myapp

## Check status (will probably be failed)
sudo systemctl status myapp

## When it fails, check logs
sudo journalctl -u myapp -f

When systemd fails: It's usually permissions or the binary path. Status code 203 means exec failed - usually wrong path or missing execute permissions. Status code 1 means your binary crashed immediately - probably missing files or wrong permissions.

Method 2: Docker Container Deployment

Docker provides consistent environments and easier scaling options. On my 2019 MacBook this takes forever but on actual servers it's not too bad.

Step 1: Create Multi-Stage Dockerfile

## Build stage
FROM denoland/deno:2.0.6 AS builder

WORKDIR /app
COPY . .

## Cache dependencies
RUN deno cache main.ts

## Compile to single executable
RUN deno compile --allow-net --allow-env --allow-read=/etc/ssl --output=./myapp main.ts

## Production stage - use distroless for security
FROM gcr.io/distroless/cc-debian12

WORKDIR /app

## Copy only the compiled binary
COPY --from=builder /app/myapp /app/myapp

## Non-root user for security
USER 1001

EXPOSE 8000

CMD ["/app/myapp"]

Step 2: Build and Optimize Image

## Build the image
docker build -t myapp:latest .

## Check image size (should be ~60-80MB)
docker images myapp

## Test locally
docker run -p 8000:8000 -e PORT=8000 myapp:latest

Step 3: Production Docker Deployment

Create docker-compose.prod.yml:

version: '3.8'

services:
  myapp:
    image: myapp:latest
    ports:
      - "8000:8000"
    environment:
      - NODE_ENV=production
      - PORT=8000
    restart: unless-stopped
    healthcheck:
      test: ["CMD", "/app/myapp", "--version"]
      interval: 30s
      timeout: 10s
      retries: 3
      start_period: 40s
    deploy:
      resources:
        limits:
          memory: 512M
        reservations:
          memory: 256M
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "3"

  reverse-proxy:
    image: nginx:alpine
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf:ro
      - ./ssl:/etc/ssl/certs:ro
    depends_on:
      - myapp
    restart: unless-stopped

Method 3: Serverless Platform Deployment

Perfect for applications with variable traffic or microservices architecture. The Deno Deploy docs have everything you need.

Deno Deploy (Official Platform)

## Install deployctl
deno install -A --unstable-kv jsr:@deno/deployctl

## Deploy directly from Git repository  
deployctl deploy --project=myapp --prod

## Or deploy local files
deployctl deploy --project=myapp --prod main.ts

Alternative Serverless Platforms

Cloudflare Workers (using Deno-to-Worker compatibility):

// worker-adapter.ts
export default {
  async fetch(request: Request): Promise<Response> {
    // Your existing Deno application logic
    return new Response("Hello from Cloudflare Worker!");
  }
};

Railway Deployment:

## railway.json
{
  "build": {
    "builder": "DOCKERFILE"
  },
  "deploy": {
    "healthcheckPath": "/health",
    "healthcheckTimeout": 100,
    "restartPolicyType": "ON_FAILURE"
  }
}

Production Environment Configuration

Environment Variables

Create `.env.production`:

NODE_ENV=production
PORT=8000
DATABASE_URL=postgresql://user:pass@host:5432/db
ALLOWED_ORIGINS=https://yourapp.com,https://api.yourapp.com
LOG_LEVEL=info
MAX_REQUEST_SIZE=10mb
RATE_LIMIT_WINDOW=900000
RATE_LIMIT_MAX=100

Load in your application:

import { load } from "https://deno.land/std@0.208.0/dotenv/mod.ts";

const env = await load({
  envPath: "./.env.production",
  export: true,
});

SSL/TLS Configuration

For self-hosted deployments, configure HTTPS:

// https-server.ts
const cert = await Deno.readTextFile("/etc/ssl/certs/cert.pem");
const key = await Deno.readTextFile("/etc/ssl/private/key.pem");

await serve(handler, {
  port: 443,
  cert,
  key,
});

Or use a reverse proxy like Nginx:

