Michael Schiemer
fc3d7e6357
- Add comprehensive health check system with multiple endpoints - Add Prometheus metrics endpoint - Add production logging configurations (5 strategies) - Add complete deployment documentation suite: * QUICKSTART.md - 30-minute deployment guide * DEPLOYMENT_CHECKLIST.md - Printable verification checklist * DEPLOYMENT_WORKFLOW.md - Complete deployment lifecycle * PRODUCTION_DEPLOYMENT.md - Comprehensive technical reference * production-logging.md - Logging configuration guide * ANSIBLE_DEPLOYMENT.md - Infrastructure as Code automation * README.md - Navigation hub * DEPLOYMENT_SUMMARY.md - Executive summary - Add deployment scripts and automation - Add DEPLOYMENT_PLAN.md - Concrete plan for immediate deployment - Update README with production-ready features All production infrastructure is now complete and ready for deployment.
10 KiB
10 KiB
Production Deployment Checklist
Print this and check off items as you complete them.
Pre-Deployment Checklist
Infrastructure
- Server meets requirements (Ubuntu 22.04+, 4GB RAM, 40GB disk)
- Domain name configured and pointing to server IP
- DNS propagation verified (nslookup yourdomain.com)
- Firewall rules configured (ports 22, 80, 443 open)
- SSH access to server confirmed
- Root or sudo access verified
Security
- SSH key pair generated
- SSH key added to server
- Vault encryption key generated
- Vault key stored in password manager
- Database passwords generated (32+ characters)
- JWT secrets generated (64+ characters)
- Admin allowed IPs list prepared
- SSL certificate email address ready
Code
- Application repository accessible
- Production branch exists and tested
- All tests passing locally
- Database migrations reviewed
- .env.example up to date
- Dependencies reviewed (composer.json, package.json)
Deployment Steps Checklist
Step 1: Server Setup
- SSH into server
- System updated (apt update && upgrade)
- Docker installed
- Docker Compose installed
- Certbot installed
- Application user created
- Application user added to docker group
- Directory structure created (/var/www/app, /var/log/app, /opt/vault)
Step 2: SSL Certificate
- Webroot directory created (/var/www/certbot)
- Certbot certificate obtained
- Certificate files verified (fullchain.pem, privkey.pem)
- Certificate expiration date checked (>30 days)
- Auto-renewal tested (certbot renew --dry-run)
Step 3: Application Code
- Repository cloned to /home/appuser/app
- Production branch checked out
- Git configured (user.name, user.email)
- File permissions set correctly (chown -R appuser:appuser)
Step 4: Environment Configuration
- .env.production created from .env.example
- APP_ENV set to "production"
- APP_DEBUG set to "false"
- APP_URL configured with domain
- Database credentials configured
- VAULT_ENCRYPTION_KEY added
- LOG_PATH configured
- ADMIN_ALLOWED_IPS configured
- All required environment variables set
- Sensitive values NOT committed to git
Step 5: Docker Containers
- docker-compose.production.yml reviewed
- Containers built (docker compose build)
- Containers started (docker compose up -d)
- All containers running (docker compose ps)
- Container logs checked for errors
- Container networking verified
Step 6: Database
- Database container healthy
- Database migrations applied (php console.php db:migrate)
- Migration status verified (php console.php db:status)
- Database backup created
- Database connection tested
Step 7: Health Checks
- Health endpoint accessible (curl http://localhost/health/summary)
- All health checks passing (overall_healthy: true)
- Database health check: healthy
- Cache health check: healthy
- Queue health check: healthy
- Filesystem health check: healthy
- SSL health check: healthy
- Detailed health endpoint tested
Step 8: Nginx Configuration
- Nginx installed
- Site configuration created (/etc/nginx/sites-available/app)
- SSL certificates paths correct in config
- Proxy settings configured
- Site enabled (symlink in sites-enabled)
- Nginx configuration tested (nginx -t)
- Nginx restarted
- HTTPS redirect working (http → https)
Step 9: Application Verification
- HTTPS endpoint accessible (https://yourdomain.com)
- SSL certificate valid (no browser warnings)
- Homepage loads correctly
- API endpoints responding
- Authentication working
- Admin panel accessible (from allowed IPs)
- File uploads working
- Background jobs processing
- Email sending configured
Step 10: Monitoring
- Metrics endpoint accessible (/metrics)
- Prometheus metrics valid format
- Health checks integrated with monitoring
- Log files being created (/var/log/app/)
- Log rotation configured
- Disk space monitored
- Memory usage monitored
- CPU usage monitored
Post-Deployment Checklist
Security Hardening
- UFW firewall enabled
- Only required ports open (22, 80, 443)
- SSH password authentication disabled
- Root login disabled via SSH
- Fail2Ban installed and configured
- Security headers verified (X-Frame-Options, CSP, etc.)
