Syncing Application Core and Binaries
By the end of this module, you will understand how to isolate application code from stateful data during rsync operations, ensuring clean deployments and reliable disaster recovery across any tech stack.
The Anatomy of an Application
Most modern web applications follow a clear separation of concerns between code, configuration, and data. Understanding this structure is key to efficient syncing:
/var/www/my-app/
├── bin/ ← Binaries and executables (sync this)
├── src/ ← Application source code (sync this)
├── vendor/ ← Dependencies (usually managed by package manager)
├── public/ ← Entry points and static assets (sync this)
├── config/ ← Environment-specific configuration (EXCLUDE)
├── storage/ ← User-generated content and logs (EXCLUDE)
└── .env ← Secrets and credentials (EXCLUDE)
| Component | Type | Sync Strategy | Why |
|---|---|---|---|
| System/Core | Immutable Code | Sync | Files are identical across environments of the same version. |
| Binaries | Executables | Sync | Scripts and compiled binaries needed for execution. |
| Dependencies | External Code | Exclude / Separate | Usually re-installed via npm install, composer install, etc. |
| Configuration | Environment | Exclude | Contains DB credentials and secrets unique to the server. |
| User Data | Stateful Data | Exclude | Handled in separate data-focused sync operations. |
Core Sync Commands
Syncing Immutable Application Files
The most common pattern is to sync the code while protecting the environment.
rsync -av \
--exclude='storage/' \
--exclude='vendor/' \
--exclude='.env' \
--exclude='.git/' \
/local/project/root/ user@production:/var/www/my-app/
Syncing Specific System Directories
When you only need to update specific application layers:
# Sync shared libraries or includes
rsync -av /src/libs/ user@remote:/app/libs/
# Sync administrative tools or CLI binaries
rsync -av /src/bin/ user@remote:/usr/local/bin/my-app-tools/
Clean State Restoration (Disaster Recovery)
If an application's core files are compromised or corrupted, use --delete to ensure the remote matches the local "clean" state exactly.
rsync -av --delete \
--exclude='config/' \
--exclude='storage/' \
/opt/my-app-clean/ /var/www/my-app/
The --delete flag removes any files on the destination that do not exist on the source. This is essential for removing malware injections or accidental file additions in core directories.
Application-Specific Patterns
While the principle of "Code vs. Data" is universal, different frameworks have different root-level files that should be excluded.
| Framework | Core Files to Sync | Exclude (Data/Config) |
|---|---|---|
| Node.js / Express | dist/, src/, package.json | node_modules/, .env, logs/ |
| Laravel / PHP | app/, bootstrap/, public/ | storage/, vendor/, .env |
| Django / Python | apps/, manage.py, templates/ | media/, venv/, settings.py |
| Go | bin/, assets/ | logs/, config.yaml |
| WordPress | wp-admin/, wp-includes/, root PHP | wp-content/, wp-config.php, .htaccess |
Strategy: The "Clean Reference" Directory
Sysadmins often keep a read-only "clean reference" of the application version currently running in production. This allows for instant integrity checks:
rsync -avnc /opt/clean-reference/ /var/www/my-app/ \
--exclude='storage/' \
--exclude='.env'
The -c flag forces a checksum comparison, and -n (dry-run) prevents any actual changes.
Best Practices
| Practice | Rationale |
|---|---|
| Exclude Config | Credentials should never be synced between environments. |
| Exclude Logs | Logs are unique to the instance and can be massive; use a separate tool for log aggregation. |
| Use Dry Runs | Always verify the file list before committing to a sync that involves deletions. |
| Fix Permissions | After syncing, ensure the web user (e.g., www-data or nginx) owns the new files. |
| Atomic Syncs | For zero-downtime, sync to a new directory and swap a symlink (current -> /app/v1.2). |
Common Pitfalls
| Pitfall | Consequence | Prevention |
|---|---|---|
Syncing .env files | Overwrites production secrets with dev or staging credentials. | Always explicitly --exclude='.env'. |
Syncing vendor/ or node_modules/ | Enormous transfer times; may introduce incompatible binary versions. | Use package managers to rebuild dependencies. |
Missing --delete in recovery | Residual corrupted files or malware remain in core directories. | Use --delete when the source is a trusted "clean" copy. |
| Failing to exclude large data | Saturates bandwidth and delays code deployment. | Move data/media sync to a separate, lower-priority job. |
What's Next
- Extensions and Modules — Manage modular components and persistent dependencies.
- User Media and Uploads — Strategies for syncing large, stateful media libraries.
- Database Sync — Integrating file sync with database exports.