Skip to main content

Production Deployment Checklist

This checklist ensures your LinkForty deployment is production-ready, secure, and reliable.

Pre-Deployment Planning

Infrastructure Requirements

  • Database sizing - Calculate PostgreSQL requirements based on expected traffic

    • Estimate: 1GB storage per 1M attribution events
    • Recommended: 4GB+ RAM for PostgreSQL
    • Plan for growth: 20-30% buffer capacity

  • Redis capacity - Plan cache memory requirements

    • Minimum: 512MB RAM for Redis
    • Recommended: 2GB+ for high-traffic deployments
    • Enable persistence (RDB or AOF)

  • Server resources - Size application servers appropriately

    • Minimum: 2 CPU cores, 4GB RAM
    • Recommended: 4+ CPU cores, 8GB+ RAM
    • Plan for horizontal scaling if needed

  • Network bandwidth - Estimate bandwidth requirements

    • Typical: 100-500 requests/second = 10-50 Mbps
    • Factor in: SDK traffic, API calls, webhook deliveries

Domain & DNS

  • Custom domain - Configure your domain for LinkForty

    • Example: go.yourdomain.com or links.yourdomain.com
    • Set up A/CNAME records pointing to your deployment

  • SSL certificate - Obtain and configure HTTPS

    • Use Let's Encrypt (free) or commercial certificate
    • Configure automatic renewal
    • Enforce HTTPS redirects

  • DNS propagation - Allow 24-48 hours for DNS changes

    • Test from multiple locations
    • Verify SSL certificate validity

Security Hardening

Environment Variables

  • Change default secrets - Replace all default values

    • JWT_SECRET - Generate strong random secret (32+ characters)
    • SESSION_SECRET - Generate unique session secret
    • Database credentials - Use strong passwords

  • Database credentials - Secure PostgreSQL access

    • Change default postgres password
    • Create dedicated application user with limited privileges
    • Use connection encryption (SSL/TLS)

  • Redis security - Protect Redis instance

    • Set requirepass for authentication
    • Bind to localhost or private network only
    • Disable dangerous commands (FLUSHALL, KEYS, etc.)

Network Security

  • Firewall rules - Restrict network access

    • Allow only necessary ports (80, 443, SSH)
    • Restrict database access to application servers only
    • Block public access to Redis

  • CORS configuration - Configure allowed origins

    • Set FRONTEND_URL to your production domain
    • Restrict API access to known origins only
    • Review CORS headers in production

  • Rate limiting - Enable and configure rate limits

    • Set RATE_LIMIT_ENABLED=true
    • Configure RATE_LIMIT_MAX (recommended: 100 requests/minute)
    • Monitor for abuse patterns

Authentication & Authorization

  • Strong passwords - Enforce password policies

    • Minimum 12 characters
    • Require password changes for default accounts
    • Consider password complexity requirements

  • API keys - Secure API access

    • Generate unique API keys for each integration
    • Rotate keys periodically (every 90 days)
    • Monitor API key usage

  • Session management - Configure secure sessions

    • Set secure cookie flags (httpOnly, secure)
    • Configure appropriate session timeout
    • Enable session invalidation on logout

Database Setup

PostgreSQL Configuration

  • Database initialization - Run migrations

    cd backend && npm run migrate

  • Connection pooling - Configure pool settings

    • Set DATABASE_POOL_MIN (recommended: 2)
    • Set DATABASE_POOL_MAX (recommended: 10)
    • Monitor pool usage and adjust

  • Backup configuration - Set up automated backups

    • Daily full backups
    • Transaction log archiving (WAL)
    • Test restore procedures
    • Store backups off-site

  • Performance tuning - Optimize PostgreSQL

    • Adjust shared_buffers (25% of RAM)
    • Set work_mem appropriately
    • Configure max_connections
    • Enable query logging for slow queries