- OWASP security scan performed
- SSL Labs test passed (A+ rating)
Backups
- Database backup script created
- Vault backup script created
- Backup directory created (/opt/backups)
- Backup cron job configured
- Backup restoration tested
- Backup retention policy configured (7 days)
- Off-site backup configured (optional but recommended)
Monitoring & Alerts
- Grafana installed (optional)
- Prometheus configured (optional)
- Alert rules configured
- Email notifications configured
- Disk space alerts set (>90% usage)
- Memory alerts set (>90% usage)
- Health check alerts set
- SSL expiration alerts set (30 days)
Documentation
- Deployment procedure documented
- Server credentials documented (in secure location)
- Vault encryption key documented (in secure location)
- Database backup location documented
- Rollback procedure documented
- Team access granted and documented
- On-call rotation documented
Performance
- Performance baseline established
- Slow query log enabled
- Cache hit rate monitored
- Response time benchmarked
- Load testing performed
- Database indexes optimized
- Asset compression enabled (gzip)
- CDN configured (optional)
Compliance & Legal
- Privacy policy deployed
- Terms of service deployed
- Cookie consent implemented (if EU traffic)
- GDPR compliance verified (if EU traffic)
- Data retention policies documented
- Incident response plan documented
Rollback Checklist
Use this if deployment fails and you need to rollback:
Immediate Rollback
- Stop new containers:
docker compose down - Start old containers:
docker compose -f docker-compose.old.yml up -d - Verify health:
curl http://localhost/health/summary - Rollback database migrations:
php console.php db:rollback - Clear cache:
php console.php cache:clear - Verify application functionality
- Notify team of rollback
Post-Rollback
- Document rollback reason
- Identify root cause
- Create fix for issue
- Test fix in staging
- Plan next deployment attempt
- Update deployment procedure if needed
Weekly Maintenance Checklist
Perform these checks weekly:
- Review application logs for errors
- Check disk space (should be <80%)
- Review health check status
- Verify backups running successfully
- Check SSL certificate expiration (>30 days remaining)
- Review security logs (fail2ban)
- Check for system updates
- Review performance metrics
- Test backup restoration (monthly)
Monthly Maintenance Checklist
Perform these checks monthly:
- Apply system security updates
- Review and update dependencies (composer update, npm update)
- Rotate secrets (API keys, tokens) if required
- Review and archive old logs
- Perform security audit
- Review and update documentation
- Test disaster recovery procedure
- Review and optimize database performance
- Review monitoring alerts effectiveness
- Update deployment runbook with lessons learned
Quarterly Maintenance Checklist
Perform these checks quarterly:
- Rotate Vault encryption key
- Rotate database passwords
- Review and update security policies
- Conduct penetration testing
- Review and optimize infrastructure costs
- Update disaster recovery plan
- Review team access and permissions
- Conduct deployment drill with team
- Review compliance requirements
- Update technical documentation
Emergency Contacts
Fill this in and keep it secure:
Server Provider: _______________________
Support Phone: _________________________
Support Email: _________________________
Domain Registrar: ______________________
Support Phone: _________________________
Support Email: _________________________
SSL Provider: __________________________
Support Phone: _________________________
Support Email: _________________________
Database Backup Location: ______________
Vault Key Location: ____________________
SSH Key Location: ______________________
Team Lead: _____________________________
On-Call Phone: _________________________
DevOps Lead: ___________________________
On-Call Phone: _________________________
Security Contact: ______________________
Emergency Phone: _______________________
Deployment Sign-Off
Deployment Details:
Date: _____________________
Deployed By: ______________
Version/Commit: ___________
Environment: Production
Deployment Method: [ ] Manual [ ] Script [ ] Ansible
Health Check Status: [ ] All Passing
SSL Certificate: [ ] Valid
Database Migrations: [ ] Applied
Backups: [ ] Verified
Issues During Deployment:
_____________________________________________
_____________________________________________
Post-Deployment Notes:
_____________________________________________
_____________________________________________
Signed: ___________________ Date: __________
Continuous Improvement
After each deployment, answer these questions:
-
What went well?
-
-
What could be improved?
-
-
What was unexpected?
-
-
Action items for next deployment:
-
-
Documentation updates needed:
-
Remember: This checklist should be updated after each deployment to reflect lessons learned and process improvements.