## /etc/nginx/sites-available/myapp
server {
    listen 443 ssl http2;
    server_name yourapp.com;
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    location / {
        proxy_pass http://127.0.0.1:8000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
    }
}

Monitoring and Health Checks

Add comprehensive monitoring:

// monitoring.ts
export async function healthCheck(): Promise<boolean> {
  try {
    // Check database connectivity
    await fetch("your-database-health-endpoint");
    
    // Check external APIs
    await fetch("https://api.critical-service.com/health");
    
    return true;
  } catch {
    return false;
  }
}

// Add to your main server
const handler = async (req: Request): Promise<Response> => {
  if (req.url.endsWith("/health")) {
    const isHealthy = await healthCheck();
    return new Response(isHealthy ? "OK" : "UNHEALTHY", {
      status: isHealthy ? 200 : 503,
    });
  }
  
  // Your app logic here
};

Look, after trying all these approaches in production, here's the real talk:

• Single executable: Simplest deployment, great for VPS - start here if you're unsure
• Docker: Consistent environments, easier scaling - use when you need orchestration
• Serverless: Automatic scaling, pay-per-use - perfect for APIs with variable traffic

The choice isn't permanent. Start simple, then evolve your deployment strategy as your app grows. Don't over-engineer from day one - you'll just spend more time debugging deployment configs instead of building features.

Real Production Config That Actually Works

After my third deployment turned to shit at 2am, here's what I learned about running Deno in production. The official deployment guide is actually useful, unlike most documentation:

Environment Variables That Don't Suck

// config/production.ts
export const config = {
  port: parseInt(Deno.env.get("PORT") ?? "8000"),
  host: Deno.env.get("HOST") ?? "0.0.0.0",
  database: {
    url: Deno.env.get("DATABASE_URL")!,
    pool: {
      min: 5,
      max: 20,
      idleTimeout: 30000,
    },
  },
  security: {
    allowedOrigins: Deno.env.get("ALLOWED_ORIGINS")?.split(",") ?? ["*"],
    rateLimiting: {
      windowMs: 15 * 60 * 1000, // 15 minutes
      max: 100, // requests per window
    },
  },
  logging: {
    level: Deno.env.get("LOG_LEVEL") ?? "info",
    format: "json", // Structured logging for production
  },
};

Process Management (This Will Break Three Times)

You need process monitoring or you'll get paged at 3am. Here's the setup that saved my ass when we hit 1000 concurrent users and everything caught fire:

// process-manager.ts
export class ProcessManager {
  private healthCheckInterval?: number;
  private gracefulShutdown = false;

  async startHealthMonitoring() {
    this.healthCheckInterval = setInterval(async () => {
      try {
        // Check database connectivity
        await this.checkDatabaseHealth();
        
        // Check memory usage
        const memInfo = Deno.memoryUsage();
        if (memInfo.heapUsed > 500 * 1024 * 1024) { // 500MB
          console.warn("High memory usage detected:", memInfo);
        }
        
        // Log health status
        console.log("Health check passed", { timestamp: new Date().toISOString() });
      } catch (error) {
        console.error("Health check failed:", error);
      }
    }, 30000); // Check every 30 seconds
  }

  private async checkDatabaseHealth() {
    // Implement your database health check
    const response = await fetch("http://localhost:8000/health");
    if (!response.ok) {
      throw new Error(`Health check failed: ${response.status}`);
    }
  }

  setupGracefulShutdown() {
    const shutdown = async (signal: string) => {
      console.log(`Received ${signal}, shutting down gracefully`);
      this.gracefulShutdown = true;
      
      if (this.healthCheckInterval) {
        clearInterval(this.healthCheckInterval);
      }
      
      // Give ongoing requests time to complete
      await new Promise(resolve => setTimeout(resolve, 5000));
      
      console.log("Shutdown complete");
      Deno.exit(0);
    };

    // Handle different signals
    Deno.addSignalListener("SIGTERM", () => shutdown("SIGTERM"));
    Deno.addSignalListener("SIGINT", () => shutdown("SIGINT"));
  }
}

Logging Setup (Actually Simple Once You Stop Overthinking It)