Data Retention

  • Retention policies - Define data retention rules

    • Click events: 90 days (default) or custom
    • Attribution data: 365 days or custom
    • User activity logs: 30-90 days

  • Archive old data - Set up archival process

    • Export old data to cold storage
    • Clean up archived data from production
    • Maintain archive access for compliance

Application Configuration

Environment Setup

  • Node environment - Set production mode

    NODE_ENV=production

  • Frontend build - Build optimized frontend

    npm run build
    • Verify minification and compression
    • Check bundle size (should be <1MB gzipped)

  • Backend build - Compile TypeScript

    cd backend && npm run build

Service Configuration

  • Process manager - Use PM2 or systemd

    # PM2 example
    pm2 start ecosystem.config.js
    pm2 save
    pm2 startup

  • Restart policies - Configure automatic restarts

    • Restart on failure
    • Max restart attempts: 10
    • Restart delay: 5 seconds

  • Health checks - Implement health endpoints

    • /health endpoint returns 200 OK
    • Check database connectivity
    • Check Redis connectivity
    • Monitor response times

Monitoring & Logging

Application Monitoring

  • Error tracking - Set up error monitoring

    • Configure Sentry, Bugsnag, or similar
    • Monitor error rates and types
    • Set up alerts for critical errors

  • Performance monitoring - Track application performance

    • Monitor API response times
    • Track database query performance
    • Monitor memory and CPU usage
    • Set up alerts for anomalies

  • Uptime monitoring - Monitor service availability

    • Use UptimeRobot, Pingdom, or similar
    • Check endpoints every 1-5 minutes
    • Alert on downtime immediately

Logging

  • Application logs - Configure structured logging

    • Use JSON format for easier parsing
    • Include request IDs for tracing
    • Log levels: ERROR, WARN, INFO, DEBUG

  • Log rotation - Prevent disk space issues

    • Rotate logs daily or by size
    • Keep 7-30 days of logs
    • Compress old logs

  • Log aggregation - Centralize logs

    • Use ELK Stack, Datadog, or similar
    • Enable log searching and filtering
    • Set up log-based alerts

Metrics

  • Business metrics - Track key metrics

    • Attribution events per day
    • Active links
    • API requests per second
    • Error rates

  • Infrastructure metrics - Monitor resources

    • CPU and memory usage
    • Disk I/O and space
    • Network traffic
    • Database connections

Deployment Process

Pre-Deployment Testing

  • Staging environment - Test in staging first

    • Mirror production configuration
    • Run full test suite
    • Perform load testing
    • Test backup/restore procedures

  • Load testing - Verify performance under load

    • Simulate expected traffic (2x peak)
    • Monitor resource usage
    • Identify bottlenecks
    • Verify auto-scaling (if applicable)

  • Security scan - Run security checks

    • Vulnerability scanning
    • Dependency auditing (npm audit)
    • SSL/TLS testing
    • OWASP Top 10 checks

Deployment Steps

  • Maintenance window - Schedule deployment

    • Notify users of planned downtime
    • Choose low-traffic time window
    • Prepare rollback plan

  • Database migration - Run migrations safely

    • Backup database before migration
    • Test migrations in staging
    • Run migrations with minimal downtime

  • Application deployment - Deploy new version

    • Stop old processes gracefully
    • Start new processes
    • Verify health checks pass
    • Monitor error rates

  • Smoke tests - Verify basic functionality

    • Create a test link
    • Generate a redirect
    • Check analytics dashboard
    • Test API endpoints
    • Verify webhook delivery

Post-Deployment

  • Monitor metrics - Watch closely for 24 hours

    • Error rates
    • Response times
    • Resource usage
    • User reports

  • Rollback plan - Be ready to revert

    • Keep previous version available
    • Document rollback steps
    • Test rollback in staging

Performance Optimization

Frontend Optimization

  • CDN setup - Serve static assets via CDN

    • Configure CloudFlare, AWS CloudFront, or similar
    • Enable caching for JS, CSS, images
    • Set appropriate cache headers

