# Production Checklist Complete this checklist before deploying to production. ## Database & Configuration - [ ] MySQL database created with schema.sql imported - [ ] Database backups automated (daily) - [ ] Backup verification tested - [ ] .env file configured with production values - [ ] JWT_SECRET is strong (32+ characters) - [ ] Database password is strong (20+ characters) - [ ] No hardcoded passwords in code ## Backend Server - [ ] Node.js LTS version installed (v18+) - [ ] npm dependencies installed with --production flag - [ ] All backend tests passing - [ ] Error logging configured - [ ] Debug mode disabled (NODE_ENV=production) - [ ] Rate limiting configured appropriately - [ ] CORS restricted to your domain - [ ] Port 5000 or configured port accessible - [ ] File upload limits configured - [ ] Database connection pooling active ## Frontend Build - [ ] React frontend built successfully - [ ] Build output in dist/ directory - [ ] Static assets optimized - [ ] Source maps disabled in production - [ ] API URL points to production backend - [ ] Environment variables set correctly - [ ] No console.logs or debug code remaining ## Security - [ ] HTTPS/SSL certificate installed - [ ] Security headers configured (Helmet.js) - [ ] CORS headers properly set - [ ] SQL injection prevention verified - [ ] XSS protection enabled - [ ] CSRF tokens implemented (if needed) - [ ] Rate limiting on sensitive endpoints - [ ] OTP endpoint rate limited (3 per minute) - [ ] Sensitive data not in logs - [ ] No API keys exposed in frontend ## Email (SMTP) Integration - [ ] Gmail account 2FA enabled - [ ] App Password generated and saved - [ ] SMTP credentials not hardcoded - [ ] Email templates tested for all scenarios - [ ] Bounce handling configured - [ ] SPF record added to DNS - [ ] DKIM signature configured - [ ] Unsubscribe links present - [ ] Email delivery monitored ## WhatsApp (Twilio) Integration - [ ] Twilio account created and verified - [ ] WhatsApp number obtained - [ ] Account credentials stored securely - [ ] OTP template configured - [ ] Message rate limits understood - [ ] Billing alerts set up in Twilio console - [ ] Sandbox production transition planned - [ ] Message delivery monitored ## cPanel Deployment - [ ] cPanel account with Node.js support - [ ] Domain configured and DNS updated - [ ] SSL certificate installed - [ ] Passenger Node.js app created - [ ] startup.sh and .htaccess in place - [ ] Database accessible from app - [ ] File upload permissions set (755 on uploads/) - [ ] Log files configured - [ ] Cron jobs set for cleanup ## Performance - [ ] Database indexes on critical columns - [ ] Connection pooling configured - [ ] Static files served with caching headers - [ ] Frontend CSS/JS minified and gzipped - [ ] Images optimized - [ ] Database query performance tested - [ ] Load testing completed - [ ] Response times < 500ms for 90% requests ## Monitoring & Logging - [ ] Error logging to file - [ ] Access logging configured - [ ] Application monitoring set up - [ ] Database monitoring enabled - [ ] Alert thresholds configured - [ ] Daily log review process - [ ] Uptime monitoring active - [ ] Error rate monitoring active ## Backups - [ ] Database backups automated (daily/weekly) - [ ] File backups configured - [ ] Backup retention policy set - [ ] Backup restoration tested - [ ] Offsite backup location - [ ] Disaster recovery plan documented ## Documentation - [ ] API documentation up-to-date - [ ] Database schema documented - [ ] Deployment guide completed - [ ] Troubleshooting guide created - [ ] Team trained on operations - [ ] Runbook for common issues created ## Testing - [ ] User registration process tested - [ ] OTP generation and verification tested - [ ] Order creation and completion tested - [ ] Commission calculation verified - [ ] Email sending functional - [ ] WhatsApp OTP receiving confirmed - [ ] Export CSV working - [ ] All CRUD operations verified - [ ] Payment integration tested (if enabled) ## Payment (if enabled) - [ ] Razorpay account created - [ ] API keys configured - [ ] Webhook URLs configured - [ ] Payment flow tested with test cards - [ ] Error handling for failed payments - [ ] Refund process documented ## Legal & Compliance - [ ] Terms of Service created - [ ] Privacy Policy created - [ ] Cookie consent configured - [ ] CAP/Spam compliance checked - [ ] Data retention policy set - [ ] GDPR/Data deletion process implemented ## Final Verification - [ ] Fresh test account can register - [ ] OTP authentication working - [ ] Orders can be created - [ ] Commissions auto-calculating correctly - [ ] Admin dashboard shows accurate data - [ ] Connector dashboard functioning - [ ] All panels accessible with correct permissions - [ ] No 404 or 500 errors in logs - [ ] Performance acceptable under load ## Deployment - [ ] Staging environment matches production - [ ] All tests passing in staging - [ ] Database backed up before deployment - [ ] Rollback plan documented - [ ] Team on standby during deployment - [ ] Deployment completed successfully - [ ] Smoke tests passed in production - [ ] Users notified of go-live - [ ] Support team briefed ## Post-Deployment (48 hours) - [ ] Monitor error rates - [ ] Check database performance - [ ] Verify all features working - [ ] Monitor user feedback - [ ] Check email delivery rates - [ ] Review WhatsApp delivery success - [ ] Verify SSL certificate validity - [ ] Check backup completion - [ ] Monitor server resources ## Sign-Off - [ ] Development Lead: _________________ Date: _______ - [ ] QA Lead: _________________ Date: _______ - [ ] DevOps/Hosting: _________________ Date: _______ - [ ] Product Owner: _________________ Date: _______ --- **Notes:** - Update this checklist specific to your deployment - Customize for your hosting environment - Document any additional requirements - Review quarterly and update as needed