This logging setup actually works in production. JSON format makes parsing logs way easier when shit hits the fan:

// logger.ts
interface LogEntry {
  timestamp: string;
  level: string;
  message: string;
  metadata?: Record<string, unknown>;
  requestId?: string;
}

export class Logger {
  private logLevel: string;

  constructor(level: string = "info") {
    this.logLevel = level;
  }

  private shouldLog(level: string): boolean {
    const levels = ["debug", "info", "warn", "error"];
    return levels.indexOf(level) >= levels.indexOf(this.logLevel);
  }

  private log(level: string, message: string, metadata?: Record<string, unknown>) {
    if (!this.shouldLog(level)) return;

    const entry: LogEntry = {
      timestamp: new Date().toISOString(),
      level,
      message,
      metadata,
    };

    console.log(JSON.stringify(entry));
  }

  info(message: string, metadata?: Record<string, unknown>) {
    this.log("info", message, metadata);
  }

  error(message: string, error?: Error, metadata?: Record<string, unknown>) {
    this.log("error", message, {
      ...metadata,
      error: error?.message,
      stack: error?.stack,
    });
  }

  warn(message: string, metadata?: Record<string, unknown>) {
    this.log("warn", message, metadata);
  }
}

// Usage in your application
const logger = new Logger(Deno.env.get("LOG_LEVEL"));

const handler = async (req: Request): Promise<Response> => {
  const requestId = crypto.randomUUID();
  const start = performance.now();
  
  logger.info("Request started", {
    requestId,
    method: req.method,
    url: req.url,
  });

  try {
    // Your application logic here
    const response = new Response("OK");
    
    const duration = performance.now() - start;
    logger.info("Request completed", {
      requestId,
      status: response.status,
      duration: `${duration.toFixed(2)}ms`,
    });
    
    return response;
  } catch (error) {
    const duration = performance.now() - start;
    logger.error("Request failed", error as Error, {
      requestId,
      duration: `${duration.toFixed(2)}ms`,
    });
    
    return new Response("Internal Server Error", { status: 500 });
  }
};

Shit That Will Break (And How to Fix It)

Memory Leaks (Because Of Course There Are)

Your app will eat memory like Chrome with 50 tabs open. Here's what I learned after mine crashed twice with `SIGKILL` and no useful error message:

// memory-monitor.ts
export function startMemoryMonitoring() {
  setInterval(() => {
    const memory = Deno.memoryUsage();
    
    if (memory.heapUsed > 1024 * 1024 * 1024) { // 1GB
      console.warn("High memory usage detected", {
        heapUsed: `${(memory.heapUsed / 1024 / 1024).toFixed(2)}MB`,
        heapTotal: `${(memory.heapTotal / 1024 / 1024).toFixed(2)}MB`,
        rss: `${(memory.rss / 1024 / 1024).toFixed(2)}MB`,
      });
      
      // Force garbage collection if available
      if (typeof globalThis.gc === "function") {
        globalThis.gc();
      }
    }
  }, 60000); // Check every minute
}

Database Connection Pools (This Will Save You From Database Hell)

If you're hitting the database hard, you need pooling or your DB will tell you to fuck off with `connection limit exceeded` errors. I learned this the hard way during a load test:

// db-pool.ts
export class ConnectionPool {
  private pool: Connection[] = [];
  private maxConnections: number;
  private activeConnections = 0;

  constructor(maxConnections = 10) {
    this.maxConnections = maxConnections;
  }

  async getConnection(): Promise<Connection> {
    if (this.pool.length > 0) {
      return this.pool.pop()!;
    }

    if (this.activeConnections < this.maxConnections) {
      this.activeConnections++;
      return await this.createConnection();
    }

    // Wait for connection to become available
    return new Promise((resolve) => {
      const checkPool = () => {
        if (this.pool.length > 0) {
          resolve(this.pool.pop()!);
        } else {
          setTimeout(checkPool, 10);
        }
      };
      checkPool();
    });
  }

  releaseConnection(connection: Connection) {
    this.pool.push(connection);
  }

  private async createConnection(): Promise<Connection> {
    // Your database connection logic
    return await connect(Deno.env.get("DATABASE_URL")!);
  }
}