  • Asset optimization - Minimize frontend resources

    • Enable gzip/brotli compression
    • Optimize images (WebP format)
    • Lazy load components
    • Code splitting

Backend Optimization

  • Database indexing - Optimize queries

    • Index foreign keys
    • Add indexes for frequently queried fields
    • Analyze slow query logs
    • Run EXPLAIN on slow queries

  • Caching strategy - Implement effective caching

    • Cache frequently accessed data in Redis
    • Set appropriate TTLs (5-60 minutes)
    • Implement cache invalidation
    • Monitor cache hit rates

  • API optimization - Improve API performance

    • Enable compression (gzip)
    • Implement pagination
    • Use field selection
    • Batch operations where possible

Backup & Disaster Recovery

Backup Strategy

  • Database backups - Automated and tested

    • Daily full backups
    • Hourly incremental backups
    • Off-site backup storage
    • 30-day retention minimum

  • Configuration backups - Save all configurations

    • Environment variables
    • Nginx/Apache configs
    • SSL certificates
    • DNS records

  • Test restores - Verify backups work

    • Monthly restore tests
    • Document restore procedures
    • Measure restore time (RTO)
    • Verify data integrity

Disaster Recovery

  • Recovery plan - Document DR procedures

    • Define RPO (Recovery Point Objective)
    • Define RTO (Recovery Time Objective)
    • Document step-by-step recovery
    • Assign responsibilities

  • Failover testing - Test disaster scenarios

    • Database failure
    • Application server failure
    • Network failure
    • Complete datacenter failure

Compliance & Legal

Data Privacy

  • GDPR compliance - Ensure privacy compliance

    • Data processing agreements
    • Privacy policy updated
    • User consent mechanisms
    • Data export/deletion procedures

  • Data retention - Comply with regulations

    • Define retention periods
    • Implement automatic deletion
    • Document compliance procedures

Security Compliance

  • Security audit - Review security posture

    • Penetration testing
    • Code security review
    • Infrastructure hardening
    • Third-party security assessment

  • Incident response - Prepare for security incidents

    • Incident response plan
    • Contact procedures
    • Disclosure requirements
    • Breach notification process

Documentation

Operational Documentation

  • Runbooks - Document common operations

    • Deployment procedures
    • Restart procedures
    • Scaling procedures
    • Troubleshooting guides

  • Architecture diagram - Document system architecture

    • Infrastructure components
    • Data flow
    • Network topology
    • Integration points

  • Monitoring playbooks - Alert response procedures

    • High error rate → Check logs, restart if needed
    • High CPU → Check for slow queries, scale if needed
    • Database connection errors → Check pool settings

Team Documentation

  • Access controls - Document who has access

    • Production server access
    • Database access
    • API keys and secrets
    • Third-party services

  • Oncall procedures - Set up rotation

    • Oncall schedule
    • Escalation procedures
    • Contact information
    • Incident severity levels

Launch Checklist Summary

Critical (Must Have)

  • SSL certificate configured
  • Environment secrets changed
  • Database backups enabled
  • Monitoring and alerts set up
  • Health checks implemented
  • Firewall rules configured

Important (Should Have)

  • Rate limiting enabled
  • CDN configured
  • Log aggregation set up
  • Disaster recovery plan documented
  • Performance testing completed
  • Security scan completed

Nice to Have

  • Advanced monitoring (APM)
  • Automated deployment pipeline
  • Multi-region deployment
  • Advanced caching strategies

Getting Help

If you need assistance with production deployment:

Next Steps

After completing this checklist:

  1. Monitor closely for first 48 hours
  2. Document learnings - Update runbooks
  3. Plan optimizations - Based on real traffic patterns
  4. Schedule regular reviews - Monthly infrastructure reviews

Remember: Production deployment is an ongoing process, not a one-time event. Regular monitoring, updates, and optimization are essential for long-term success.