Shivamyadav's avatar

Should I use laravel telescope in production ?

Should I use laravel telescope in production ?

  1. If yes, then what should I focus for the security and other stuffs.
  2. If nope, then why I should not use it into the production.
1 like
14 replies
Tray2's avatar

The short answer is NO, you shouldn't. You should use a tool like Laravel Nightwatch.

https://nightwatch.laravel.com/

The longer answer is, you can use it, but you just like you say need to handle the security yourself.

2 likes
Shivamyadav's avatar

Thanks tray, as far I know the Laravel nightwatch is not open source. I was looking for some open source

Tray2's avatar

There probably are some open source ones out there, but Telescope is made mainly for dev. I saw that there is an easy way to make it use authentication in the docs.

You also have Laravel Pulse

https://laravel.com/docs/12.x/pulse

1 like
kevinbui's avatar

This is interesting topic.

In general, nah, we should not use Laravel Telescope in production.

But, contemplating a bit more. I think it might not be a bad idea.

As I understand, Laravel Telescope simply hook handlers to events fired by Laravel. And those handlers can be queued, so performance may not be a big deal.

Security is not a problem either. Telescope simply saves app activities to database.

The only problems that I can think of is your database will expand exponentially, considering the amount of data to be recorded. and Telescope provide nothing more that just raw data being recorded.

So, if you have a side project or a low-traffic app, and you are only interested in a handful of criteria, no insights or analysis need, then Telescope is not a bad idea. Just set up a queue, enable only a handful of watchers, and prune data regularly, then I think you will be fine. We can always remove telescope and use more advanced tools later.

mileswebhosting's avatar

Laravel Telescope can be used in production, but it should never be enabled fully or publicly.

Restrict access strictly (IP whitelisting, auth gates, or environment checks).

1 like
JussiMannisto's avatar

@mileswebhosting @kevinbui Authorization isn't an issue, but performance very much is. If you do any kind of batch processing with a large number of operations, Telescope may break your site. More than once I've had jobs or commands inexplicably grind to a halt or run out of memory in development, only to discover I had Telescope enabled, and that disabling it fixed the issue.

@shivamyadav I recommend Laravel Pulse instead. It works differently: it holds captured events in memory (Redis), then periodically flushes aggregated data to the database. It provides data relevant to production out of the box: user activity, queue states, exceptions, slow queries and requests, etc.

Nightwatch is probably good too, but I haven't used it yet.

If you do go with Telescope, you have to be very judicious about what you record. Take a Redis cache as an example. You want cache reads to be fast and lightweight, right? By default, every single cache read would cause two database inserts (redis and cache rows).

anduen-beqiri's avatar

Honestly i started using in dev and continuing using in production. As it is useful in develoment it's also useful in prodution. It's quite useful identifiying what is the cause of the errors especially if i combined with the library bekand/telescope-request-track. In terms of performance and security it there were issues whatsoever, just make sure to add a max age to records to avoid storing too many data in your database (example: telescope:prune --hours=48)

JussiMannisto's avatar

The problem isn't the size of the database, it's the number of database writes Telescope performs. It may work for a low-traffic site, but it's not a good idea for anything else.

There are much better tools for production that were designed with scaling in mind.

But I guess you're just plugging your own package here.

martinbean's avatar

It's quite useful identifiying what is the cause of the errors

@anduen-beqiri This is what services like Sentry are for…

1 like
hinlocaesar-75309181's avatar

Generally: not enabled by default. Occasionally: yes, for debugging specific issues.

Telescope is extremely useful, but it’s also heavy and sensitive.

Please or to participate in this conversation.