Load Balancing (Because One Process Isn't Enough)

Multiple Deno processes behind Nginx works great until it doesn't. Here's the config that actually works:

## /etc/nginx/conf.d/deno-app.conf
upstream deno_backend {
    server 127.0.0.1:8001;
    server 127.0.0.1:8002;
    server 127.0.0.1:8003;
    server 127.0.0.1:8004;
}

server {
    listen 80;
    server_name yourapp.com;

    location / {
        proxy_pass http://deno_backend;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        # Health check
        proxy_connect_timeout 5s;
        proxy_send_timeout 10s;
        proxy_read_timeout 10s;
    }
}

Security Hardening

Runtime Security Configuration

Configure Deno with minimal required permissions:

#!/bin/bash
## production-start.sh

## Production permissions (minimal required)
exec ./myapp \
  --allow-net=api.yourservice.com,db.yourservice.com \
  --allow-read=/app/config,/etc/ssl/certs \
  --allow-write=/app/logs \
  --allow-env=PORT,NODE_ENV,DATABASE_URL

Input Validation and Rate Limiting

Implement comprehensive input validation:

// security-middleware.ts
export class SecurityMiddleware {
  private rateLimitMap = new Map<string, { count: number; resetTime: number }>();

  rateLimit(maxRequests: number, windowMs: number) {
    return (req: Request): Response | null => {
      const clientIp = this.getClientIp(req);
      const now = Date.now();
      const key = `${clientIp}:${Math.floor(now / windowMs)}`;
      
      const current = this.rateLimitMap.get(key) ?? { count: 0, resetTime: now + windowMs };
      
      if (current.count >= maxRequests) {
        return new Response("Too Many Requests", { 
          status: 429,
          headers: {
            "Retry-After": Math.ceil((current.resetTime - now) / 1000).toString(),
          },
        });
      }
      
      current.count++;
      this.rateLimitMap.set(key, current);
      
      // Clean up old entries
      if (this.rateLimitMap.size > 10000) {
        for (const [k, v] of this.rateLimitMap.entries()) {
          if (v.resetTime < now) {
            this.rateLimitMap.delete(k);
          }
        }
      }
      
      return null; // Allow request to proceed
    };
  }

  private getClientIp(req: Request): string {
    // Check for forwarded IP from reverse proxy
    const forwarded = req.headers.get("x-forwarded-for");
    if (forwarded) {
      return forwarded.split(",")[0].trim();
    }
    
    const realIp = req.headers.get("x-real-ip");
    if (realIp) {
      return realIp;
    }
    
    // Fallback to connection IP (may not be available in all environments)
    return "unknown";
  }
}

Deployment Automation

CI/CD Pipeline Example ([GitHub Actions](https://github.com/features/actions))

## .github/workflows/deploy.yml
name: Deploy Deno 2 Application

on:
  push:
    branches: [main]

jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: denoland/setup-deno@v2
        with:
          deno-version: '2.0'
      
      - name: Run tests
        run: deno test --allow-env --allow-net

      - name: Check formatting
        run: deno fmt --check

      - name: Lint code
        run: deno lint

  build-and-deploy:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: denoland/setup-deno@v2
        with:
          deno-version: '2.0'

      - name: Build executable
        run: |
          deno compile \
            --allow-net \
            --allow-env \
            --allow-read=/etc/ssl \
            --output=./dist/myapp \
            main.ts

      - name: Deploy to server
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          source: "./dist/myapp"
          target: "/tmp/"

      - name: Restart service
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.PRIVATE_KEY }}
          script: |
            sudo mv /tmp/dist/myapp /opt/myapp/myapp-new
            sudo chmod +x /opt/myapp/myapp-new
            sudo mv /opt/myapp/myapp /opt/myapp/myapp-backup
            sudo mv /opt/myapp/myapp-new /opt/myapp/myapp
            sudo systemctl restart myapp
            sudo systemctl status myapp

This production guide covers the essential aspects of running Deno 2 applications reliably in production environments. The key is starting simple and adding complexity as your application and traffic grow.