Skip to main content

Production Deployment Checklist

Before deploying the Reshma‑Core backend to production, verify each item below.


✅ Environment & Secrets

ItemStatusNotes
.env file created from .env.exampleDo NOT commit to Git
NODE_ENV=productionMust be exactly "production"
CLIENT_URL set to actual frontend domain (e.g., https://shop.example.com)No trailing slash
ADMIN_URL set to actual admin dashboard domain
MONGO_URI uses credentials and authSource=adminExample: mongodb://user:pass@reshma-db:27017/reshmabangles?authSource=admin
JWT_ACCESS_SECRET – strong, random, ≥32 hex bytesRun openssl rand -hex 32
JWT_REFRESH_SECRET – different from access secret
TYPESENSE_API_KEY – strong Admin API keyMust match the key in docker-compose.prod.yml
REDIS_PASSWORD set (not blank)Used in production compose
SMTP_* – verified credentials (send test email)
RAZORPAY_* – live keys (not test)
SHIPROCKET_* – live credentials

✅ Infrastructure & Security

ItemStatusNotes
Docker & Docker Compose installed (≥20.10, ≥2.0)
Firewall allows only port 80, 443 (and 22 for SSH)Do NOT expose 5000 directly to the internet
Reverse proxy (Nginx/Traefik) configured with SSLLet’s Encrypt recommended
SSL certificate valid and auto‑renewal set up
Server timezone set to UTC (or your region)Affects JWT expiration, logs
Regular security updates enabled (unattended‑upgrades)

✅ Health & Monitoring

ItemStatusNotes
Health endpoint exists (e.g., GET /health)Should return 200 OK
Docker healthchecks defined in docker-compose.prod.ymlIncluded by default
Logging configured (Winston to files + console)Ensure log rotation
Monitoring alerts set (e.g., Uptime Kuma, Prometheus)At minimum, check container status
Backup strategy for MongoDB volumesmongodump to separate location
Backup strategy for Typesense data (optional)Snapshot volume or re‑seed from MongoDB

✅ Application Readiness

ItemStatusNotes
Database seeded with initial products / categoriesRun npm run seed inside API container
Typesense schema initialised (auto on first start)Check logs for [Typesense] Schema successfully built
Admin user created (if needed)Use User.create via MongoDB shell or script
Rate limiting tuned for expected trafficDefault standardLimiter = 100 per 15 min
Email templates (MJML) compiled and testedSend a test OTP email

✅ Pre‑Launch Dry Run

TestExpected ResultPass?
docker-compose -f docker-compose.prod.yml up -dAll containers start without errors
curl http://localhost:5000/health200 OK
docker-compose logs reshma-apiNo fatal errors
Register a new user via APIUser created, email sent
Search products (GET /api/v1/search?q=bangle)Returns results
Check that refresh tokens are HttpOnly (no document.cookie)Cookies flagged correctly
Load test (e.g., ab -n 100 -c 10 http://...)No crashes, rate limiting works

✅ Post‑Deployment

ItemStatusNotes
.env file backed up securely (off‑server)Not in Git
Monitoring dashboard configured
On‑call / incident response plan
Regular backup restore tested

Sign‑off: _________________ Date: _______________